Skimmers aren't the only way fraudsters are stealing credit card information at cash registers. Now, they're using malware.
This year, several malware programs popped up worldwide that pick up card data at point-of-sale terminals and transmit the information to a so-called command center controlled by the thieves. That means you could be completing a purchase at a store, and all of your card data is being sent not only into the retailer's system but directly to criminals as well.
Trusteer, a cybercrime prevention company founded by IBM, detailed the new malware in a recent blog on its website. One particular malware called Dexter runs on Windows platforms and disguises itself as Internet Explorer. So far, 200 to 300 attacks have been recorded in 40 countries, according to Trusteer.
This remote means of stealing credit card information differs from skimmers, which are devices that are physically placed over the machines where payment cards are swiped. These devices save the card data, but must be removed at some point for fraudsters to retrieve. This scheme usually involves someone on the inside, such as a store clerk or waiter, or is used on public card readers like ATMs or unmanned gas station kiosks.
With the new malware scam, it's unknown how the malware infects the point-of-sale terminals in the first place.
Despite the differences in attacks, you should take the same safety precautions to protect your credit cards. Always scan your recent purchases listed online to make sure they're yours. If you find something that looks suspicious, contact your credit card issuer right away.
It's also a good idea to pull your credit report for free at AnnualCreditReport.com to make sure the fraud hasn't spread beyond that one account. You're entitled to one free report from Equifax, Experian and TransUnion every 12 months under federal law.
Fortunately, your credit card issuer also is looking out for fraud and often catches it before you do. That's because card companies are on the hook for any losses. If your credit card account information is stolen, your liability is nothing. (If your actual credit card is stolen, your liability maxes out at $50 under federal law.)
So, while malware and skimmers may sound scary, there are protections out there for you.
Has your credit card information ever been stolen? How did you find out?
Follow me on Twitter: @JannaHerron.