Did Scammers Use Your Credit Card? Take These 10 Steps Now!

Share this:

Jory MacKay

Cybersecurity Writer and Editor

In this article:

    Identity theft and fraud protection for your finances, personal info, and devices.

    See pricing
    Share this:

    Are There Strange Purchases on Your Credit Card Statement?

    Pat Faron thought it was his lucky day when Visa called to offer him a special 0% interest rate on his credit card for the next three years [*]. All they needed to get started was for him to “verify” his credit card numbers.

    Luckily, Faron is a journalist and knew from the start that he was dealing with a scammer trying to steal his credit card numbers. But not everyone can spot a credit card scam so easily. 

    According to the Federal Trade Commission (FTC), credit card fraud was the second-most reported scam in America in 2021 [*]. Nearly 400,000 Americans were victims — with many not even realizing that their card numbers had been stolen and were being illegally used. 

    Scammers don’t need your physical cards to ruin your credit and rack up debt in your name. In this guide, we’ll explain how scammers use your card number (without having your card) and what to do if you discover fraudulent charges.

    How Do Scammers Use Your Credit Card Without Your Card?

    With the rise of online shopping, fraudsters quickly realized that they don’t need to steal your physical credit cards in order to steal your credit. 

    “Card not present” fraud (sometimes called “remote sales fraud”) occurs when scammers use stolen credit card information to make illegal purchases online or over the phone. 

    This type of credit card fraud has increased nearly 50% since 2019, costing companies and consumers an estimated $10 billion per year [*].

    To pull off these schemes, scammers purchase leaked or stolen credit card numbers and then use the information online. 

    In one example, a group of six scammers in Florida used stolen credit card information to charge at least $435,000 to retailers across the country [*].

    Unfortunately, many victims don’t realize that their information has been stolen. Or worse, they think they’re safe because they have their physical credit cards in their possession.

    Aura's free leaked password scanner
    Was your credit card and other information leaked in a data breach? Use Aura’s free leaked password scanner to see if you’re at risk.

    Here’s How Scammers Steal Your Credit Card Numbers

    Using a credit card with a chip and a card security code (CVV) is usually secure. Yet scammers can steal credit card numbers without ever touching your physical card.

     Here are five ways that hackers can steal your credit card number.

    • Buy leaked credit card numbers on the Dark Web. Credit card numbers are common targets in data breaches. Hacked credit card details (including your CVV) can be bought on the Dark Web for as little as $17 [*].
    • Use phishing attacks to trick you into giving up your card numbers. Phishing scams are designed to lure you into giving thieves your financial or personal information. These schemes occur via phone, email, text, or on websites. For example, scammers may call and claim to be from the fraud department at your bank and ask you to “verify” your credit card numbers to stop an “illegal transaction.”
    • Hack the payment systems for online stores. Fraudsters hack online stores or websites to steal stored credit card information. They can then either use this information themselves or sell it to other scammers on the Dark Web.
    • Install “skimming” and “shimming” devices. Scammers install skimmers in vulnerable locations, such as at gas stations or public ATMs. When you run your credit card through the machine (or insert your chip), these devices steal your card account information.
    • Find your information exposed in a data breach. Millions of credit cards have been leaked in recent data breaches. 
    • Steal your credit card information over public Wi-Fi. While public Wi-Fi is convenient, any information that you send is vulnerable to being intercepted and collected. If you use your credit cards while on compromised public Wi-Fi, a hacker can spy on you and steal any personal information that you share.

    Related: Every Credit Card Scam Ruining People’s Lives Right Now

    Victim Of Credit Card Fraud? Here’s What To Do

    It’s common for a victim of credit card fraud to feel angry or embarrassed at being tricked. But you shouldn’t let these feelings stop you from dealing with the situation and taking action. 

    Below are 10 steps you can take if you’re a victim of online credit card fraud.

    1. Contact your credit card company’s fraud department

    The first thing you should do is call your credit card company and report the fraud. This will stop the scammer from using your card information for further fraud.  

    Here’s what to do:

    • Review your credit card statement and highlight any unfamiliar or fraudulent charges. Don’t ignore small charges, as scammers often start with these to “test” if your card numbers are valid (this is called “carding”).
    • Then, contact your credit card’s fraud department and explain what happened. They'll open an investigation, close your compromised accounts, and issue you new cards. 
    • Some mobile banking apps allow you to lock or freeze your credit card if you think it’s been compromised. Do this right away if you think you’ve been scammed.

    Related: Victim of Fraud? Follow This Fraud Victim Recovery Checklist

    2. Contact your bank or credit union to report the fraud

    Contact all other financial institutions — like your bank and credit unions — to ensure that you don’t face further financial fraud.   

    Here’s what to do:

    • Review your bank account and recent financial statements for fraudulent transactions.
    • Call your financial institutions to tell them your credit card has been compromised and you’d like to update your account information as a protective measure. 
    • For added security, consider signing up for a credit monitoring service like Aura. Aura constantly monitors your banking, credit, and investment accounts for signs of fraudulent activity. You’ll receive alerts in near real-time so that you can quickly shut down the scammers.

    3. Update your online banking passwords and enable 2FA

    If scammers gain access to your credit card numbers, they may have access to other personal information. Update your online banking passwords — as well as passwords for your credit card, investment, and other sensitive accounts on any financial sites — and enable two-factor authentication (2FA). 

    Chances are high that the scammer gained access to more than just your credit card number, so it’s important that you protect yourself from potential future fraud.

    Here’s what to do:

    • Set up 2FA when available, and change all your account passwords. 
    • Consider using an authenticator app (rather than 2FA via text messaging/SMS), as well as a strong password manager (like the one included with Aura’s all-in-one digital security solution).

    4. Request a free credit report and look for fraudulent transactions

    Your credit report and credit score can be powerful tools for discovering how credit card scammers may have targeted you. Review your credit report from all three major credit bureaus (Equifax, Experian, and TransUnion) to look for new accounts, fraudulent information, or hard credit inquiries that you don’t recognize.

    Here’s what to do:

    • Get a free annual credit report from Annualcreditreport.com and review it carefully for any fraudulent information — including a wrong Social Security number (SSN) or address, and loans or new credit accounts that you didn’t request. 
    • If you find inaccurate information or fraudulent accounts, contact the affected companies and dispute the accounts with the credit bureaus. You can submit credit disputes by clicking on these links: Equifax, Experian, TransUnion.

    Related: The 11 Best Credit Monitoring Services (Free & Paid Options)

    5. Freeze your credit file with the three major credit bureaus

    Freezing your credit with all three bureaus makes it harder for identity thieves to open accounts in your name or change existing accounts. A credit freeze (or credit lock) means creditors, lenders, and credit card companies can’t access your credit file — making it much harder for scammers to take out loans in your name. 

    Here’s what to do:

    • Freeze your credit by contacting each credit reporting bureau individually to request the freeze. Each bureau will give you a credit “PIN” that you can use to freeze and unfreeze your credit. 
    • A credit lock is similar to a credit freeze, but is available as an app or online tool that can be activated (and disabled) immediately. Proactively freezing or locking your credit are two of the best ways you can protect yourself from credit card fraud.

    Related: Credit Lock vs. Credit Freeze: Which Do You Need?

    one-click credit lock in Aura
    Lock your Experian credit file with a single tap using Aura’s mobile and desktop app

    6. File an identity theft report with the Federal Trade Commission

    Filing an identity theft report with the Federal Trade Commission (FTC) is an essential step in recovering from credit card fraud. Once you file a report, you’ll receive an official claim that you can use to dispute fraudulent purchases and accounts.

    Here’s what to do:

    • Go to IdentityTheft.gov and click “Get Started” to start your report. You’ll need to supply personally identifying information (PII) and details about the fraud. Afterwards, you’ll receive a customized recovery plan. 

    7. Report the crime to your local law enforcement

    In certain situations, you’ll also want to file a report with your local law enforcement. You should contact the police if:

    • You know the person who committed the crime.
    • You have additional information that could aid in a police investigation, like if the scammer used your information to submit a change-of-address request with the United States Postal Service (USPS). 
    • Your identity was used during a police interaction — i.e., the identity thief gave your driver’s license information to the police during a traffic stop. 
    • Your financial institution requires a police report. 

    Here’s what to do:

    • Compile a list of the fraudulent transactions, including dates and places, to make it easy to share the information with law enforcement.
    • Contact your local police officials to learn how they’d like you to file the report.
    • Bring information (including a copy of your FTC report if you have it), a photo ID, and proof of your address. Make sure to request a copy of your criminal report to help dispute fraudulent charges. 

    💡 Related: Lost Credit Card? Do This ASAP

    8. Unlink your credit cards from sites, services, and payment apps (like Apple Pay)

    You’ll want to unlink your stolen credit card from all websites and services that are storing it on file to prevent further unauthorized transactions.

    Here’s what to do:

    • Log on to all websites, including e-Commerce businesses, with which you currently have your card on file, and remove or unlink the credit card. For most businesses, you can do this yourself by accessing your account.
    • Contact any local businesses that may have a card on file for you, such as a drug store or veterinary service, and request that they delete the information from your account
    • Don’t forget to remove your card from apps and digital payment services, including Apple Pay, Google Wallet, Zelle, Venmo, and Cash App

    9. Scan the Dark Web to see if your personal information has been leaked

    If your credit card information has been stolen, there’s a good chance that other aspects of your digital security have also been compromised. 

    Here’s what to do:

    • Check to see if your personal identifying information or credit cards are for sale on the Dark Web and the internet by using Aura’s leaked password scanner
    • Cross-check the information using other tools including Identity Guard’s Dark Web scanner and HaveIBeenPwned.
    • Aura’s all-in-one digital security solution constantly searches the Dark Web for you and will alert you if you’re vulnerable. 

    10. Consider signing up for credit monitoring to protect yourself from future fraud

    Since almost 30% of identity theft victims become repeat victims, you’ll want to continue monitoring both your bank statements as well as your credit card statements [*]. 

    Aura’s credit monitoring service constantly monitors your bank, credit, and investment account for signs of fraud or suspicious activity. If a scammer is targeting you, you’ll receive an alert in near-real time. 

