Did Scammers Use Your Credit Card? Take These 10 Steps Now

Are There Strange Purchases on Your Credit Card Statement?

Pat Faron thought it was his lucky day when Visa called to offer him a special 0% interest rate on his credit card for the next three years [*]. All they needed to get started was for him to “verify” his credit card numbers.

Luckily, Faron is a journalist and knew from the start that he was dealing with a scammer trying to steal his credit card numbers. But not everyone can spot a credit card scam so easily.

According to the Federal Trade Commission (FTC), credit card fraud was the most reported type of fraud in America last year [*].

Over 441,000 Americans were victims — with many not even realizing that their card numbers had been stolen and were being illegally used.

The truth is that scammers don’t need your physical cards to ruin your credit and rack up debt in your name.

{{show-toc}}

How Do Scammers Use Your Credit Card Without Your Card?

With how popular online shopping has become, fraudsters now know that they don’t need to steal your physical credit cards in order to steal your credit.

“Card not present” (CNP) fraud (sometimes called “remote sales fraud”) occurs when scammers use stolen credit card information to make illegal purchases online or over the phone.

CNP is forecasted to make up 74.0% of card payment fraud loss this year with $10.16 billion worth of losses in tow [*].

To pull off these schemes, scammers purchase leaked or stolen credit card numbers and then use the information online.

In one example, a group of six scammers in Florida used stolen credit card information to charge at least $435,000 to retailers across the country [*].

Unfortunately, many victims don’t realize that their information has been stolen. Or worse, they think they’re safe because they have their physical credit cards in their possession.

Victim Of Credit Card Fraud? Here’s What To Do

1. Contact your credit card company
2. Report the fraud to your bank
3. Update your online banking passwords
4. Request a free credit report
5. Freeze your credit file
6. File an identity theft report
7. Report the crime to local law enforcement
8. Unlink your credit cards from sites
9. Scan the Dark Web for your personal information
10. Consider signing up for credit monitoring

1. Contact your credit card company’s fraud department

The first thing you should do is call your credit card company and report the fraud. This will stop the scammer from using your card information for further fraud.  

Here’s what to do:

• Review your credit card statement and highlight any unfamiliar or fraudulent charges. Don’t ignore small charges; scammers often start with these to “test” if your card numbers are valid (this is called “carding”).
• Then, contact your credit card’s fraud department and explain what happened. They'll open an investigation, close your compromised accounts, and issue you new cards.
• Some mobile banking apps allow you to lock or freeze your credit card if you think it’s been compromised. Do this right away if you think you’ve been scammed.

📚 Related: Victim of Fraud? Follow This Fraud Victim Recovery Checklist →

2. Report the fraud to your bank or credit union

Contact all other financial institutions — like your bank and credit unions — to ensure that you don’t face further financial fraud.  

Here’s what to do:

• Review your bank account and recent financial statements for fraudulent transactions.
• Call your financial institutions to tell them your credit card has been compromised and you’d like to update your account information as a protective measure.
• For added security, consider signing up for a credit monitoring service like Aura. Aura constantly monitors your banking, credit, and investment accounts for signs of fraudulent activity. You’ll receive alerts in near real-time so that you can quickly shut down the scammers.

📚 Related: Debt Collector Scams: How To Tell If a Debt Collector Is Legitimate →

3. Update your online banking passwords and enable 2FA

If scammers gain access to your credit card numbers, they may have access to other personal information. Update your online banking passwords — as well as passwords for your credit card, investment, and other sensitive accounts on any financial sites — and enable two-factor authentication (2FA).

Chances are high that the scammer gained access to more than just your credit card number, so it’s important that you protect yourself from potential future fraud.

Here’s what to do:

• Set up 2FA when available, and change all your account passwords.
• Consider using an authenticator app (rather than 2FA via text messaging/SMS), as well as a strong password manager.

4. Request a free credit report and look for fraudulent transactions

Your credit report and credit score can be powerful tools for discovering how credit card scammers may have targeted you.

Review your credit report from all three major credit bureaus (Equifax, Experian, and TransUnion) to look for fledgling accounts, fraudulent information, or hard credit inquiries that you don’t recognize.

