Are There Strange Purchases on Your Credit Card Statement?
Pat Faron thought it was his lucky day when Visa called to offer him a special 0% interest rate on his credit card for the next three years [*]. All they needed to get started was for him to “verify” his credit card numbers.
Luckily, Faron is a journalist and knew from the start that he was dealing with a scammer trying to steal his credit card numbers. But not everyone can spot a credit card scam so easily.
According to the Federal Trade Commission (FTC), credit card fraud was the second-most reported scam in America last year [*].
Nearly 400,000 Americans were victims — with many not even realizing that their card numbers had been stolen and were being illegally used.
Scammers don’t need your physical cards to ruin your credit and rack up debt in your name. In this guide, we’ll explain how scammers use your card number (without having your card) and what to do if you discover fraudulent charges.
How Do Scammers Use Your Credit Card Without Your Card?
With the rise of online shopping, fraudsters quickly realized that they don’t need to steal your physical credit cards in order to steal your credit.
“Card not present” fraud (sometimes called “remote sales fraud”) occurs when scammers use stolen credit card information to make illegal purchases online or over the phone.
In 2021, losses from this type of credit card fraud hit $32 billion worldwide — with that number expected to reach $38.5 billion by 2027.
To pull off these schemes, scammers purchase leaked or stolen credit card numbers and then use the information online.
In one example, a group of six scammers in Florida used stolen credit card information to charge at least $435,000 to retailers across the country [*].
Unfortunately, many victims don’t realize that their information has been stolen. Or worse, they think they’re safe because they have their physical credit cards in their possession.
Victim Of Credit Card Fraud? Here’s What To Do
- Contact your credit card company’s fraud department
- Report the fraud to your bank or credit union
- Update your online banking passwords and enable 2FA
- Request a free credit report and look for fraudulent transactions
- Freeze your credit file with the three major credit bureaus
- File an identity theft report with the Federal Trade Commission
- Report the crime to your local law enforcement
- Unlink your credit cards from sites, services, and payment apps (like Apple Pay)
- Scan the Dark Web for your personal information
- Consider signing up for credit monitoring
It’s common for a victim of credit card fraud to feel angry or embarrassed at being tricked. But you shouldn’t let these feelings stop you from dealing with the situation and taking action.
Below are 10 steps you can take if you’re a victim of online credit card fraud.
1. Contact your credit card company’s fraud department
The first thing you should do is call your credit card company and report the fraud. This will stop the scammer from using your card information for further fraud.
Here’s what to do:
- Review your credit card statement and highlight any unfamiliar or fraudulent charges. Don’t ignore small charges, as scammers often start with these to “test” if your card numbers are valid (this is called “carding”).
- Then, contact your credit card’s fraud department and explain what happened. They'll open an investigation, close your compromised accounts, and issue you new cards.
- Some mobile banking apps allow you to lock or freeze your credit card if you think it’s been compromised. Do this right away if you think you’ve been scammed.
💡 Related: Victim of Fraud? Follow This Fraud Victim Recovery Checklist →
2. Report the fraud to your bank or credit union
Contact all other financial institutions — like your bank and credit unions — to ensure that you don’t face further financial fraud.
Here’s what to do:
- Review your bank account and recent financial statements for fraudulent transactions.
- Call your financial institutions to tell them your credit card has been compromised and you’d like to update your account information as a protective measure.
- For added security, consider signing up for a credit monitoring service like Aura. Aura constantly monitors your banking, credit, and investment accounts for signs of fraudulent activity. You’ll receive alerts in near real-time so that you can quickly shut down the scammers.
3. Update your online banking passwords and enable 2FA
If scammers gain access to your credit card numbers, they may have access to other personal information. Update your online banking passwords — as well as passwords for your credit card, investment, and other sensitive accounts on any financial sites — and enable two-factor authentication (2FA).
Chances are high that the scammer gained access to more than just your credit card number, so it’s important that you protect yourself from potential future fraud.
Here’s what to do:
- Set up 2FA when available, and change all your account passwords.
- Consider using an authenticator app (rather than 2FA via text messaging/SMS), as well as a strong password manager (like the one included with Aura’s all-in-one digital security solution).
4. Request a free credit report and look for fraudulent transactions
Your credit report and credit score can be powerful tools for discovering how credit card scammers may have targeted you. Review your credit report from all three major credit bureaus (Equifax, Experian, and TransUnion) to look for new accounts, fraudulent information, or hard credit inquiries that you don’t recognize.
