How Do You Stop Scammers From Using Your Credit Card?
Credit card fraud can happen to anyone.
For Anton Hinton, it was a call claiming to come from JPMorgan Chase. They told him his debit card had been stolen and they needed to “confirm” his identity by sending him a one-time code. After the call, $300 disappeared from his account [*].
And then there’s the case of Carolyn Mora, who checked her credit card statement to find $232 spent in Israel. She’d never traveled outside the U.S.
Credit card fraud — or just “card fraud” — includes any unauthorized use of a credit or debit card to fraudulently obtain money or property. The Federal Trade Commission (FTC) reported that credit card fraud was the second most common type of identity theft in 2021, with an astounding 389,737 reports [*].
In this guide, we’ll show you how to prevent credit card fraud and protect your accounts, finances, and family from the dangers of identity theft.
10 Ways To Avoid Credit Card Fraud
- Recognize when your credit card is most at risk.
- Protect your physical credit card.
- Only share credit card information on “secure” websites and stores.
- Shop with reputable online retailers you know and trust.
- Be cautious of phishing emails, texts, and calls.
- Look for the warning signs of a scam website.
- Keep your devices safe from scammers and hackers.
- Protect your mail and shred sensitive documents.
- Keep a list of your credit card and bank account details.
- Use your credit card (not debit card).
1. Recognize when your credit card is at risk
Criminals have more ways than ever to get access to your physical credit card or your credit card numbers.
Whereas your Social Security number (SSN) might be easier to protect, your credit card numbers are more easily exposed. Thieves can steal your credit card numbers from unsecure websites and trick you into handing them over using phishing attacks and other deceptive techniques.
Once they have your numbers, they can rack up debt, open new accounts or request new cards, and even commit other types of financial fraud, such as loan fraud. Even worse, you could spend years and thousands of dollars trying to repair your credit and restore your identity.
The best course of action is to stop fraud before it happens.
Related: Is identity theft protection worth it? ←
Here are some ways to detect credit card fraud:
- Physical theft: Criminals will often steal your physical credit card from your wallet or purse. A stolen card gives them everything they need to make online purchases or “clone” a new card to use across the country.
- Mail theft or “dumpster diving”: Thieves will look for documents that have your credit card numbers on them, such as account statements or new card offers. If your mail goes missing or stops arriving, you could be the victim of mail theft or a change-of-address scam.
- Phishing attacks: Scammers will send you phishing emails, text messages, or phone calls claiming to be from your bank or lender and trick you into providing your financial information.
- Malware, spyware, and other viruses: Some phishing and other cyber attacks include links or attachments that infect your devices with malware. These viruses scan your device for your financial information or “spy” on you as you enter your credentials on your banking site.
- Skimming and shimming using unsecure ATMs: Credit card “skimmers” are small devices that are installed on ATMs. When you use your card, it steals your numbers and PIN and sends them to the fraudster. These devices are commonly found at gas stations and other places where pin pads are out in the open.
- Intercepting Wi-Fi: Public Wi-Fi networks are notoriously easy to hack. A scammer can use a man-in-the-middle attack to intercept your account numbers and passwords when you log-in.
- Data breaches and other hacks: Millions of credit card numbers and personal information have been leaked in recent data breaches. In some cases, these end up for sale on the Dark Web for as little as $14 [*].
- Shoulder surfing: Anytime you use your credit card in public — such as at ATMs, restaurants, or on the phone — a scammer could spy on you and write down your numbers.
2. Protect your physical credit card
While criminals have found more advanced ways of committing credit card fraud, physical card theft is still a serious problem.
With your physical card, a thief can make fraudulent purchases, “clone” the card into a new one, or use the numbers for other types of scams and fraud.
To keep your credit card safe, remember to:
- Use a chip reader. Whenever possible, use a chip reader, as they’re more secure. Modern credit cards use EMV chips to stop scammers from being able to “skim” your card’s magnetic strip.
- Protect your wallet or purse. Keep an eye on your wallet or purse and never leave either unattended. If you carry your wallet in your back pocket or your purse behind you, you might want to consider moving them in front of you to avoid getting pickpocketed.
- Carry fewer cards with you. Having too many credit cards means you’re less likely to notice when one goes missing. Minimize the number of cards you carry with you.
