How Your Credit Card Information Is Stolen and What to Do About It
Your credit card information can be stolen right under your nose without the actual card leaving your possession. Unfortunately, most victims of this type of credit card theft don’t what's happening until after their credit card account information has already been used. Often, fraudulent credit card charges are the first sign that credit card information has been stolen.
Fortunately, there are a few steps you can take to clear your name and get your credit card accounts under control.
How Thieves Steal Credit Card Information
In many instances, thieves don’t steal your credit card information directly from you. Instead, they get it somewhere else in the credit card processing chain.
Hacking Into Other Businesses
Thieves can steal your information by breaching a company where you’ve used your credit card or a company that handles some aspect of credit card processing. Since data breaches target entire organizations, sometimes millions of consumers have their credit card information stolen, as was the case in the Equifax data breach of 2017.
A credit card skimmer is a small device that captures your credit card information in another otherwise legitimate transaction. Thieves secretly place credit card skimmers over the credit card swipe at gas stations and ATMs and retrieve the information captured.
Installing Malware or Viruses
Hackers can design software that’s downloaded in email attachments or other software and sits on your computer, tablet, or smartphone undetected. In one instance, hackers take advantage of public Wi-Fi to trick people into installing malware disguised as a software update. The software monitors your keystrokes or takes screenshots of your page and sends the activity to the thief.
Thieves set up traps to trick consumers into giving up credit card information. They do this by phone, by email, through fake websites, and sometimes even via text message. In one scam, for example, you may verify some personal information in a call that you think is from your credit card issuer’s fraud department, but it's really from a scammer. It’s important that you only give out your credit card and other personal information only in transactions you can be sure are safe.
Throwing away documents or receipts that have your full credit card number printed puts you at risk of theft. Always shred these documents before tossing them in the trash. Unfortunately, you can’t control how businesses dispose of their records. If they fail to shred records that contain credit card information, the information is at risk of being stolen.
What Thieves Do With Your Credit Card Information
If a thief gets access to your credit card information, they can profit from it in a few different ways. All of them can make life more difficult for you.
Thieves can use your credit card information to buy things over the internet. It's much easier for them to do this if they also have your billing zip code and the security code from the back of your credit card.
Thieves may also sell your credit card information on the dark web—and the more information they have, the more it's worth. For example, it may be sold for a higher price if the thief also has your name, address, date of birth, mother’s maiden name, and three-digit security code from your credit card.
Thieves can also make legitimate-looking credit cards by programming your credit card information on a gift card or prepaid credit card. When the card is swiped, the transaction processes just like it would if you swiped your actual credit card.
How to Know If Your Credit Card Information Has Been Stolen
This kind of credit card theft can go undetected for several months. It’s not like a physical credit card that you notice is missing. You likely won’t know until you notice unauthorized charges on your credit card account.
Don’t count on your bank to catch instances of credit card theft. Your credit card issuer may call you or freeze your account if they notice purchases outside your normal spending habits, but don’t take for granted that your bank will always notify you of potential fraud.
Monitor your credit card often and immediately report fraudulent purchases, regardless of the amount. It’s not enough to read through your transactions once a month when your credit card statement comes. Once a week is better, and daily or every other day will let you spot fraudulent purchases before the thief can do too much damage to your account. Some credit cards can send real-time transaction notifications to your smartphone.
Also pay attention to news regarding hacks and data breaches. News reports will often include the name of the store affected and the date or date range the data beach occurred. If you shopped during that time period, there’s a chance your credit card information was stolen.
What to Do If Your Credit Card Information is Stolen
It’s easy to know when your actual credit card has been stolen because your credit card is actually gone. It’s not as easy to know when your credit card information has been stolen. Often, you only notice signs that hint your credit card information has been stolen, like unauthorized purchases on your credit card.
If you think you've been a victim of identity theft of any kind, including having your credit card information stolen, then you can visit IdentityTheft.gov. The website, which was created by the Federal Trade Commission, will walk you through the steps you need to take to report it and recover.
Review your recent credit card transactions to see if there are any you didn’t make. Note the fraudulent charges you found. Even if you didn’t find any fraudulent charges, call your credit card issuer and let them know you think your credit card information has been stolen. Let your card issuer know of any transactions on your account that you didn’t authorize.
You have protection under the Fair Credit Billing Act and the Electronic Fund Transfer Act if your credit information is stolen. You're not liable for any unauthorized charges so long as you report the loss before your credit card is used.
You must report the transactions to your credit card issuer so they can investigate and remove them from your account.
The credit card issuer will cancel your old credit card account, remove the fraudulent transactions from your account, and send a new credit card and a new credit card number.
Continue monitoring the transactions on your new credit card. Also shred any documents with your credit card information on them. As soon as you start using your credit card, the details are at risk of being stolen.
Keeping Your Credit Card Information Safe
If you use your credit card at all, anywhere, your information is at risk. Still, there are a number of things you can do to keep your credit card information safe. That includes using strong passwords, being cautious about where you use your credit card, always using secure websites, and avoiding storing your credit card details in your web browser.
Federal Trade Commission. "Warning Signs of Identity Theft." Accessed March 17, 2020.
Federal Trade Commission. "Equifax Data Breach Settlement." Accessed March 17, 2020.
Federal Bureau of Investigation. "Scams and Safety—Skimming." Accessed March 17, 2020.
Federal Trade Commission. "Tips for Using Public Wi-Fi Networks." Accessed March 17, 2020.
Federal Trade Commission. "How to Spot, Avoid and Report Tech Support Scams." Accessed March 17, 2020.
Federal Trade Commission. "How to Recognize and Avoid Phishing Scams." Accessed March 17, 2020.
Federal Trade Commission. "Protecting Against Credit Card Fraud." Accessed March 17, 2020.
Federal Trade Commission. "The Dark Web: What Your Business Needs to Know." Accessed March 17, 2020.
Federal Bureau of Investigation. "Credit Card Cloners Stole Thousands." Accessed March 17, 2020.
Federal Trade Commission. "Lost or Stolen Credit, ATM, and Debit Cards." Accessed March 17, 2020.
Discover. "Report Lost or Stolen Card." Accessed March 17, 2020.
Capital One. "I Need a Replacement Credit Card." Accessed March 17, 2020.
Federal Trade Commission. "How to Keep Your Personal Information Secure." Accessed March 17, 2020.