Credit card fraud has become a constant and pervasive threat, and debit cards are not immune to theft either. In 2020, the Federal Trade Commission reported 66,090 instances of credit card fraud.
For years, thieves have been skimming debit (and credit) card information from ATM machines, and the innovation of chip cards was partly developed to address this risk. However, as the credit card industry evolves, thieves adapt, and Consumer Reports notes that they now have “shimmers” that can read chip-based cards.
Gas stations are a haven for credit card thieves because the pumps see a high volume of customers and often receive little supervision. As a result, thieves have plenty of opportunities to install skimmers and, in some cases, tiny cameras that capture PIN numbers. The problem is so serious that the Secret Service has been called in. During a 2018 crackdown, the agency discovered nearly 200 skimmers in 400 gas stations.
While there are many honest mobile vendors trying to make a living, there are also thieves who pose as such vendors. Attendees at festivals, fairs, concerts, and other events may be unaware whether a vendor is legitimate or employs a card skimmer. This makes your card vulnerable.
While some restaurants now swipe your card in a visible location, many still run cards in the back of the house where you can’t see it. If an establishment or individual server is dishonest, they may swipe your card through a skimmer and charge you for more than just your meal.
Large chain retail stores may appear to be safer places to use a credit card because they have more resources to invest in security. However, the number of people who swipe cards at retailers makes them particularly appealing targets for thieves, and some have managed to circumvent the security measures in place. Target, TJX (which owns T.J. Maxx and Marshall’s), and others have all experienced data breaches involving credit cards.
Your credit card information can be exposed at multiple points during an online transaction. The data can be stolen by malware on your device, a third party who intercepts the transmission, or a retailer’s data breach.
Anywhere Information is Stored
The risk of credit card theft does not end when you swipe your card. Any business that stores your credit card number may suffer a data breach in which a hacker obtains access to your card information. These types of attacks have harmed both large and small sellers across a wide range of industries.
How to Protect Your Credit Card
With so many potential ways for your credit card information to be compromised, you’re unlikely to be able to completely eliminate the risk of credit and debit card theft. However, there are steps you can take to better protect your credit card information.
Use high-visibility ATMs.
While any ATM machine may have a skimmer installed, those that aren’t closely monitored are more likely to be tampered with. To reduce the risk of ATM skimmers, look for machines in the same way you would look for a mugging. Go to a high-traffic, highly visible machine, preferably in a secure location (e.g., a bank).
Check Readers at Gas Stations
When you use a credit card at a gas station, check the pump’s reader to see if it looks tampered with. Pay inside if there are any unusual stickers, if the inspection seal says “void,” or if there are any loose parts — you’re less likely to have your card stolen if you use it at the cash register.
Examine Other Nearby Readers
If you’re in an area with other, identical credit card readers, check to see if they look the same as the one you’re using. If there is a noticeable difference between the readers on two otherwise identical ATMs or fuel pumps, one may have a skimmer attached. Look for another place to use your card.
Wiggle the Reader
Before you swipe your card at an unmonitored location, such as an ATM or gas pump, give the reader a gentle tug. Don’t use your card if anything appears loose. A thief could have loosened something to install a camera or skimmer.
Mobile Vendors Should Be Vetted
Before you hand over your credit or debit card to a mobile vendor, make sure they are at least running a legitimate business. Inquire about their location, look for pictures of their facility, and look them up online if you want. This ensures you’re paying a legitimate company rather than someone posing as a local or mobile vendor.
Whether it’s a restaurant that takes your credit card in the back or a fuel pump that appears suspicious, you’ll encounter potentially dangerous situations at times. Keep some cash on hand to use whenever using a credit card seems risky.
Keep No Card Information
To reduce the risk of potential data breaches, avoid storing credit card information on retailer websites. Entering your card number for each purchase is a minor inconvenience compared to dealing with a stolen card.
Use a Credit Card Instead of a Debit Card
When you do use plastic, use a credit card rather than a debit card whenever possible. Credit cards are protected by the Fair Credit Billing Act (FCBA), whereas debit cards are protected by the Electronic Fund Transfer Act (EFTA) (EFTA). According to the Federal Trade Commission, the FCBA limits your potential liability to $50, whereas the EFTA can hold you liable for up to $500 of fraudulent charges (and occasionally more) in certain circumstances.
What to Do If Your Credit Card Is Stolen
Even with the best security, your credit and debit card information could be stolen. If this occurs, take the following steps to address the issue.
Step 1: Immediately notify your card issuer.
Notify the bank or other institution that issued your card as soon as you suspect your credit or debit card information has been stolen. According to the Federal Trade Commission, you are not liable if you report the incident before fraudulent charges are filed. If you report the potential theft after fraudulent charges have been made, the amount you’re responsible for is determined by how quickly you notify your card issuer. Most card issuers have 24-hour hotlines you can call if you suspect the information on your card has been stolen.
When a debit card is compromised, reporting must be completed as soon as possible. If you report a stolen debit card within two business days of learning about the theft or incident, the EFTA limits your liability to $50. If you notify your card issuer more than two business days after the incident but within 60 calendar days, your maximum liability for the incident is $500. If you wait 60 calendar days or more, your liability may exceed $500. Of course, if you report the incident before any fraudulent charges are made, your liability should be zero, even if you use a debit card.
Step 2: Provide Your Card Issuer with a Written Statement
Follow up on your initial notification with a written statement to your card issuer. This simply documents that you contacted the issuer in the event that a question arises about how you handled the incident. To prove you sent the letter, send it certified mail with a return receipt requested and keep a copy for yourself.
Step 3: Get a New Card and a New PIN
When you notify your card issuer, they will most likely immediately disable your compromised card and send you a new one in the mail. The length of time depends on the issuer and your situation. Wait for your new card to arrive and set a new — and different — PIN. You should make sure that your new PIN is unique because thieves sometimes try to recycle data that they’ve collected in the past. If you use the same PIN, any attempts to re-use your old number will fail.
Step 4: Examine Your Account Statements
Thieves may use a card as soon as they obtain its information, but they may also wait. To ensure that you catch all fraudulent charges, carefully and regularly monitor your account statements for unauthorised charges. Of course, you should be doing this already in case thieves stole your card information without your knowledge.
Step 5: Report Unauthorized Charges
Notify your card issuer right away if you notice any unauthorised charges. The charges could be related to an incident you reported, or they could be related to another instance in which your credit or debit card was compromised without your knowledge. These will most likely be resolved in accordance with your account’s policy and any applicable federal or state law.