Credit card fraud, as you may have already guessed, is a big problem across the globe. According to a recent study from payment solutions company ACI Worldwide, 1 in 4 global consumers have been a victim of credit card fraud in the past five years.
“The amount of malware that’s targeting credit cards keeps on increasing, even though it’s already been one of the major drivers of the cybercrime ecosystem for many years,” says Roel Schouwenberg, principal security researcher at Kaspersky Lab, an information technology security vendor. “At the same time, we’re seeing more large-scale breaches.”
As financial institutions and merchants work to shore up their systems, consider tweaking some of your habits. ACI Worldwide’s survey found that 50 percent of consumers exhibit at least one risky behavior that puts them at higher risk of financial fraud. While issuers generally cover the cost of fraud, it’s still in your best interest to remain proactive about protecting your financial information.
“Dealing with the consequences of fraud is a huge hassle,” Schouwenberg says. “Besides, ultimately, we still end up paying for those reimbursements, as that money needs to come from somewhere.”
To help you do your part, here are some ways consumers unwittingly increase the odds of becoming a fraudster’s latest victim.
The Bankrate Daily
2 of 7
Throwing bank statements in the trash
What was the most prominent risky behavior among the consumers ACI Worldwide surveyed? That would be throwing bank paperwork or account information in the trash. (Twenty-four percent of respondents copped to simply junking their forms.)
The action may seem innocuous, given most bank paperwork doesn’t include complete account numbers, logins or passwords, but “don’t underestimate the power of a few pieces of information,” says John Buzzard, manager of product management and fraud operations at FICO.
Fraudsters could use a name, address or telephone number to coerce full payment information out of you. For instance, they could pose as your utility company and try to collect on purportedly missed payments.
They could also use information on a bank statement “to overcome some direct challenge questions” your financial institution uses to identity a person online or over the phone, Buzzard says.
These questions could be as basic as your last name, address or ZIP code. They could also entail listing the last few transactions you made with your debit card.
To minimize the chances of crooks getting access to your checking, savings or credit card accounts, you could switch to increasingly popular e-statements and forgo ATM receipts. If you like to receive hard copies, “shredders are a dime a dozen,” Buzzard says. “Keep a pile of paper you want to get rid of under lock and key until you do obtain (one).”
3 of 7
Forgetting to clear your computer cache
Sure, it’s convenient to have a browser memorize your favorite websites. But frequently clearing your computer’s cache, particularly when you’re prone to carrying around a laptop, helps protect payment information.
Oftentimes, thieves can “find out your bank just from your (browsing) history,” says Walt Augustinowicz, CEO of Identity Stronghold, a security technology provider. Similarly, prompting browsers to remember passwords and user IDs could grant thieves easy access to your financial accounts.
For instance, if someone breaks into your house, they could log in to your computer and “get a card in your name,” which can ultimately be used to run up a big bill, Augustinowicz says.
You’ll also want to make sure you use a unique password for each online account you set up.
“If you have dozens of websites you go to on a regular basis, it’s very tempting to just use the same password, but it’s a fatal flaw,” says Stu Sjouwerman, CEO of KnowBe4.com, a security training awareness provider. With only one password, a thief will be able to access all your accounts once he or she gets hold of it.
Some tips for creating strong passwords include using at least eight characters; incorporating numbers, symbols, lowercase and uppercase letters; and avoiding the use of personal information, such as your birth date.
4 of 7
Reckless Web-surfing and shopping
Shoddy PC play is fairly common. For instance, according to ACI Worldwide, 17 percent of customers are using unprotected PCs or Internet links to shop. Unfortunately, such careless Web-surfing can be fraught with consequences.
While online shopping deals are certainly enticing, consumers need “to use extreme caution when they’re out there on an unknown e-commerce website,” Buzzard says, since its owners could simply be scamming you.
“You’re never going to get that piece of merchandise, ever, because they don’t have it,” he says. “They’re just going to get your payment card information and turn around and sell it to someone else.”
