How to Handle Repeated Credit Card TheftOne day, you notice some charges you don’t recognize on your credit card billing statement, so you call your card issuer and file a fraud report. You get a replacement card with a new number, but a few months later, the same thing happens again – and again and again. You’re a victim of repeated credit card theft, and in order to solve the problem once and for all, you’ll need to take some steps to learn how to manage your credit card’s attack surface. Keep reading to find out how to spot the possible gaps in your card’s security, as well as how you can patch those gaps to keep fraudsters out of your finances.

How can your credit card become repeatedly compromised?

There are a number of ways you can become a victim of repeated credit card theft. Here are four of the most common sources of compromise, as well as how you can go about putting an end to them.

Hacking

What it is: Since people tend to make most of their financial transactions using their computers and mobile devices these days, those tools are high-priority targets for credit card thieves. One of the most common types of cyberattacks is phishing, where scammers try to trick you out of your personal information using fake emails, fake text messages and fake websites. A phisher who gains access to your email can use that to break into accounts you use for online shopping and continually wreak havoc there, or worse, they could gain entry to your bank or credit card account itself. It’s also possible that a hacker could infect your computer or device with malicious software, or malware, that lets a hacker spy on you. Using malware, a hacker can track what you type using a keylogger, or record information you enter into websites using a form grabber, and easily get your new card details every time you use that card online.

How to resolve it: If you suspect someone has access to your online accounts, your first step should be changing your passwords to something that’s difficult to guess. This will lock them out, and you should also set up two-factor authentication if available, as this will make it much harder for them to get back in. Two-factor authentication can also serve as a warning signal to you that someone is attempting to gain access to your accounts. Additionally, it’s best not to save your credit card number to any of your online accounts, as this could be increasing the changes of your card getting hacked. It may add some inconvenience to your life, but it’ll be worth it in the long run. To get rid of malware, you can install an antivirus program and have it scan your entire hard drive or device, which should get rid of most threats. You also should start practicing good cybersecurity habits to make sure your accounts and card don’t get hacked again. Be careful which links you click on when reading email or browsing the Internet, don’t trust public Wi-Fi networks as a rule and make sure all of your passwords are different across your accounts. Also, consider using a password manager for keeping track of unique passwords without sacrificing security.

Card skimming

What it is: Card skimming is when someone illegally collects data from a payment card reader that can later be used for credit card theft, typically by attaching a device to the card slot that scans, stores and transmits information. These devices are becoming increasingly subtle and sophisticated, blending in almost perfectly with the machines on which they’re placed. With enough savvy, a criminal can put a skimmer on any card reader, but they most frequently appear on publicly-exposed terminals like ATMs and gas station pumps. Some skimming operations also pay restaurant and retail employees to skim cards that customers give them, which is even harder to detect because in those situations you often can’t check the card reader yourself. If you routinely frequent the same businesses and ATMs, it’s possible that your new cards are being repeatedly skimmed.

How to resolve it: Though skimmers can be hard to detect, they have a few possible tells. Tug on the card slot to see if it jiggles loose, look for small differences in design between payment terminals and be wary of number pads with stiff, unresponsive buttons. Also, be aware of out-of-order signs on nearby terminals, as card thieves sometimes put them up to redirect people toward a terminal they’ve equipped with a skimmer. Apart from that, you could also try varying the businesses you visit or swapping out your payment methods for a few months to see if that changes anything. If you avoid a restaurant for a while, and at the same time experience an extra-long gap between card fraud attempts, you may have just narrowed down the source of the theft.

Compromised merchants

What it is: Sometimes your card getting stolen doesn’t indicate a weak point in your security, but in the security of a business you use. Brick-and-mortar stores can have their electronic point-of-sale (POS) systems infected with malware that sends credit card information to a third party – something we’ve seen frequently in recent years with data breaches at retailers like Target. E-commerce websites are also risky, as they can be broken into by hackers who scrape customer payment details from their servers (which often wind up sold in bulk on the dark web), or the website owners could be unscrupulous enough to steal credit cards themselves (most often something you’ll encounter visiting sketchy foreign-based websites or clicking on malicious or fake links). In either case, you can’t be sure of the security measures most businesses are taking to keep your information safe, so you could possibly shop at a business for a long time without knowing it’s a source of your credit card theft woes.

How to resolve it: For brick-and-mortar stores, there isn’t much you can do other than what was previously outlined in the section on skimming. Avoid businesses at which you regularly shop, or switch up your payment methods for a little while to see if that changes the theft pattern at all. With e-commerce websites, you have a few more options, like making sure your connection is secured with HTTPS when you check out and looking for a seal of approval from a trust organization, such as TRUSTe or the Better Business Bureau, at the bottom of the page. Additionally, make sure that you are on the correct website when you intend to make a purchase – something as simple as a couple of transposed letters in a URL could mean the difference between a legitimate site and a fake site meant to steal your information. Larger websites like Amazon and Etsy are pretty safe to do business with, but smaller websites are more likely to get hacked or engage in outright criminal activities like credit card theft, so proceed with caution. The same goes with shopping within apps on your phone or other devices – make sure you’re using a legitimate app.

Familiar fraud

What it is: Unfortunately, in many cases of repeated identity theft or fraud, the perpetrator turns out to be someone you know, like a relative or caregiver. Known as familiar fraud, this type of identity theft can be the most frustrating because often people are less likely to suspect someone close to them vs. a stranger if their credit card becomes compromised. A committed credit card thief in your midst could even go so far as to intercept your mail or file a change of address form to ensure they get a peek at your new card number before you do.

How to resolve it: If you’re experiencing repeated credit card theft and none of the other sources of compromise we’ve described seem to be the culprit, then you might want to look closely at the people around you. Familiar fraud carries an emotional charge that fraud perpetrated by a stranger doesn’t, but you should still report it because the negative impacts to your credit and your life can be detrimental for years to come. Steps you can take to prevent further fraud can include locking up your important documents and information in a personal safe only you have access to, using a post office box to receive your mail and ensuring that nobody else can access your accounts but you.

No matter how your credit card is being stolen, one thing that can help you spot and deal with this and other types of fraud is an identity theft protection service. These services monitor the Internet black market to see if your information is being traded, used or sold fraudulently, keep an eye on your credit reports to alert you if any changes are detected and offer and provide identity restoration assistance in the event you become a victim. For more tips on how you can keep your private information secure, keep reading our identity theft protection blog.