You are about to pay for a purchase with your credit card and the message “Card Rejected” flashes across the screen.
The first thoughts that might enter the mind are if the recent bill was paid on time, if the account balance is maxed out, or an error with the merchant’s processing equipment.
Then, you look at your recent account balance and see several mysterious purchases that were not made. At this point, you realize your credit card information has compromised, even though it is still being held in your hand.
Credit card fraud is surprisingly common and affects an approximate 11 million American every year. In 2014, international credit fraud accounted for $16 billion and 48% occurred within the United States, primarily because of outdated magnetic strip technology, according to The Nilson Report.
What is a Compromised Credit Card?
A credit card or debit card becomes compromised when a hacker is able to “skim” the card number and payment information from a magnetic swipe in a credit card reader.
Thieves normally attached devices that wirelessly transmit data from the credit card reader to their own computer which might only be a few feet away by sitting in a car in a parking lot or sitting at a nearby table drinking a cup of coffee while appearing to work on their electronic device.
What Happens Next: The “Cloned” Card Scenario
The thief will then produce a cloned credit card that can be sold for a few bucks to a buyer who will normally use it for a variety of small and large purchases such as gas, clothing, sporting goods, and anything else before the bank finally freezes the account for unusual activity.
As many credit card transactions in North America are still completed by swiping the magnetic strip on the back of the credit card, instead of inserting the golden EMV chip, cashiers rarely ask for photo id to verify the cardholder. Despite being a cloned credit card, legitimate credit cards come in many different brands and colors.
The fake credit card has the same appearance as a real credit card and the cashier probably won’t think it is fake, especially since it works just like the one it is pretending to be.
Card Present Transactions
The easiest way to compromise a credit card, also known as credit card skimming and credit card cloning, is with “card present transactions.” These are in-person purchases when a card is physically swiped to pay for a purchase at any store or restaurant. The thief only needs a basic skimmer device that can store credit card numbers and can “blend in” with the crowd.
Scammed at the Drive-Thru: The Fraud Risks Are Real!
Skimming can happen anytime when swiping the magnetic strip in an ATM machine, self-service gas station pump, a vending machine that accepts plastic payments, and at regular places of business as well.
The advanced thieves use devices that are very hard to detect, especially if the customer isn’t looking for it and habitually inserts the credit card and is fixated on the digital screen that might ask for a PIN or billing zip code. It is even possible that a restaurant waitress or store cashier can skim the date by having their personal small device and swipe it when nobody is looking.
While this type of skimming does happen, the most common way is in low-security areas such as gas stations and ATMs where a cashier is not constantly hovering over the device and the thief can act like just another customer when, in reality, they are installing or retrieving the skimmer.
Card Not Present Transactions
Credit card data can also be skimmed from online purchases as well.
This can be accomplished in several different ways. Hackers can install malware on your computer or the merchant’s computer that will give them undetected access to sensitive files or the ability to record keystrokes.
“Hotspot” Equals “Honeypot” for Credit Card Fraudsters!
Another way is to “hack” into public Wi-Fi networks and download data from several users. If anybody makes a purchase over these public hotspots, they can download the credit card information that can later be used to make a physical credit card or to make other online purchases.
Also, hackers are also able to randomly enter credit card numbers and will first try making a small purchase such as buying a song for $1 as that will not set off any fraud alerts for most banks. If that transaction processes successfully, they will then go on a spending spree before the card is finally frozen.
How To Prevent Credit Card Skimming
Credit card fraudsters are always coming up with new ways to steal information, especially as credit card issuers are rolling out EMV-chip credit cards that are significantly harder to hack as the cards provide a one-time payment code, similar to digital wallets, instead of transmitting personal information to the merchant’s payment processor.
But, this technology is still very new on this side of the Atlantic and magnetic strip transactions will still be very prevalent for the near future as merchants update their readers and cardholders receive new cards.
If you need to pay with the old-fashioned magnetic strip, which is anytime you fill up your car or make an ATM withdrawal, here are some tips:
1. Inspect the card reader for any possible signs of tampering. If the reader seems bulkier than usual or the keypad seems a little “squishy” when pressing the various numbers, this might be a sign that a thief has installed a device. A card skimmer can also look like a very thin and clear plastic film that slides into the credit card slot. Some are very hard to see.
2. Regularly monitor banking activity. Most people do not check their bank account activity on a regular basis. They might only do it when it comes time to pay the bills once or twice a month. Checking activity regularly is the easiest way to spot any unusual activity. It can also prevent frustration and public embarrassment when a credit card is rejected.
3. Signup for text alerts. Many banks offer cardholders the opportunity to link a phone number and will send you a text message asking to verify a purchase. The alerts can also come via a phone call or e-mail. To receive these alerts, ensure your contact information is up to date.Otherwise, you might not find out until you receive your monthly statement or try to make a purchase yourself.
4. Enroll in an identity protection plan. Find one that monitors for identity theft while also watching your credit card and bank accounts. Even the most cautious consumers have their credit and debit card information compromised. Hackers are crafty and relentless.
5. Be careful if any cards get compromised. When a credit card is compromised, they might only be able to retrieve the card number, expiration date, CVN, and billing zip code or pin, but advanced hackers might be able to retrieve more information such as a social security number and other sensitive information that might have been required to complete a purchase.
A criminal like this might not only be able to sell your credit card information, but also personal information that can be used for identity theft. Read our ‘100 Ways to Prevent Identity Theft’ if this is a worry for you!
The Future of Credit Card Skimming
As the world switches to EMV-chip credit cards and digital wallets, compromised credit cards should not occur as often as it does currently. But, hackers are always discovering new ways to outsmart the latest security measures.
Companies sell RFID-blocking wallets that prevent hackers from stealing card information with a pocket device even when the credit card isn’t used to make a purchase. Credit card issuers say that EMV cards are very safe because each purchase uses a different purchase code, while traditional magnetic stripe credit cards use the same code for every purchase.
Contactless Payments Are Growing (and Less Dangerous!)
Another security concern is contactless payments where a credit card doesn’t physically need to be inserted to complete a payment. With contactless payments, the credit card or smartphone only needs to hover a few inches from the card reader to complete the payment as the information is transmitted wirelessly.
A fraudster can use computer software to intercept the wireless signals, but will still need to find a way to usefully employ the credit card information as each payment also transmits a one-time code to complete the payment.
Most American EMV credit cards only have contact payment capability, meaning they must be physically inserted (dipped) into the card reader to complete a purchase.
As the magnetic credit card is slowly phased out, credit card fraud is shifting from in-person skimming to online skimming instead.
This Practice Has Reduced Card Fraud Before …
In Europe, where EMV cards have been used for several years, traditional credit card cloning techniques have been greatly reduced, along with credit card fraud in general, and it mostly occurs from online transactions now when payment information needs to be manually entered.
The extra layers of encryption are deterring thieves, but it is important to always remain vigilant.