The Bankrate promise
At Bankrate we strive to help you make smarter financial decisions. While we adhere to strict , this post may contain references to products from our partners. Here's an explanation for . The content on this page is accurate as of the posting date; however, some of the offers mentioned may have expired. Terms apply to the offers listed on this page. Any opinions, analyses, reviews or recommendations expressed in this article are those of the author’s alone, and have not been reviewed, approved or otherwise endorsed by any card issuer.
One day, you notice some charges you don’t recognize on your credit card billing statement, so you call your card issuer and file a fraud report. You get a replacement card with a new number, but a few months later, the same thing happens again.
As it turns out, you’re a victim of repeated credit card theft, and to solve the problem once and for all, you must take some steps to learn how to manage your credit card’s security risk exposure. Keep reading to find out how to spot gaps in your card’s security, and how you can patch those gaps to keep fraudsters out of your finances.
How can your credit card become repeatedly compromised?
There are several ways you can become a victim of repeated credit card theft. Here are four of the most common sources of compromise, as well as how you can go about putting an end to them.
What it is: Since people tend to make most of their financial transactions using their computers and mobile devices these days, those tools are high-priority targets for credit card thieves. One of the most common types of cyberattacks is phishing, where scammers try to trick you out of your personal information using fake emails, fake text messages and fake websites.
A phisher who gains access to your email can use that to break into accounts you use for online shopping and continually wreak havoc there, or worse, they could gain entry to your bank or credit card account itself. It’s also possible that a hacker could infect your computer or device with malicious software, or malware, that lets a hacker spy on you. Using malware, a hacker can track what you type using a keylogger, or record information you enter into websites using a form grabber, and easily get your new card details every time you use that card online.
How to resolve it: If you suspect someone has access to your online accounts, your first step should change our passwords to lock them out. Also, two-factor authentication serves as a warning signal to you that someone is attempting to gain access to your account – so if it’s available – use it. Saving your credit card on your online accounts increases the chances of your card getting hacked. It may add some inconvenience to your life, but it’ll be worth it in the long run.
Installing and regularly updating antivirus software protects your computer from unwanted invaders like viruses and other malicious acts. Good cybersecurity habits, like good password management and avoiding suspicious emails and links, refrain from using public Wi-Fi and using a password manager, goes a long way in keeping your information safe and secure.
What it is: Card skimming happens when a fake device is attached to the card slot where you swipe your credit card. That fake device collects credit card information that’s later used to commit credit card fraud. These devices are becoming increasingly subtle and sophisticated, blending in almost perfectly with the machines on which they’re placed. With enough savvy, a criminal can put a skimmer on any card reader, but they most frequently appear on publicly exposed terminals like ATMs and gas station pumps. Some skimming operations also pay restaurant and retail employees to skim cards that customers give them, which is even harder to detect because in those situations you often can’t check the card reader yourself.
How to resolve it: Though skimmers can be hard to detect, they have a few telltale signs. Look for slight differences in design between payment terminals and be wary of number pads with stiff, unresponsive buttons. Also, tug on the card slot to see if it jiggles loose and be aware of out-of-order signs on nearby terminals, as card thieves sometimes put them up to redirect people toward a terminal they’ve equipped with a skimmer. Apart from that, you could also try varying the businesses you visit or swapping out your payment methods for a few months to see if that changes anything. If you avoid a restaurant for a while, and at the same time experience an extra-long gap between card fraud attempts, you may have just narrowed down the source of the theft.
What it is: Sometimes your card getting stolen doesn’t indicate a weak point in your security, but in the security of a business you use. Brick-and-mortar stores can have their electronic point-of-sale (POS) systems infected with malware that sends credit card information to a third party – something we’ve seen frequently in recent years with data breaches at hotel chains and retailers.
E-commerce websites are also risky, as hackers can scrape customer payment details from their servers (which are often sold in bulk on the dark web), or the website owners could be unscrupulous enough to steal credit cards themselves (most often something you’ll encounter visiting sketchy foreign-based websites or clicking on malicious or fake links). In either case, you can’t be sure of the security measures most businesses are taking to keep your information safe, so you could shop at a business for a long time without knowing it’s a source of your credit card theft woes.
How to resolve it: For brick-and-mortar stores, there isn’t much you can do other than what was previously outlined in the section on skimming. Avoid businesses at which you regularly shop, or switch up your payment methods for a little while to see if that changes the theft pattern at all. With e-commerce websites, you have a few more options, like making sure your connection is secured with HTTPS when you check out and looking for a seal of approval from a trusted organization, such as TRUSTe or the Better Business Bureau.
Additionally, make sure you are on the correct website when you intend to make a purchase – something as simple as a couple of transposed letters in a URL could mean the difference between a legitimate site and a fake site meant to steal your information. Larger websites like Amazon and Etsy are pretty safe to do business with, but smaller websites are more likely to get hacked or engage in outright criminal activities like credit card theft, so proceed with caution. The same goes with shopping within apps on your phone or other devices – make sure you’re using a legitimate app.
What it is: Unfortunately, in many cases of repeated identity theft or fraud, the perpetrator turns out to be someone you know, like a relative or caregiver. Known as familiar fraud, this type of identity theft can be the most frustrating because often people are less likely to suspect someone close to them vs. a stranger if their credit card becomes compromised. A committed credit card thief in your midst could even intercept your mail or file a change of address form to ensure they get a peek at your new card number before you do.
How to resolve it: If you’re experiencing repeated credit card theft and none of the other sources of compromise we’ve described seem to be the culprit, then you might want to look closely at the people around you. Familiar fraud carries an emotional charge that fraud perpetrated by a stranger doesn’t, but you should still report it because the negative impacts to your credit and your life can be detrimental for years to come. Steps you can take to prevent further fraud can include locking up your important documents and information in a personal safe only you have access to, using a post office box to receive your mail and ensuring that nobody else can access your accounts but you.
No matter how your credit card is being stolen, one thing that can help you spot and deal with this and other types of fraud is an identity theft protection service. These services monitor the Internet black market to see if your information is being traded, used or sold fraudulently, monitor your credit reports to alert you if any changes are detected and offer and provide identity restoration help in the event you become a victim.