Credit card fraud is the most common type of identity theft in the U.S., according to the Federal Trade Commission (FTC). A recent report by Security.org revealed that 60% of credit card holders have experienced credit card fraud. And nearly half have experienced fraud more than once.
While credit card fraud isn’t going away anytime soon, new methods are constantly being developed to protect consumers from fraud. Here are 10 tips to help you protect your credit card from unauthorized use:
Use strong passwords
You’ve probably heard this before, but it bears repeating. Use a strong password for every site you log into.
According to the Cybersecurity & Infrastructure Security Agency (CISA), a strong password:
- Is at least 16 characters long
- Consists of a random mix of letters, numbers, and symbols or four to seven unrelated words
- Is unique to the account
By following these rules, you’ll end up with multiple unique passwords for your accounts. For example:
- X6!zQ6&mL#72B$d9T*08
- $Jumper1Blueberry4#
Once you have strong passwords, make sure to update them regularly. Even the strongest passwords can be stolen or compromised.
Tip: Unless you have a photographic memory, it’s hard to remember all those random passwords. To keep track of your passwords, CISA recommends using a password manager. A password manager creates, stores, and enters passwords. It also increases online security by identifying weak or duplicate passwords, generating strong passwords, and autofilling your credentials on sites and apps.
Avoid logging into your financial accounts while on public Wi-Fi — or use a VPN service
You have no control over public Wi-Fi networks. If the network you’re on is compromised, your data is at risk. In fact, a Forbes Advisor study found that four in 10 people have been victims of data theft while using public Wi-Fi. The most common places where people have been the victims of data theft were coffee shops and restaurants (25%), followed by airports (23%) and hotels (20%).
Imagine you’re working in a coffee shop. Unknowingly, a hacker is using the same public Wi-Fi network. You book a flight over Wi-Fi, and the hacker intercepts your credit card details.
To prevent your credit card information from being intercepted, avoid making sensitive transactions over public Wi-Fi. Alternatively, you can use a virtual private network (VPN). A VPN protects your online activity and hides your identity while you surf the web.
Don’t give out your credit card details over the phone unless you made the call
Don’t share your credit card number with an unexpected caller. Scammers may try to steal your personal information over the phone by calling you and pretending to be from a legitimate company. For example, they might say they’re from your bank and that your account has been compromised. They just need to verify your credentials to protect themselves from fraud.
These scams can be very convincing. Scammers are experts at using social engineering to get you to act quickly without thinking. Often, the message is urgent or even threatening.
If you receive one of these calls, don’t provide any personal information. Instead, hang up and go to the institution’s official website. Use the contact details on the website to call the institution and verify the caller’s history.
Don’t click on unsolicited links
Scammers can also trick you into providing your credit card information through phishing emails and messages. They typically pretend to be from a trustworthy entity, such as your bank, asking you for personal information. They may even replicate logos and formatting to make the message seem legitimate.
Other popular phishing scams include a lost package, suspicious account activity, and account cancellation notifications. Scammers use trusted, popular, brand-name services like Amazon or FedEx. Chances are you’ll use one of these services and open the email or click on a link in it without thinking twice.
Once you open the email, the scammers know they have an active email account. So even if you delete the email after opening it without clicking on any links, expect more targeted phishing ads. The email usually contains a link that takes you to a fake website that looks very similar to a legitimate website. This is called spoofing. Once you’re on the site, any information you enter is stored for the criminal to use. The link could also download malware onto your device. If you receive a suspicious text message or email, don’t click on any links or respond. Mark it as spam. Contact your financial institution directly using the contact information on the back of your credit card to verify the unexpected communication or report fraud.
Sign up for electronic statements
Not all credit card theft is high-tech. Scammers can search your trash for sensitive information, such as credit card offers, bank account information, household names, and purchase histories.
They can then use parts of your identity to access your financial accounts. They can also use the information they collect to launch a personalized phishing attack against you.
To protect yourself from potential thieves, sign up for electronic, paperless statements with your financial institution. This will reduce the amount of mail you receive and keep sensitive information from ending up in the trash. If you have to throw away paper documents with personal information, shred them with a high-quality crosscut or confetti shredder.
Monitor your accounts and credit report
When a criminal steals a credit card, they will usually start with small purchases to make sure the card is active, and the theft is not detected. Regularly checking your account can help you detect fraudulent activity that may have eluded your financial institution’s fraud detection system.
In addition to checking your account activity, review your credit report regularly. This can help you detect fraud and identity theft before serious damage is done. The Consumer Financial Protection Bureau (CFPB) recommends that consumers check all three of their credit reports (Equifax, TransUnion, and Experian) because the information on the reports may not be identical. The CFPB provides this checklist to help you spot errors on your credit reports.
Tip: You can review up to six free credit reports per year at AnnualCreditReport.com
Look for the lock symbol in your browser bar and “https” in URLs
When you shop online, log in to your financial accounts, or do any other sensitive online activity, make sure the site is encrypted. An encrypted site means that the information that travels between the site and your computer is encrypted, so no one else can see it.
A site is encrypted if it has a lock icon in the upper left corner of the browser bar and “https” in the URL. (If you’re using Google Chrome, click the “tune” icon — two circles and two horizontal lines — and look for the lock in the site info.)
Tip: A lock icon doesn’t mean the site is trustworthy. It just means the site is encrypted. Use common sense and stay vigilant.
Choose tap to pay
Using contactless payments is more secure than inserting your card into a card reader, Forbes Advisor reports. When you make a contactless payment, the chip in your card creates a one-time code that replaces your account information. Similar to encryption, the one-time code prevents your account information from being captured. And because the code is unique to a given transaction, it can’t be reused.
Conversely, when you swipe your card, your payment information and personal information are collected. The scanning device in a credit card reader could easily capture enough information for someone to commit credit card fraud.
Use a mobile wallet
Mobile wallets like Apple Pay and Google Pay work like contactless payments. They create a one-time encrypted code for each transaction instead of your credit card information. Even if a would-be thief were to intercept the transaction, they wouldn’t have access to your credit card information.
Sign up for two-factor authentication whenever possible
Two-factor authentication (2FA) is a security process in which a user provides two different authentication factors to verify their identity. The first factor is usually a password. The second factor is often a one-time code sent via text message or email. You’ve probably seen two-factor authentication with your bank and other sensitive accounts.
Some credit card companies use two-factor authentication to verify transactions before they’re completed. Here’s what a transaction might look like if you’re signed up for two-factor authentication with your credit card company:
- You enter your credit card details to make an online purchase.
- You receive a text message with a unique code.
- You enter that code to complete the purchase.
Even if a fraudster has your card details, they can’t make any purchases if they don’t have access to your phone.
Stay Vigilant
Despite evolving security measures, credit card fraud is rampant. If you’re like most Americans, it’s happened to you before. But there are still plenty of things you can do to make yourself a less desirable target. Use strong passwords, check your credit report, choose more secure payment methods, enable two-factor authentication, and follow other cybersecurity best practices to protect your finances.
If you become a victim of fraud, don’t stay silent! Report it to the FTC. Your info could help shut down a future scam.