Here’s what to do:

• Get a free annual credit report from Annualcreditreport.com and review it carefully for any fraudulent entries — including a wrong Social Security number (SSN) or address, and loans or new credit accounts that you didn’t request.
• If you find inaccurate information or fraudulent accounts, contact the affected companies and dispute the accounts with the credit bureaus. You can submit credit disputes by clicking on these links: Equifax‍, Experian‍, TransUnion.

📚 Related: Did Someone Open a Cell Phone Account In Your Name? Do This →

5. Freeze your credit file with the three major credit bureaus

Freezing your credit with all three bureaus makes it harder for identity thieves to open accounts in your name or change existing accounts.

A credit freeze (or credit lock) means creditors, lenders, and credit card companies can’t access your credit file — making it much harder for scammers to take out loans in your name.

Here’s what to do:

• Freeze your credit by contacting each credit reporting bureau individually to request the freeze. Each bureau will give you a credit “PIN” that you can use to freeze and unfreeze your credit.
• A credit lock is similar to a credit freeze, but is available as an app or online tool that can be activated (and disabled) immediately. Proactively freezing or locking your credit are two of the best ways you can protect yourself from credit card fraud.

📚 Related: Was Your PayPal Account Hacked? Here's What You Can Do →

6. File an identity theft report with the Federal Trade Commission

Filing an identity theft report with the FTC is an essential step in recovering from credit card fraud. Once you file a report, you’ll receive an official claim that you can use to dispute fraudulent purchases and accounts.

Here’s what to do:

• Go to IdentityTheft.gov and click on Get Started to start your report. You’ll need to supply personally identifying information (PII) and details about the fraud. Afterwards, you’ll receive a customized recovery plan.

📚 Related: My Child Used My Credit Card Without Permission — Help →

7. Report the crime to your local law enforcement

In certain situations, you’ll also want to file a report with your local law enforcement. You should contact the police if:

• You know the person who committed the crime.
• You have additional information that could aid in a police investigation, like if the scammer used your information to submit a change-of-address request with the United States Postal Service (USPS).
• Your identity was used during a police interaction — i.e., the identity thief gave your driver’s license information to the police during a traffic stop.
• Your financial institution requires a police report.

Here’s what to do:

• Compile a list of the fraudulent transactions, including dates and places, to make it easy to share the information with law enforcement.
• Contact your local police officials to learn how they’d like you to file the report.
• Bring information (including a copy of your FTC report if you have it), a photo ID, and proof of your address. Make sure to request a copy of your criminal report to help dispute fraudulent charges.

8. Unlink your credit cards from sites, services, and payment apps (like Apple Pay)

You’ll want to unlink your stolen credit card from all websites and services that are storing it on file to prevent further unauthorized transactions.

Here’s what to do:

• Log in to all websites, including e-commerce sites, with which you currently have your card on file, and remove or unlink the credit card. For most businesses, you can do this yourself by accessing your account.
• Contact any local businesses that may have a card on file for you, such as a drug store or veterinary service, and request that they delete the information from your account.
• Don’t forget to remove your card from apps and digital payment services, including Apple Pay, Google Wallet, Zelle, Venmo, and Cash App.

📚 Related: How To Dispute a Credit Card Charge (2024 Guide) →

9. Scan the Dark Web for your personal information

If your credit card information has been stolen, there’s a good chance that other aspects of your digital security have also been compromised.

Here’s what to do:

• Check to see if your personal identifying information or credit cards are for sale on the Dark Web and the internet by using Aura’s leaked password scanner.
• Cross-check the information using other tools including Identity Guard’s Dark Web scanner and HaveIBeenPwned.
• Aura’s digital security app constantly searches the Dark Web for you and will alert you if you’re vulnerable.

📚 Related: Help — My Debit Card Was Charged For Something I Didn't Buy →

10. Consider signing up for credit monitoring

Since almost 69% of identity theft victims become repeat victims, you’ll want to continue monitoring both your bank statements as well as your credit card statements [*].

Aura’s credit monitoring service constantly monitors your bank, credit, and investment account for signs of fraud or suspicious activity. If a scammer is targeting you, you’ll receive an alert in near-real time.

Here’s what to do:

• Consider signing up for Aura’s digital security app. Aura combines financial fraud protection with identity theft protection, antivirus software, and family protection. All Aura members are also covered by a $1,000,000 insurance plan for eligible losses due to identity theft.
• You can set up fraud alerts with your credit card issuers, so that you’ll receive text messages or emails alerting you about fraudulent activity.

