How Your Credit Card Information is Stolen and What to Do About It

Gloved hand stealing credit card
© Tetra Images / Creative RF / Getty

Your credit card information can be stolen right under your nose without your credit card ever leaving your possession. Unfortunately, most victims of this type of credit card theft don’t find out their credit card details have been stolen until after the credit card has already been used. Often, fraudulent credit card charges are the first sign that credit card information has been stolen.

Fortunately, there are a few steps you can take to clear your name and get your credit card accounts under control.

How Thieves Steal Credit Card Information

In many instances, thieves don’t steal your credit card information directly from you. Instead, they get it somewhere else in the credit card processing chain. Here are a few ways thieves can get access to your credit card information.

Hacking into other businesses. Thieves can steal your information by breaching a company where you’ve used your credit card or a company that handles some aspect of credit card processing. Since data breaches target entire organizations, sometimes millions of credit card details are affected. Most mega data breaches – like Target, Home Depot, JP Morgan Chase, and Anthem – make headline news, there are hundreds of (relatively) smaller data breaches that we never hear about.

Skimming. A credit card skimmer is a small device that captures your credit card information in another otherwise legitimate transaction. Thieves secretly place credit card skimmers over the credit card swipe at gas stations and ATMs then return to retrieve the information captured.



​Sometimes a counterfeit credit card ring recruits cashiers, waitresses, or other workers to skim customer credit cards. You hand your credit card to the cashier for processing and when you’re not looking, the cashier will swipe your credit card through the skimming device.

Installing malware or viruses on your computer, tablet or smartphone.

Hackers can design software that’s downloaded in email attachments or other software and sits on your computer undetected. The software monitors your keystrokes or takes screenshots of your page and sends the activity to the thief.

Tricking you. Thieves set up traps to trick consumers into giving up credit card information. They do this by phone, by email, through fake websites, and sometimes even via text message. In one scam, for example, you verify some personal information in a call that you think is your credit card issuer’s fraud department. It’s important that you only give out your credit card and other personal information only in transactions you can be sure are safe.

Old-fashioned dumpster diving. Throwing away documents or receipts that have your full credit card number printed puts you at risk of theft. Always shred these documents before tossing them in the trash. Unfortunately, you can’t control how businesses dispose of their records. If they fail to shred records that contain credit card information, the information is at risk of being stolen.

What Do Thieves Do With Your Credit Card Information

Sell it. Credit card information can be sold for $5 to $30 in the U.S., depending on the type and amount of information that’s sold.

The more information the thief has, the more valuable your credit card information is. For example, your credit card information can be sold for a higher price, if the thief also has your name, address, date of birth, mother’s maiden name, and three-digit security code from your credit card. Knowing the available balance on your card allows the thief to charge a higher premium for your account information.

Create cloned credit cards. Thieves can make legitimate-looking credit cards by programming your credit card information on a gift cards or prepaid credit card. When the card is swiped, the transaction processes just like it would if you swiped your credit card.

How to Know If Your Credit Card Information Has Been Stolen

This kind of credit card theft can go undetected for several months. It’s not like a physical credit card that you notice is missing.

You likely won’t know until you notice unauthorized charges on your credit card account.

Don’t count on your bank to catch instances of credit card theft. Your credit card issuer may call you if they notice purchases outside your normal spending habits, but don’t take for granted that your bank will always notify you of potential fraud.

Monitor your credit card often and immediately report fraudulent purchases, regardless of the amount. It’s not enough to read through your transactions once a month when your credit card statement comes. Once a week is better and daily or every other day will let you spot fraudulent purchases before the thief can do too much damage.

Sometimes thieves does a test to see which credit card numbers are valid by making a small charge that would likely go undetected. If the small charge is successful, the thief knows the credit card number work and will go on to make bigger purchases with the credit card information.

Pay attention to news regarding hacks and data breaches. News reports will often include the name of the store affected and the date or date range the data beach occurred. If you shopped during that time period, there’s a chance your credit card information was stolen.

What to Do If Your Credit Card Info is Stolen

It’s easy to know when your actual credit card has been stolen – your credit card is actually gone. It’s not as easy to know when your credit card information has been stolen. Often, you only notice signs that hint your credit card information has been stolen, like unauthorized purchases on your credit card.

Review your recent credit card transactions to see if there are any you didn’t make. Note the fraudulent charges you found. Even if you didn’t find any fraudulent charges, call your credit card issuer and let them know you think your credit card information has been stolen. Let your card issuer know of any transactions on your account that you didn’t authorize.

The credit card issuer will cancel your old credit card account, remove the fraudulent transactions from your account, and send a new credit card and a new credit card number.

Continue monitoring the transactions on your new credit card. As soon as you start using your credit card, the details are at risk of being stolen.

Do You Pay for Fraudulent Purchases?

Legally, you are not responsible for any unauthorized purchases made with your stolen credit card information – as long as your credit card is still in your possession. (With debit cards, you must report unauthorized transactions within 60 days of your bank statement being sent to you.)

You must report the transactions to your credit card issuer so they can remove them from your account.

Keeping Your Credit Card Information Safe

If you use your credit card at all, anywhere, your information is at risk. Still, there a number of things you can do to keep your credit card information safe. That includes using strong passwords, being cautious about where you use your credit card, always using secure websites, and avoiding storing your credit card details in your web browser.

Protecting Accounts That Use Your Credit Card

It’s not just your credit cards that are at risk. Other accounts that use your credit card are at risk, too. These accounts are often more valuable than the credit card numbers themselves. A CNBC story from January 2016, reports an average cost of $3.78 for an Uber account versus an average cost of $1 to $3.30 for personally identifiable information like date of birth or social security number. Paypal, Netflix, HBO GO, ITunes, and other accounts. Unfortunately, it’s tough to circumvent theft with these services, considering many require you to store your credit card information to even sign up for an account.

As the credit card industry moves to the more secure EMV-enabled credit card, thefts of other types accounts is likely to increase.

As mobile payments becomes mainstream, you can expect digital pick pocketing to increase. There’s already an Android app that allows thieves to wirelessly steal mobile payment information just by standing near a person who has credit card information stored on their phone.