    Here’s what to do:

    • Consider signing up for Aura’s all-in-one digital security solution. Aura combines financial fraud protection with identity theft protection, antivirus software, and family protection. All Aura members are also covered by a $1,000,000 insurance plan for eligible losses due to identity theft. 
    • You can set up fraud alerts with your credit card issuers, so that you’ll receive text messages or emails alerting you about fraudulent activity. 
    Aura credit monitoring on mobile app
    Aura monitors all of your financial accounts for signs of fraud. Try Aura for free for 14 days

    Do You Have To Pay for Fraudulent Credit Card Charges?

    The good news is that, in most cases, you have zero liability for fraudulent charges on your credit cards — if you act quickly to report it.

    The Fair Credit Billing Act (FCBA) provides some protection for false or unfair billing charges for certain types of credit, including credit cards. 

    Based on the FCBA, you will only be liable for up to $50 if you report the fraudulent transaction within 60 days of the charge. If you wait longer, you may be held accountable for the total costs.

    In addition to the FCBA, major credit cards — like Visa, Mastercard, and American Express — typically offer zero liability for fraudulent charges. However, it’s a good idea to check with your credit card companies about their specific rules.

    Related: Top 5 Credit Protection Services in 2022 (How To Choose)

    Can You Track Someone Who Used Your Credit Card Online?

    No. However, if you report the fraud in a timely manner, the bank or card issuer will open an investigation. 

    Banks have a system for investigating credit card fraud, including some standard procedures. 

    When investigating cases of true fraud (when both the cardholder and merchant are victims due to unauthorized charges), the bank may:

    • Start by compiling and investigating the transaction data, including timestamps, location data, and IP addresses, to verify the true fraud. 
    • Examine charges to look for patterns of unusual behavior.
    • Contact the merchants involved to gather more information.
    • Examine the information to determine fault.
    • Report verified true fraud to law enforcement.

    How To Protect Yourself Against Credit Card Fraud

    • Avoid storing your credit card information on e-Commerce or other websites, as your information is vulnerable if the websites suffer data breaches. Sign in as a “guest” instead.
    • Use a virtual credit card with “single-use” numbers. Some card providers have virtual cards included. Otherwise, you can create a virtual debit card using a service like privacy.com
    • Only share your credit card numbers on reputable sites that you are familiar with, which have SSLs and other trust signals (such as trust seals). If you’re unsure, search for the business on the Better Business Bureau (BBB)’s Scam Tracker to view  ratings and read consumer reviews. 
    Click on the padlock symbol near a website’s URL to see its security certificates.
    Click on the padlock symbol near a website’s URL to see its security certificates.
    • Download antivirus software to protect your devices from malware that could steal your credit card information. Aura’s antivirus software can also warn you if you’re entering a phishing website that will steal your sensitive information.
    • Look out for the warning signs of a phishing email, text, or website — such as a spoofed email address, links in a text message, and incorrect (or strange) grammar, spelling, and design. 
    • Use your credit card instead of your debit card, as more protections against fraudulent charges are offered for credit card accounts than for debit cards.  
    • Monitor your credit reports monthly to check for any suspicious activity, or use a credit monitoring service like Aura. 

    Related: How To Avoid Refund & Recovery Scams — Don't Get Scammed Twice

    Take action: Aura’s $1,000,000 identity theft insurance covers lost wages, phone bills, and other expenses due to identity theft. Try Aura free for 14 days and see if it’s right for you.

    The Bottom Line: Keep Your Credit Card Numbers Safe

    Scammers can do a lot of damage without ever having your credit card in their possession. With credit card fraud on the rise, you need to do everything you can to stay safe and make sure you know right away if someone is using your credit card (with or without your card in hand).

    For peace of mind, consider signing up for Aura’s all-in-one digital security solution. Aura monitors all of your financial and sensitive accounts for signs of fraud, so that you can shut down scammers before they steal your money and identity. 

    Sign up for identity theft and credit protection with Aura →

    Related Articles

    bank scams and financial scams to avoid
    Fraud

    2022 Bank Scams: Phishing, Impostors, Free Money

    Scammers will go to any length to get access to your bank account and financial information. Here’s how to stop them and keep your accounts secure.

    Read More
    May 18, 2022
    Scammed on PayPal
    Fraud

    Scammed on PayPal? Here's How To Get Your Money Back

    PayPal is one of the safer ways to send and receive money. But it’s still full of scammers. Here’s what to do if you’ve been scammed on PayPal.

    Read More
    June 27, 2022

    Try Aura—14 Days Free

    Start your free trial today**

    This is some text inside of a div block.

    Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

    1. Financial identity theft and fraud
    2. Medical identity theft
    3. Child identity theft
    4. Elder fraud and estate identity theft
    5. “Friendly” or familial identity theft
    6. Employment identity theft
    7. Criminal identity theft
    8. Tax identity theft
    9. Unemployment and government benefits identity theft
    10. Synthetic identity theft
    11. Identity cloning
    12. Account takeovers (social media, email, etc.)
    13. Social Security number identity theft
    14. Biometric ID theft
    15. Crypto account takeovers