Thieves need only a minute, sometimes just a second, to pilfer your credit card data.
“Back in the beginning, they got the imprint of credit cards from the carbon copies they dug out of the trash,” says William Noonan, a U.S. Secret Service special agent formerly in charge of the agency’s cyber operations branch. “Technology has changed things.”
The massive data breach at Equifax in 2017, and the 2016 breach of ride-hailing service Uber, which did not come to light until November 2017, are examples of how criminals have hacked, phished and skimmed their way into data systems, compromising the credit card information of millions of consumers.
But not all credit card schemes are complicated; many are simpler than you’d imagine. Here are the most common ways thieves steal your credit card information.
Monitoring your credit report for suspicious activity is a good habit. Get your credit report for free at myBankrate.com.
1. Scheme: The restaurant ruse
How it works: A waitress whisks away your credit card and swipes it through the restaurant’s credit card terminal, which is out of sight. She then pulls out a skimmer, a device about the size of an ice cube, and swipes your card through it.
While you were scraping the last of the chocolate frosting off your plate, your credit card information was being stolen. The waitress returns your card with a smile. She performs that same magic trick on dozens of credit cards in a week.
The waitress may also moonlight as a bartender or a retail sales clerk — any place where she can take your credit card out of sight.
2. Scheme: Duped and distracted
How it works: Sally, Simon and Bud walk into a toy store. Sally and Simon roam the aisles, while Bud waits in line to check out. When Bud is at the register, Simon comes running up to the clerk, screaming that his wife has fainted. As Sally and Simon distract the sales clerk, Bud switches the credit card reader at the register with a modified one of his own. The sales clerk unwittingly collects credit card data on the modified reader. Later, the trio returns, takes back the modified reader and restores the original card reader.
This trio likely will hit other retailers and restaurants. Sometimes, thieves work in pairs or alone.
3. Scheme: The gas lass
How it works: The gas lass parks her car at a gasoline station off the interstate. It’s late and there’s no one around except a sleepy attendant at the register inside. The gas lass attaches a skimmer over the credit card reader at the pump. It’s a skimmer that emits a Bluetooth signal to a laptop close by, says Noonan of the Secret Service. The gas lass pays, then heads to a place nearby where she can set up her laptop to retrieve the data from the compromised pump.
The gas lass installs skimmers over ATMs, parking meters, vending machines — any place with unmanned credit card readers.
Related: Gas credit cards
4. Scheme: The malware masters
How it works: Harry installs malware, a type of software that damages or infiltrates a computer or network, onto a legitimate website with low security. The malware instantly downloads onto your computer when you visit the site and allows Harry to access your information.
In another scenario, Harry puts malware on public computers and gathers the information you share with those computers, says Mike Urban, FICO’s former senior director of fraud product management.
Harry also infiltrates the computer systems of banks, retailers and other businesses, and steals personal account information, Noonan says.
Phil uses malware to go after your laptop or tablet. He sends emails with attachments that promise dancing kittens or some other bait. When the user opens the attachment, malware instantly downloads onto the computer and leaves confidential information vulnerable. Phil also sends emails from a “familiar” sender with a link to a contaminated website that installs malware onto your computer. Some malware, called spyware, allows Phil to capture every keystroke, including passwords to your financial accounts.
5. Scheme: Data at a discount
How it works: When credit card data ends up in criminal hands, it gets sold. The skimming waitress, the distraction trio and the gas lass sell your credit card data for as little as $10 to $20, according to Dell SecureWorks.
The person who buys the information verifies it and then sells it to someone who creates fraudulent credit cards with your account information attached to it. The card maker then sells it to other criminals who buy goods such as stereos or baby formula and sell them to regular consumers.
What you can do
- Set up mobile banking alerts for your smartphone. That way, you can be notified of unusual credit card activity as soon as possible.
- Regularly monitor your accounts online, so you can identify fraudulent transactions sooner.
- Avoid public computers. Don’t log on to your email if your bank corresponds with you there. Urban suggests setting up an email account just for your finances and checking it from safe locations.
- Avoid doing business with unfamiliar online vendors, Noonan says. Stick to established merchants and websites.
- If your information has been compromised, notify your financial institutions and local law enforcement. Ask the major credit bureaus — Experian, Equifax and TransUnion — to set up a fraud alert on your credit reports.
Check your credit report at myBankrate.
- 5 naughty things your credit card won’t buy
- Posh perks for elite credit card holders
- What credit score do you need for a premium rewards credit card?