29 June 2017
Five Ways Thieves Steal Credit Card Data

Credit cards are a convenient way to pay for goods and services, and many Americans use them regularly without thinking much about the dangers of credit card fraud. However, according to Credit Donkey,1 46 percent of Americans have had their card information compromised at some point in the past 5 years, and last year, losses topped $24.71 billion (up 12% from the prior year).

How can you help protect yourself against credit card fraud? It starts with learning how you might be exposing your information to unauthorized users. Following are just five of the many ways thieves steal credit card data.

1. Malware on websites
The safety of online shopping has been in question as long as online shopping has been around. While consumers have certainly eased up on their fears, swayed by the convenience of shopping from home, many of these concerns persist, and with good reason. Typically, online merchants don’t have any nefarious agendas, but hackers can install malware on unsecure sites, which can then be used to steal information entered by consumers, including credit card numbers.

To reduce the likelihood of this happening to you, keep your web browser and its anti-malware programs up to date. Avoid using public Wi-Fi for shopping, and shop only on sites that have secure “https” URLs. Change your password regularly, and don’t use the same password across multiple services.

2. Malicious retail/food service employees
Employees of stores or restaurants can perpetrate credit card theft. For example, last year, a McDonald’s employee was reported to have stolen 100 credit card numbers while working the drive-thru.2 A Starbucks employee was fired after admitting to having stolen a credit card,3 and earlier this year, a CVS employee was accused of stealing credit card numbers to make online purchases.4 These types of stories are not uncommon.

3. Counterfeit card readers in retail stores
While shady employees are always a possibility, typically, it’s third-parties that present the biggest threat. Clever criminals can replace card readers in retail stores, and then collect all the information they contain.

At the Bankrate website, the former senior director of fraud product management for FICO, Mike Urban, runs down a disturbing scenario: “Sally, Simon and Bud walk into a toy store. Sally and Simon roam the aisles, while Bud waits in line to check out. When Bud is at the register, Simon comes running up to the clerk, screaming that his wife has fainted. As Sally and Simon distract the sales clerk, Bud switches the credit card reader at the register with a modified one of his own…For the next week, the sales clerk unwittingly collects credit card data on the modified reader until the trio returns, takes back the modified reader and restores the original terminal.”5

4. Skimmers at the pumps
Criminals also install skimmers at gas pumps, ATMs, parking meters, vending machines, etc., so be sure to play close attention anywhere you’re using your card. Gas stations in particular often make headlines because of skimmers. When you use your card at a gas pump that has a skimmer installed, you’re giving criminals your card information. They can then use this data to make a duplicate card and steal your hard-earned money.

Always watch for signs of tampering when you pay at the pump or use any terminal that accepts cards. Is the card slot flush with the machine, or does it look like it was added on? Is some of the messaging on the terminal taped over or obscured? Taking a closer look may alert you to a possible danger.

5. Black market sellers
There are so many instances of people stealing credit card information that there’s a market for it. Some criminals don’t have to go out of their way to directly steal your data because others who have done so are willing to sell it to them.

EMV cards are one solution
Anti-fraud experts and credit card companies strongly encourage consumers and businesses to use “chip cards” to help cut down on all this criminal activity. Chip cards, also known as EMV cards, contain an embedded microchip. They work by generating unique data for every single transaction, which means that the authenticity of the card can be verified. Combined with a PIN or a signature, they can greatly reduce the risk of fraud.

Monitor your transactions
Don’t throw away your credit card receipts. Instead, keep them in a safe place until you receive your monthly statement. Then, compare your receipts with the charges on the statement to make sure they all actually belong to you. Fraudsters will sometimes test your card by sending through a small transaction, such as $2.95 movie rental, to see if your credit card company will accept it as a legitimate charge. This small transaction may be just the start of a larger scam.

Enjoy the convenience of your credit cards and earn cash or rewards for shopping, but use cards wisely to help avoid fraud.

1. https://www.creditdonkey.com/credit-card-fraud-statistics.html

2. https://www.databreaches.net/in-mcdonalds-employee-stole-about-100-credit-card-numbers-while-working-drive-thru/

3. http://insider.foxnews.com/2016/01/04/watch-woman-confronts-starbucks-employee-over-alleged-credit-card-theft

4. http://www.fox25boston.com/news/cvs-employee-accused-of-using-stolen-credit-card-numbers-for-online-purchases/516494290

5. http://www.bankrate.com/finance/credit-cards/5-ways-thieves-steal-credit-card-data-3.aspx


The information provided is presented for general informational purposes only and does not constitute tax, legal or business advice. Any views expressed in this article may not necessarily be those of Nevada State Bank, a division of ZB, N.A.


Powered by Facebook Comments

This icon will be included whenever we link to a website that is not owned or operated by Nevada State Bank or Zions Bancorporation. These third-party websites are not affiliated with Nevada State Bank or Zions Bancorporation and may have a different privacy policy and level of security. Nevada State Bank and Zions Bancorporation are not responsible for, and do not endorse or guarantee, the privacy policy, security, accuracy or performance of the third-party’s website or the information, products or services that are expressed or offered on that website.