- Ensure transactions happen within your view. Don’t let servers at restaurants or store employees take your card. It’s too easy for credit card fraud to happen when you’re not around.
- Don’t read out your credit card numbers in public. Wait until you’re in private before giving out your numbers on the phone. Anyone can listen in and write them down.
3. Only share credit card information on “secure” websites and stores
Digital wallets and credit cards account for 67.3% of total e-commerce transactions today. That makes them a huge target for scammers who want to steal your credit card information.
We all take chances when we use digital payment types for online transactions — but you can protect yourself by only sharing personally identifiable information (PII) on “secure” websites. A secure site uses encryption to stop scammers from hacking them and getting your credit card numbers.
How can you tell if a site is secure?
- Look for a padlock symbol by the URL. You will see a padlock on the left side of your browser's address bar on safe websites. If there's no padlock, you're on an unsafe web page. Criminals can easily view or intercept any communication on unsecure web pages, putting you and your personal information at greater risk.
- Check for “HTTPS” (not “HTTP”). In this case, the extra “S” stands for secure. Secure websites use what’s called “Secure Sockets Layer (SSL)” — a security protocol that uses “tokenization” to scramble your data. This means that even if the site gets hacked, your credit card information won’t be compromised.
Unfortunately, scammers have started to use “secure” sites that look like legitimate websites and eCommerce retailers to steal your information. One study found that 58% of all phishing websites use HTTPS [*].
Always do your research before entering your credit card information on a website. If you’re at all unsure, consider using a different retailer or a safer payment method,
In the news: In August 2021, federal investigators charged four executives of Allied Wallet for their role in processing over $150 million in credit card transactions through more than 100 sham merchants.
4. Shop with reputable online retailers you know and trust
According to the Better Business Bureaus (BBB), online purchasing is the most popular type of scam reported. This fraud was responsible for 37% of complaints on the BBB scam tracker in 2021.
Even the most secure sites can fall victim to hacks or fraudulent activity. But reputable businesses like Walmart, Amazon, and Apple, usually have stronger security than smaller brands and newer websites.
If you want to use your credit card to buy from a new or unknown retailer, start by searching for them on the BBB’s website. This will tell you if anyone has reported fraud from this company and if they’re “trusted” by the BBB.
But the BBB isn’t the only resource for checking if a retailer is legitimate. Here are a few other steps to take before giving your credit card information over to an online store:
- Obtain a physical address. An authentic organization wants customers to discover and enter its physical and online stores. Conversely, criminals won't list a legitimate location. If you find a postal address, validate that information with the U.S. Postal Service.
- Check if the contact number is working. You can expect to find a working phone number on most business websites. With the rise of multi-factor authentication (MFA), a phone is now a standard identity verification tool. If the number returns an error message or no dial tone, you might be dealing with a bogus page.
- Look for an active email address. Most bonafide companies have email addresses for customer support. If you can't find one, that’s a big red flag. If you do find an email address, send out an initial query. A reputable store will be happy to provide email verification of its authenticity.
- Do a Google search for “Company name + scam/fraud”. See if anyone has written reviews, social media posts, or blogs about being scammed by this company. If someone has already been the victim of credit card fraud, you should find out.
- Beware of account signups without ID verification. Most companies will combat any potential fraudulent activity by asking customers to sign up for an account before they can make purchases. If you can make a purchase from a website without first creating an account, this lax in security may be the sign of a scam web page.
- Look for third-party reviews. You should be able to find reviews from previous customers on sites like Amazon, as well as on industry news sites and third-party sources that monitor websites for internet safety. Unfortunately, not all reviews are genuine.
If you think you have encountered suspicious activity on a business page, you can report it to BBB to help prevent further instances of fraud.
5. Be cautious of phishing emails, texts, and calls
Phishing scams are among the most common ways criminals try to steal your identity. Fraudulent messages or emails can trick victims into clicking on bogus links or unwittingly sending their credit information to the wrong people. Almost 96% of these phishing attacks arrive in spam emails [*].
Here’s one example.
In February 2022, criminals crafted a series of “exclusive rewards” for Costco and T-Mobile customers [*]. The messages included official logos and branding to entice customers with free $100 gift cards.