Here’s How Scammers Steal Your Credit Card Numbers

Using a credit card with a chip and a card security code (CVV) is usually secure. Yet scammers can steal credit card numbers without ever touching your physical card.

Here are five ways that hackers can steal your credit card number.

• Buy leaked credit card numbers on the Dark Web. Credit card numbers are common targets in data breaches. Hacked credit card details (including your CVV) can be bought on the Dark Web for as little as $35 [*].
• Use phishing attacks to trick you into giving up your card numbers. Phishing scams are designed to dupe you into giving thieves your financial or personal information. These schemes occur via phone, email, text, or on websites. For example, scammers may call and claim to be from the fraud department at your bank and ask you to “verify” your credit card numbers to stop an ostensibly illegal transaction.
• Hack the payment systems for online stores. Fraudsters hack online stores or websites to steal stored credit card information. They can then either use this information themselves or sell it to other scammers on the Dark Web.
• Install “skimming” and “shimming” devices. Scammers install skimmers in vulnerable locations, such as at gas stations or public ATMs. When you run your credit card through the machine (or insert your chip), these devices steal your card account information.
• Find your information exposed in a data breach. Millions of credit cards have been leaked in recent data breaches. As of December 2023, BidenCash — a marketplace found on both the dark web and the clearnet — had distributed five million stolen credit cards for free [*].
• Steal your credit card information over public Wi-Fi. While public Wi-Fi is convenient, any information that you send is vulnerable to being intercepted and collected. If you use your credit cards while on compromised public Wi-Fi, a hacker can spy on you and steal any personal information that you share.

📚 Related: Hacked Debit Card? 9 Ways To Protect Your Money →

Do You Have To Pay for Fraudulent Credit Card Charges?

The good news is that, in most cases, you have zero liability for fraudulent charges on your credit cards — if you act quickly to report it.

The Fair Credit Billing Act (FCBA) provides some protection for false or unfair charges for certain types of credit, including credit cards.

Based on the FCBA, you will only be liable for up to $50 if you report the fraudulent transaction within 60 days of the charge. If you wait any longer, you could be held responsible for the entire charge.

In addition to the FCBA, major payment processing networks — like Visa, Mastercard, and American Express — offer zero liability for fraudulent charges. However, it’s a good idea to check with your credit card company about their specific rules.

📚 Related: Top 5 Credit Protection Services in 2024 (How To Choose) →

Can You Track Someone Who Used Your Credit Card Online?

No. However, if you report the fraud in a timely manner, the bank or card issuer will open an investigation.

Banks have a system for investigating credit card fraud, including some standard procedures.

When investigating cases of true fraud (when both the cardholder and merchant are victims due to unauthorized charges), the bank may:

• Start by compiling and investigating the transaction data, including timestamps, location data, and IP addresses, to verify the true fraud.
• Examine charges to look for patterns of unusual behavior.
• Contact the merchants involved to gather more information.
• Examine the information to determine fault.
• Report verified, true fraud to law enforcement.

📚 Related: How To Avoid Refund & Recovery Scams — Don't Get Scammed Twice →

How To Protect Yourself Against Credit Card Fraud

• Avoid storing your credit card information on e-commerce or other websites; your information is vulnerable if the websites suffer data breaches. Sign in as a “guest” instead.
• Use a virtual credit card with “single-use” numbers. Some card providers have virtual cards included. Otherwise, you can create a virtual debit card using a service like privacy.com.
• Only share your credit card numbers on reputable sites that you are familiar with, which have SSLs and other trust signals (such as trust seals). If you’re unsure, search for the business on the Better Business Bureau (BBB)’s Scam Tracker to view  ratings and read consumer reviews.
• Download antivirus software to protect your devices from malware that could steal your credit card information. Aura’s antivirus software can also warn you if you’re entering a phishing website poised to steal your sensitive information.
• Look for warning signs of a phishing email, text, or website — such as a spoofed email address, links in a text message, and mangled grammar, spelling, or design.
• Use your credit card instead of your debit card, as more protections against fraudulent charges are offered for credit card accounts than for debit cards.  
• Monitor your credit reports monthly to check for any suspicious activity, or use a credit monitoring service like Aura. 

Sign up for identity theft and credit protection with Aura — Free for 14 days.