Here’s what to do:
- Get a free annual credit report from Annualcreditreport.com and review it carefully for any fraudulent information — including a wrong Social Security number (SSN) or address, and loans or new credit accounts that you didn’t request.
- If you find inaccurate information or fraudulent accounts, contact the affected companies and dispute the accounts with the credit bureaus. You can submit credit disputes by clicking on these links: Equifax, Experian, TransUnion.
💡 Related: The 11 Best Credit Monitoring Services (Free & Paid Options) →
5. Freeze your credit file with the three major credit bureaus
Freezing your credit with all three bureaus makes it harder for identity thieves to open accounts in your name or change existing accounts. A credit freeze (or credit lock) means creditors, lenders, and credit card companies can’t access your credit file — making it much harder for scammers to take out loans in your name.
Here’s what to do:
- Freeze your credit by contacting each credit reporting bureau individually to request the freeze. Each bureau will give you a credit “PIN” that you can use to freeze and unfreeze your credit.
- A credit lock is similar to a credit freeze, but is available as an app or online tool that can be activated (and disabled) immediately. Proactively freezing or locking your credit are two of the best ways you can protect yourself from credit card fraud.
💡 Related: Credit Lock vs. Credit Freeze: Which Do You Need? →
6. File an identity theft report with the Federal Trade Commission
Filing an identity theft report with the Federal Trade Commission (FTC) is an essential step in recovering from credit card fraud. Once you file a report, you’ll receive an official claim that you can use to dispute fraudulent purchases and accounts.
Here’s what to do:
- Go to IdentityTheft.gov and click “Get Started” to start your report. You’ll need to supply personally identifying information (PII) and details about the fraud. Afterwards, you’ll receive a customized recovery plan.
7. Report the crime to your local law enforcement
In certain situations, you’ll also want to file a report with your local law enforcement. You should contact the police if:
- You know the person who committed the crime.
- You have additional information that could aid in a police investigation, like if the scammer used your information to submit a change-of-address request with the United States Postal Service (USPS).
- Your identity was used during a police interaction — i.e., the identity thief gave your driver’s license information to the police during a traffic stop.
- Your financial institution requires a police report.
Here’s what to do:
- Compile a list of the fraudulent transactions, including dates and places, to make it easy to share the information with law enforcement.
- Contact your local police officials to learn how they’d like you to file the report.
- Bring information (including a copy of your FTC report if you have it), a photo ID, and proof of your address. Make sure to request a copy of your criminal report to help dispute fraudulent charges.
💡 Related: Lost Credit Card? Do This ASAP →
8. Unlink your credit cards from sites, services, and payment apps (like Apple Pay)
You’ll want to unlink your stolen credit card from all websites and services that are storing it on file to prevent further unauthorized transactions.
Here’s what to do:
- Log on to all websites, including e-Commerce businesses, with which you currently have your card on file, and remove or unlink the credit card. For most businesses, you can do this yourself by accessing your account.
- Contact any local businesses that may have a card on file for you, such as a drug store or veterinary service, and request that they delete the information from your account
- Don’t forget to remove your card from apps and digital payment services, including Apple Pay, Google Wallet, Zelle, Venmo, and Cash App.
💡 Related: How To Dispute a Credit Card Charge (2023 Guide) →
9. Scan the Dark Web for your personal information
If your credit card information has been stolen, there’s a good chance that other aspects of your digital security have also been compromised.
Here’s what to do:
- Check to see if your personal identifying information or credit cards are for sale on the Dark Web and the internet by using Aura’s leaked password scanner.
- Cross-check the information using other tools including Identity Guard’s Dark Web scanner and HaveIBeenPwned.
- Aura’s all-in-one digital security solution constantly searches the Dark Web for you and will alert you if you’re vulnerable.
10. Consider signing up for credit monitoring
Since almost 30% of identity theft victims become repeat victims, you’ll want to continue monitoring both your bank statements as well as your credit card statements [*].
Aura’s credit monitoring service constantly monitors your bank, credit, and investment account for signs of fraud or suspicious activity. If a scammer is targeting you, you’ll receive an alert in near-real time.
Here’s what to do:
- Consider signing up for Aura’s all-in-one digital security solution. Aura combines financial fraud protection with identity theft protection, antivirus software, and family protection. All Aura members are also covered by a $1,000,000 insurance plan for eligible losses due to identity theft.
- You can set up fraud alerts with your credit card issuers, so that you’ll receive text messages or emails alerting you about fraudulent activity.