Because the emails looked legitimate (and were from companies you know of), victims were more likely to give them their credit card information to receive this special reward.
Whenever you receive an unsolicited email that includes a link or it asks for your financial information, look for the signs it’s from a scammer.
Warning Signs of a Scam Email:
- Incorrect “From” email addresses. Click or hover on the sender’s name to see which email address it came from. If this doesn’t match the company name, it’s a scam. (Also look for similar domain names like “Walmrat” instead of “Walmart”).
- Using an unofficial email account (like Gmail or Yahoo). Check to see if the sender is using a free email address. Employees won’t contact you using a Gmail or Yahoo mail account.
- Poor spelling, grammar, and layout. Phishing scams often include strange typos and grammar. Don’t assume it was just a mistake. This is a major red flag that you’re dealing with a fraudster.
- Including links, attachments, or QR codes. Never click on links or download attachments in unsolicited emails or texts. This is one of the ways that scammers get you to visit phishing sites or infect your device with malware.
- Using threatening or emotional language. Fraudsters will threaten or present you with time-bound offers in order to get you to quickly give up your card details. Emotional language is one of the hallmarks of a social engineering attack. Take a breath and check the email for warning signs before acting.
The best way to avoid credit card fraud from phishing is to ignore all emails, texts, and phone calls from companies. If you’re interested in the offer or want to check in with something on your account, go to their official website or call the phone number listed on it. This way you know you’re talking to someone legitimate.
Pro tip: Sign up for fraud alerts and credit monitoring. If you want more peace of mind, having a fraud detection service monitor your credit card accounts can help protect against fraudulent purchases or identity theft schemes.
6. Look for the warning signs of a scam website
High-level e-commerce vendors want to provide enjoyable experiences for their customers. So the design on most modern retail sites focuses on straightforward navigation and an intuitive user experience (UX).
For instance, many new eCommerce sites are built on Shopify, which presents clean, clear themes that are free of clutter — making it easy for customers to find what they want.
By comparison, many scammers use flamboyant websites, flashy ads, too-good-to-be-true offers, and aggressive popups to con people into sharing their credit card data.
Some scam sites will also include lots of hyperlinks designed to lure victims to unsecure areas of the internet. Others will impose a mirror website over the top of a legitimate site, which can install malware on your computer.
If a site is confusing to use or seems sketchy at all, don’t give them your credit card numbers or any sensitive information.
In the news: In January 2022, police in Elyria intercepted a $20,000 package that a 74-year-old resident had mailed to scammers. The victim clicked on a popup that claimed her computer was infected with a virus, instructing her to call the attached phone number. On the call, the scammer told her to send the cash amount in order to fix her computer.
7. Keep your devices safe from scammers and hackers
Even if you use a secure webpage to make online purchases, that doesn't mean all transactions are safe. Hackers can intercept electronic transfers as they transmit to a safe business server.
Here are a few extra security steps that will help you secure electronic transactions:
- Avoid transactions on public Wi-Fi. Don’t make credit card purchases on public internet services, like in cafes or co-working spaces. Thieves can log onto the same shared network and swipe your details. If you need to get online, use a mobile hotspot or a VPN.
- Use a Virtual Private Network (VPN). VPNs extend a private network across public systems, offering more privacy and security features. It will protect your IP address and also encrypt electronic information transfers.
- Sign up for a password manager. This additional security measure provides an extra layer of protection when you are browsing or shopping online in public spaces. It also saves you the hassle of remembering multiple passwords for your various accounts.
Want to know how easy it is for hackers to get into your Wi-Fi network? In a social experiment, ethical hackers taught 86-year-old Alec Daniels how to set up a phishing email, hack a public Wi-Fi network, and intercept web traffic. It took him 17 minutes to successfully perform the hack [*].
Pro tip: Use antivirus and a VPN to keep your devices safe. Aura’s antivirus software and VPN scans your devices and networks for signs of hacking and malware so you can browse and shop online safely.
8. Protect your mail and shred sensitive documents
While credit card skimmers and Wi-Fi hacking are legitimate dangers, many credit card criminals prefer time-tested scams like stealing your mail or digging through your trash.
Many pieces of mail and documents include sensitive financial information that scammers can use to break into your accounts or open new credit cards in your name.
