How Do Criminals Steal Your Credit Card Information?

Here's how your credit card information could fall into the wrong hands.

It's a common scenario for anyone who has a credit card: You get a notification from your card issuer asking if you recently spent hundreds of dollars in some city you've never even visited. You say no, so they take the charge off your bill and send you a replacement card.

Given that most credit cards have zero-liability fraud protections, cardholders usually aren't out any money when this happens to them. But credit card fraud can cost you if you don't notice it, and even when you do, it's frustrating to wait for a replacement card in the mail. It also makes you wonder -- how did someone get your credit card number in the first place?

With credit card fraud rising significantly from 2014 to 2018, everyone should know the ways this crime starts and how you can protect yourself from it.

Malware

Hackers create all kinds of malware that can steal your credit card information when you enter it on your computer, smartphone, or tablet. This malware typically either records your keystrokes or takes screenshots as you use the device. It then transmits that information to the hacker.

Here are some of the most common methods hackers use to install malware on a victim's device:

• They send it as an email attachment. If you click the attachment and install it, your device will be infected.
• They set up web pages that prompt visitors to install the malware.
• They disguise the malware as a benign program, such as a software update.

To protect yourself, you should be extremely cautious of anything you install on your devices. Always verify the publisher and look up reviews before installing a new program or app. It's also a good idea to use antivirus software and keep this software up to date.

Another important safety tip is never to install anything or enter sensitive information when you're connected to a public network. There's no guarantee of privacy on these networks, and any supposedly safe programs you install could be malware in disguise.

Phishing

Phishing is when the criminal (the “phisher”) contacts you and pretends to be a trusted company to get you to reveal sensitive information. A common component of this scam is a fake website that looks just like the website of the company being impersonated.

For example, a phisher could send you a fake sales email that looks like it came from a popular retailer and includes a link to purchase products at a discount. If you click the link and enter your credit card to make a purchase, the phisher would then have your card information. That's why you should always use a company's official URL -- not a link that was sent to you -- when you want to visit its site.

This scam can also happen by phone. Perhaps you receive a call from someone who says they're from your credit card company's fraud department and they're investigating suspicious activity on your account. Then they tell you that they need you to confirm your credit card number so they can verify your identity. In situations like this, you should hang up and call the company at its official phone number to verify whether the first call was legitimate or a scam.

Skimming and shimming

There are two small, difficult-to-detect devices criminals can install in legitimate card readers to steal credit card information during transactions: skimmers and shimmers. After stealing a card's information, the thief creates a duplicate card in a process referred to as “cloning.”

Skimmers have been around for a while, but EMV chip card technology has made it much harder to steal and clone credit card information with these devices. That's led to shimmers, the updated version of skimmers that can steal information from a chip card. Although that information can't be used to completely clone the chip card, the criminal could create a version of the card with a magnetic strip.

You should always inspect a card reader before you use it and look for any signs of tampering, such as scratches or scuffs near the card slot or anything that looks out of place. This is especially important with card readers that are outdoors and under less surveillance, like at gas pumps and outdoor ATMs.

Whenever possible, use payment methods that don't require you to insert your card anywhere. Two options that are growing in popularity are payment apps such as Google Pay and Apple Pay, and contactless payments for which you need only to tap your card on the card reader.

Data breaches

There are always hackers trying to access companies' data to steal information. If a company that has your credit card information suffers a data breach, then that information could be compromised. Even though the total number of data breaches decreased from 2017 to 2018, there were still 1,244 breaches total, and there were nearly 450 million exposed records that contained personally identifiable information.

Unfortunately, it's extremely difficult to ensure your credit card information is never part of a data breach. However, here is one way to make yourself safer when shopping online: See if your card offers a virtual credit card feature. A virtual card will have a randomly generated number that allows you to shop online without providing your card's real information.

If you find out that your credit card information may have been exposed in a data breach, you may want to request replacement cards to be safe. At a minimum, you should closely monitor your transactions and make sure you have account alerts set up to notify you of anything suspicious.

Whether you were the victim of a data breach or not, it's also smart to use a credit monitoring service. These services can notify you of any changes to your credit file, and many are available free of charge.

Staying safe from credit card fraud

There's nothing anyone can do to guarantee they won't be a victim of credit card fraud. But when you understand the methods criminals use to steal your credit card information, you have a much better chance of preventing this crime.