Similarly, “transactions should only be made on trusted networks, and public Wi-Fi should be avoided,” Schouwenberg says.
Hackers are known to monitor unsecured Wi-Fi networks to obtain passwords and logins to financial accounts. They could also potentially pull payment information from unencrypted websites.
Also, refrain from clicking on strange links, taking surveys or participating in polls when you’re unfamiliar with the entity promoting them. This click-bait could simply be an attempt to download malware onto your PC, a feat made a lot easier if your PC is unprotected. This malware could even include a keystroke logger.
“Everything you type on that keyboard (with keystroke malware) can be tracked,” Augustinowicz says, allowing thieves to get logins, passwords and credit or debit card account numbers.
5 of 7
Leaving your smartphone unlocked
In what has become perhaps the digital equivalent of carelessly tossing paper statements in the trash, 20 percent of ACI Worldwide’s survey respondents admitted to leaving their smartphone unlocked.
The practice is problematic because the device “holds, much like a regular wallet … a lot of critical information,” says Michael Grillo, senior product marketing manager of ACI Worldwide.
Hackers could, at best, learn which financial institutions you do business with via email or the mobile banking apps on your phone. At worst, they could access these accounts via stored login credentials and transfer money, request replacement cards, change the billing address or even cancel or lock you out of the accounts.
Thieves could also potentially use any credit cards or debit cards paired with other apps on your phone to make purchases. To preclude these and other problems, set up strong passwords and make sure they’re varied across accounts.
Your phone “needs to passively lock itself … even if it’s just sitting idly for a few minutes,” Buzzard says. Plus, “everybody needs to figure out if they can set up a remote wiping capability” that can be used if a phone goes lost or stolen.
The Find My iPhone app, for example, can remotely lock and even erase personal data, should a device fall into the wrong hands.
6 of 7
Failing to protect your PIN
While it may surprise careful customers, ACI Worldwide’s study found that 11 percent of global cardholders are still writing down their debit card’s personal identification number, or PIN, and storing the note alongside the payment method. Playing fast and loose with your PIN is dangerous because it grants thieves easier access to your funds.
“Your bank account will get emptied out,” Sjouwerman says.
Federal law holds debit card holders liable to $50 if they report fraud within two days and up to $500 if they report within 60 days. After 60 days, they’re generally on the hook for the fraudulent charges.
Many issuers tout zero-liability policies on debit cards, but some exempt ATM and PIN-based transactions from this coverage. (The exception to this exception is MasterCard, which extended its zero-liability policy to include ATM and PIN-based transactions as of October 2014.)
But even with the coverage, you could wait two weeks for the funds to be reimbursed, which can cause missed bill payments and overdraft fees.
Safeguard your PIN by running your debit card as a signature transaction at the register, says Slava Gomzin, author of “Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions.”
Alternately, “shield the hand you type your PIN with,” Sjouwerman says, to preclude skimmers from getting a hold of it via a camera overlooking a terminal. “It’s such a simple way to prevent a whole bunch of hassle.”
7 of 7
Responding to a request for bank info
Readily responding to emails, texts or calls for bank information increases the odds of a card getting compromised since it’s often a fraudster and not a legitimate business behind the request.
“More and more recently, people tend to see spoofed bank emails that say you need to come and validate your bank information,” Grillo says.
A scammer may also pose as a company looking to obtain payment for a particular service over the phone. In either event, never give out payment or personal information without verifying the source of the request.
“If it’s something a little fishy, just disengage from it,” Buzzard says. If they say they’re a representative of your financial institution, “just hang up the phone and call your bank.”
If you do accidentally or impulsively fork over payment information, “your very next call should be to your credit card company,” Sjouwerman says, to block any payments that you may have made or to stop the thief from running up a bill. “Ask for a new card.”
You can also ask your issuer, at any given time, “If there’s ever an emergency … how are you going to come to me?” Buzzard says, so you’ll have an easier time differentiating between their fraud alerts and bogus communications.