Here’s How Scammers Steal Your Credit Card Numbers
Using a credit card with a chip and a card security code (CVV) is usually secure. Yet scammers can steal credit card numbers without ever touching your physical card.
Here are five ways that hackers can steal your credit card number.
- Buy leaked credit card numbers on the Dark Web. Credit card numbers are common targets in data breaches. Hacked credit card details (including your CVV) can be bought on the Dark Web for as little as $17 [*].
- Use phishing attacks to trick you into giving up your card numbers. Phishing scams are designed to lure you into giving thieves your financial or personal information. These schemes occur via phone, email, text, or on websites. For example, scammers may call and claim to be from the fraud department at your bank and ask you to “verify” your credit card numbers to stop an “illegal transaction.”
- Hack the payment systems for online stores. Fraudsters hack online stores or websites to steal stored credit card information. They can then either use this information themselves or sell it to other scammers on the Dark Web.
- Install “skimming” and “shimming” devices. Scammers install skimmers in vulnerable locations, such as at gas stations or public ATMs. When you run your credit card through the machine (or insert your chip), these devices steal your card account information.
- Find your information exposed in a data breach. Millions of credit cards have been leaked in recent data breaches.
- Steal your credit card information over public Wi-Fi. While public Wi-Fi is convenient, any information that you send is vulnerable to being intercepted and collected. If you use your credit cards while on compromised public Wi-Fi, a hacker can spy on you and steal any personal information that you share.
💡 Related: Every Credit Card Scam Ruining People’s Lives Right Now →
Do You Have To Pay for Fraudulent Credit Card Charges?
The good news is that, in most cases, you have zero liability for fraudulent charges on your credit cards — if you act quickly to report it.
The Fair Credit Billing Act (FCBA) provides some protection for false or unfair billing charges for certain types of credit, including credit cards.
Based on the FCBA, you will only be liable for up to $50 if you report the fraudulent transaction within 60 days of the charge. If you wait longer, you may be held accountable for the total costs.
In addition to the FCBA, major credit cards — like Visa, Mastercard, and American Express — typically offer zero liability for fraudulent charges. However, it’s a good idea to check with your credit card companies about their specific rules.
💡 Related: Top 5 Credit Protection Services in 2022 (How To Choose) →
Can You Track Someone Who Used Your Credit Card Online?
No. However, if you report the fraud in a timely manner, the bank or card issuer will open an investigation.
Banks have a system for investigating credit card fraud, including some standard procedures.
When investigating cases of true fraud (when both the cardholder and merchant are victims due to unauthorized charges), the bank may:
- Start by compiling and investigating the transaction data, including timestamps, location data, and IP addresses, to verify the true fraud.
- Examine charges to look for patterns of unusual behavior.
- Contact the merchants involved to gather more information.
- Examine the information to determine fault.
- Report verified true fraud to law enforcement.
💡 Related: How To Avoid Refund & Recovery Scams — Don't Get Scammed Twice →
How To Protect Yourself Against Credit Card Fraud
- Avoid storing your credit card information on e-Commerce or other websites, as your information is vulnerable if the websites suffer data breaches. Sign in as a “guest” instead.
- Use a virtual credit card with “single-use” numbers. Some card providers have virtual cards included. Otherwise, you can create a virtual debit card using a service like privacy.com.
- Only share your credit card numbers on reputable sites that you are familiar with, which have SSLs and other trust signals (such as trust seals). If you’re unsure, search for the business on the Better Business Bureau (BBB)’s Scam Tracker to view ratings and read consumer reviews.
- Download antivirus software to protect your devices from malware that could steal your credit card information. Aura’s antivirus software can also warn you if you’re entering a phishing website that will steal your sensitive information.
- Look out for the warning signs of a phishing email, text, or website — such as a spoofed email address, links in a text message, and incorrect (or strange) grammar, spelling, and design.
- Use your credit card instead of your debit card, as more protections against fraudulent charges are offered for credit card accounts than for debit cards.
- Monitor your credit reports monthly to check for any suspicious activity, or use a credit monitoring service like Aura.
The Bottom Line: Keep Your Credit Card Numbers Safe
Scammers can do a lot of damage without ever having your credit card in their possession. With credit card fraud on the rise, you need to do everything you can to stay safe and make sure you know right away if someone is using your credit card (with or without your card in hand).
For peace of mind, consider signing up for Aura’s all-in-one digital security solution. Aura monitors all of your financial and sensitive accounts for signs of fraud, so that you can shut down scammers before they steal your money and identity.