Sometimes, scammers will even use a change-of-address scam to reroute your mail to their address. Then, they’ll order a replacement card “for you”.
Make sure you keep your mail and physical documents safe by:
- Going paperless with your account statements and bills.
- Reducing the number of documents you receive in the mail that contain your credit card information.
- Collecting your mail daily (or using a secure mailbox).
- Shredding all sensitive documents before throwing them away.
9. Keep a list of your credit card and bank account details
With credit card fraud prevention, speed matters. The quicker you discover a vulnerability (or compromise), the faster you can shut down scammers.
Most password managers also let you store card information alongside passwords on their digital wallet.
Imagine that your wallet is stolen. The faster you act, the sooner your card issuers can freeze your accounts. If you're prepared, you can limit the extent of any damages you might face in the wake of identity theft.
Having a complete list of account numbers nearby will help your credit card company confirm your identity and quickly respond to a threat. You can even save this information on your password manager.
Keep a list of your credit card issuer’s service contacts written down as well. Many have secured methods of communication that can help you resolve any identity theft issues or credit card fraud. If you can, keep both an electronic and paper version of your account data.
10. Use your credit card (not debit card)
You might think this is an odd step to take when you want to prevent credit card fraud. But while it might be bad to have too many credit cards, it’s better than a surplus of debit cards.
Credit cards have built-in compliance standards that protect all consumers. The chargeback process and point-of-sale systems deter instances of fraud and unauthorized charges.
Also, all credit cards now include EMV chips — which stands for Europay, MasterCard, and Visa. These chip cards create unique codes for each transaction, making the cards (and their connected accounts) much more resilient to digital fraud than cards that only have magnetic swipes.
Other forms of money transfers such as Apple Pay, card-not-present, and e-transfer options are convenient but come with risks that make it easier for hackers to drain your account.
Were You The Victim of Credit Card Fraud? Do This, ASAP
- Contact the fraud department of your credit card issuer. Close your accounts and get a new card. Point out which fraudulent transactions should be cleared from your account.
- Freeze your credit immediately. A credit freeze rejects all loan applications until unfrozen and can prevent criminals from doing serious damage to your credit score. To set up a credit freeze, contact each of the three credit bureaus — TransUnion, Equifax, or Experian.
- Review your credit report for fraudulent activity. Request a free credit report at AnnualCreditReport.com and check to see if the cyber criminal has accessed other accounts or applied for credit under your name.
- Contact any company where the fraudulent card was used. Ask for their fraud department and tell them what happened. They’ll open a case and stop the criminal from making any more fraudulent charges.
- File an identity theft report with the Federal Trade Commission (FTC). Use the free tools at IdentityTheft.gov. This will provide you with documentation you may need later.
- Report the fraud to your local law enforcement. If your card was physically stolen, you should file a police report for identity theft immediately.
- Reset all your passwords and enable 2FA (but not over SMS). Update your online accounts with more secure passwords and set up a password manager to keep track of them. Make sure you also have two-factor authentication (2FA) on your bank accounts. This requires an additional code before logging in. But don’t use SMS as it can be compromised. Instead, use an authenticator app like Google or Authy.
- Sign up for identity theft protection. Aura’s all-in-one identity theft protection service includes credit monitoring and the industry’s fastest fraud alerts. And if the worst happens, all accounts are covered by a $1,000,000 insurance policy for eligible losses due to identity theft.
Do you have to pay for purchases that criminals make?
Thankfully, The Fair Credit Billing Act protects consumers with zero liability in cases of credit card fraud. This federal law means you won’t have to pay for fraudulent purchases made on your credit card — as long as you inform your lender or bank within a reasonable amount of time.
Unfortunately, while your bank might spare you the worst consequences, resolving identity theft and repairing your credit is still a time-consuming hassle.
The Bottom Line: Be Proactive About Fraud Prevention
With these tips, you should have everything you need to help prevent credit card fraud. Unfortunately, even the safest shoppers can find themselves as the victims of frauds and scams.
Protect your devices, data, and financial accounts with 24/7 credit monitoring and real-time fraud notifications. With Aura’s digital security solution working around the clock to keep you safe, you can browse and shop online with confidence.