How Your Credit Card Information Is Stolen And What To Do About It

As hackers get more creative in coming up with stronger credit card fraud schemes, we need to counter that with even stronger vigilance.

How credit card fraudsters get caught involves a lot of luck, as they mostly operate behind the screen. The solution is to be a step ahead of them by being more mindful of protecting your personal information.

Why be afraid of credit card fraud? 

When scammers get ahold of your card and access to your personal information, they can do the following:

  • Hack your login details
  • Avail of products and services using your credit card
  • Make a cash advance
  • Max out your credit card
  • Change Personal Identification Numbers (PINs)
  • Apply for a credit card or loan under your name
  • Sell your personal information to other people

Credit card theft punishment in the Philippines starts with a fine of P10,000, to a 12- to 20-year jail time. The most common types of credit card frauds, however, only improve with time and are usually untraceable.

Investigating credit card theft these days can be as easy as checking your mobile banking applications and reporting the unauthorized transaction to authorities.

(Read: Everything You Need To Know About Credit Card Two Factor Authentication)

Common types of credit card frauds

To avoid falling victim to credit card fraud, we’ve come up with a list of the most popular forms of credit card security threats that can wreak havoc on your finances, and the steps you need to do to avoid it.

1. Skimming

Skimming is currently the most common type of credit card scam. It uses a device that is attached to ATM and card payment terminals and obtains your personal data after your card is scanned by the device.

There are also handheld skimmers where the card is run to a skimmer before it’s inserted to the terminal. This usually happens in restaurants or other places where they take the card to the cash register, out of the cardholder’s sight.

The current use of EMV chips on ATM, debit, and credit cards provides an advanced layer of security against skimming.

EMV stands for Europay, MasterCard® and Visa®. The chip looks like a SIM card that is embedded on the bank card. For every transaction, it generates a unique transaction code (called tokenization) that cannot be replicated. Anyone who attempts to steal the card information on the chip through the typical methods of skimming will not be successful.

How to avoid skimming

Download your bank’s mobile app and set up alerts for potential fraud. Regularly keep track of your spending. You’ll easily spot unauthorized transactions this way. Report unauthorized transactions to your card issuing bank right away.

The responsibility still lies within you as the cardholder to be vigilant of your personal information. However, hackers have found a workaround for skimming, and the upgrade is called ‘Shimming’.

2. Shimming

A more recent card scam is shimming. This is an advanced way of skimming in the form of a thin device inserted into the ATM or payment terminal.

Kind of like a mroe advanced skimming method, shimming involves microchip and flash storage. A shimming device takes advantage of a weakness found in the magnetic strips of EMV cards.

A shimming device was made exactly for copying and saving account information on EMV-chip cards. The cards are then cloned into another card complete with PIN and card number, for the scammer’s own use.

The liability for shimming is currently more on the merchants and banks side.

How to avoid shimming

The best way to prevent this on the merchant’s end is to conduct proper transaction authorization. Banks, on the other hand, are expected to do a regular inspection of their ATMs, or terminals, to avoid or detect shimming.

3. Email phishing

Phishing is a method of getting someone’s account information, mostly through email, but it’s also done via text or social media.

Phishing is done under the guise of a company that the victim is a member of. For credit cards, phishers send an email that looks like it is from a card issuer.

Even non-credit cardholders are targets for phishing. Basically, anyone scammers can get personal information from is a potential victim.

Scammers have become very good at creating what looks like an official-looking email, complete with the logo of the company. A link is provided on the email, redirecting the cardholder to the fake but legitimate looking website, prompting them to enter all the information needed to verify, update, or set up their account.

How to avoid phishing

Identify the subtle yet obvious difference from the legitimate website to the fake one. Only provide personal information to links with an “https” or a lock icon on the browser.

To verify, a quick Google search will get you the official website of your card issuer, and you can spot the differences on the link you’re given in the email.

Better yet, do not click links on emails that use a URL shortener, especially if they’re asking for your personal information. Lastly, contact the company that’s asking for this sensitive information to make sure the e-mail is legitimate.

4. Pretexting couldn’t have said it more concisely: Pretexting is “the practice of obtaining your personal information under false pretenses.”

It is usually done over the phone, with the caller claiming to be from the government agency, bank, or could even be the hotel receptionist, trying to “clarify” some information, and ask for your card number and/or other account details.

To gain your trust, they usually provide some personal information they’ve researched or stolen prior to the call and use this as bait to gain your trust and get you to fill in the missing details.

How to avoid pretexting

Don’t let the caller do all the talking. As soon as they ask for your personal information, tell them that you will call them back using the legitimate phone number at the back of your card, or their official hotline number.

It is hard to verify the legitimacy of the call if they’re the ones calling you. In case of hotels or any form of service, the legitimate ones will always ask you to go down to the lobby and settle the payment personally, and not over the phone.

5. Pharming

This is a method of hacking that starts on a website. The user is redirected to a fake website where it still shows the same URL, but it’s not on the same legitimate server.  Hackers are then able to get your card information, including account login details.

To the more tech-savvy, this malicious strategy is also known as DNS Cache Poisoning.

How to avoid pharming?

A quick check to make sure that there is lock symbol on your browser and an “https” on the address of the website (URL) will confirm security.

Use a trusted antivirus software that especially keeps Spywares at bay, and only connect to a legitimate Internet Service Provider (ISP). When in doubt, always verify with the organization or bank that is asking for sensitive information.

6. Spear phishing

This is just like regular email phishing, but this time, it targets businesses. It’s a scam that spans an entire organization.

It looks like it’s an internal email from the organization head, whether from IT, HR, or even the CEO. It could ask employees to click a malicious link or send their account details.

Not only does this steal the user’s personal information, but they could also install malware, and penetrate the company’s private information as well.

How to avoid spear phishing

Companies and organizations should inform their employees or members of the different ways hackers can get into their system. It doesn’t stop with building a secured network. Part of a company’s best practice efforts is in avoiding the chances of falling victim to cyber security attacks.

(Read: The Ultimate List Of Easy-To-Do Anti-Fraud Tips)

Bonus: The good old method of stealing personal information

The idea of leaving card details out in the open sounds incredible, but many people still commit this mistake.

Whether in real life or online, cardholders still carelessly leave their personal information out where it’s easy to get ahold of it. It can come from a lost wallet, photos of credit cards, sending messages, not locking one’s personal computer, or having a weak, easy-to-predict password.

How to keep your personal information safe

We should be more responsible in protecting our data privacy.

Our online information has largely become extensions of us. To simply rely on banks would be foolish as they can only do so much on their end.

The truth is, there are far too many fraud cases due to negligence from the cardholder’s side. Call your credit card provider right away if you lost your wallet, or if your privacy has been tampered with.