My credit card recently managed to be two places at the same time.
One place was in my wallet, where I expected it to be. But according to my monthly statement, the card also visited a variety of stores in an Atlanta mall without me.
Welcome to the reality of modern credit card fraud.
I can’t know what happened for sure, but since I never lost my physical card, I can make an educated guess. Most likely, the credit card data had been compromised from a vendor. That data was probably sold on the black market and cloned onto a different card. It may have even changed hands again at that point, sold on the street to someone with the sense to use the card on only a single shopping spree before disposing of it.
Because my accounts are regularly reviewed, I reported the fraud to American Express and the company promptly cancelled that card and issued me a new one. This way, no one can resell my compromised data and start the process over again.
While it is possible for thieves to get their hands on your credit card info through a compromised gas pump or ATM, massive data breaches are a much more likely culprit these days. Proper precautions, such as using secure payment websites, keeping an eye out for phishing attempts that ask for credit card information and avoiding the temptation to store credit card data in your browser (especially on a laptop or mobile device), are smart tactics to lower your risk. But security is not only up to the credit card holder.
No one should be foolhardy with their credit card information, but it is unrealistic to expect to 100 percent effectively prevent theft on the front end. If you use a credit card at all, the security of your data will routinely be in the hands of people other than you. This isn’t news to most of us. A 2014 Gallup poll put credit card information theft at the top of the list of crimes Americans worried about on a personal level - which is maybe not that surprising when 27 percent of those polled said that they or a member of their household had experienced such theft.
Retailers could certainly be doing more to help. My stolen American Express card has a chip, which makes it harder to spoof - or it would, if more stores offered the technology necessary to read the chip at the cash register. But most American retailers have not implemented that technology yet. This is almost certainly why a new Barclays report said that the United States represented 47 percent of the world’s credit card fraud, despite accounting for only 24 percent of global credit card volume. The chip, often called EMV for Europay, MasterCard and Visa, increases security and has been largely adopted in Europe, Canada, Asia and Australia. A chipped card isn’t foolproof, but as merchants and banks slowly start to transition to deploy them ahead of an October deadline to make the switch, the U.S. should catch up in reduced fraud levels.
Even now, credit card fraud is not the monster it might seem to be in many consumers’ minds. Mark Nelson, the senior vice president of risk products and business intelligence at Visa, recently said that even in a widespread data breach, issuers typically only see 2 to 5 percent of the compromised data actually turn up in fraudulent transactions. And the Wall Street Journal reported that while the number of victims remains a serious problem, actual monetary fraud losses have decreased, suggesting that banks and credit card companies are catching fraud earlier. These days, automated systems flag unusual purchases in milliseconds, leading issuers to proactively get in touch if something seems suspicious. And while unauthorized charges are undoubtedly a hassle, nearly all major credit card issuers have a $0 fraud liability policy for cardholders. The law also limits liability for a stolen card to $50, and you have no responsibility for any charges after you report the card’s loss or fraudulent use.
Ultimately you know best whether you made a particular transaction, so it is still important to closely monitor your card. Online banking platforms make it easy to check in on your accounts regularly. Depending on how you use your credit card, transaction alerts - available from most issuers - may also give you an early warning system.
In general, credit cards are a relatively secure payment method, and they are becoming more so as technology advances. There is no reason to go running back to cash, despite emotional impulses to do so. But my tale about a card that managed to be in two places at once is a reminder that responsible stewardship, like responsible parenting, requires you to know where your charges are.
Posted by Larry M. Elkin, CPA, CFP®
My credit card recently managed to be two places at the same time.
One place was in my wallet, where I expected it to be. But according to my monthly statement, the card also visited a variety of stores in an Atlanta mall without me.
Welcome to the reality of modern credit card fraud.
I can’t know what happened for sure, but since I never lost my physical card, I can make an educated guess. Most likely, the credit card data had been compromised from a vendor. That data was probably sold on the black market and cloned onto a different card. It may have even changed hands again at that point, sold on the street to someone with the sense to use the card on only a single shopping spree before disposing of it.
Because my accounts are regularly reviewed, I reported the fraud to American Express and the company promptly cancelled that card and issued me a new one. This way, no one can resell my compromised data and start the process over again.
While it is possible for thieves to get their hands on your credit card info through a compromised gas pump or ATM, massive data breaches are a much more likely culprit these days. Proper precautions, such as using secure payment websites, keeping an eye out for phishing attempts that ask for credit card information and avoiding the temptation to store credit card data in your browser (especially on a laptop or mobile device), are smart tactics to lower your risk. But security is not only up to the credit card holder.
No one should be foolhardy with their credit card information, but it is unrealistic to expect to 100 percent effectively prevent theft on the front end. If you use a credit card at all, the security of your data will routinely be in the hands of people other than you. This isn’t news to most of us. A 2014 Gallup poll put credit card information theft at the top of the list of crimes Americans worried about on a personal level - which is maybe not that surprising when 27 percent of those polled said that they or a member of their household had experienced such theft.
Retailers could certainly be doing more to help. My stolen American Express card has a chip, which makes it harder to spoof - or it would, if more stores offered the technology necessary to read the chip at the cash register. But most American retailers have not implemented that technology yet. This is almost certainly why a new Barclays report said that the United States represented 47 percent of the world’s credit card fraud, despite accounting for only 24 percent of global credit card volume. The chip, often called EMV for Europay, MasterCard and Visa, increases security and has been largely adopted in Europe, Canada, Asia and Australia. A chipped card isn’t foolproof, but as merchants and banks slowly start to transition to deploy them ahead of an October deadline to make the switch, the U.S. should catch up in reduced fraud levels.
Even now, credit card fraud is not the monster it might seem to be in many consumers’ minds. Mark Nelson, the senior vice president of risk products and business intelligence at Visa, recently said that even in a widespread data breach, issuers typically only see 2 to 5 percent of the compromised data actually turn up in fraudulent transactions. And the Wall Street Journal reported that while the number of victims remains a serious problem, actual monetary fraud losses have decreased, suggesting that banks and credit card companies are catching fraud earlier. These days, automated systems flag unusual purchases in milliseconds, leading issuers to proactively get in touch if something seems suspicious. And while unauthorized charges are undoubtedly a hassle, nearly all major credit card issuers have a $0 fraud liability policy for cardholders. The law also limits liability for a stolen card to $50, and you have no responsibility for any charges after you report the card’s loss or fraudulent use.
Ultimately you know best whether you made a particular transaction, so it is still important to closely monitor your card. Online banking platforms make it easy to check in on your accounts regularly. Depending on how you use your credit card, transaction alerts - available from most issuers - may also give you an early warning system.
In general, credit cards are a relatively secure payment method, and they are becoming more so as technology advances. There is no reason to go running back to cash, despite emotional impulses to do so. But my tale about a card that managed to be in two places at once is a reminder that responsible stewardship, like responsible parenting, requires you to know where your charges are.
Related posts: