We all know that credit cards and debit cards are rapidly replacing cash as a method of payment. Boston Federal Reserve data indicates that over 75 percent of US consumers had at least one credit card in 2017. Another 2017 survey showed that 77 percent of US adults say they’ll use a credit card for goods and services. Only 12 percent said they prefer cash.
Experian has noted that credit card fraud is the most common form of personal financial fraud. Statistics say that 47 percent of adults in the United States have reported being victimized by a fraudulent purchase on their credit or debit card, and that percentage is predicted to rise.
Here are some common ways you might become a victim of a credit card fraud scam:
- A thief digs through your trash, finds discarded receipts with your account number, and goes on a wild shopping spree before you even know you’ve been had. Shred your receipts.
- An unscrupulous server copies down your credit card number away from the table and goes on vacation—on your dime. It has happened to me. It’s interesting to note that the United States is one of the few countries where a server actually takes your credit card out of your sight. This is a tough one.
- An identity thief lures you to a fraudulent website that looks legitimate and acquires your credit card data. You know the rest.
- A tech-savvy fraudster accesses your smartphone and retrieves credit card information you have stored there.
- An email-based phishing scam lures you to click on a legitimate-looking but bogus web link and acquires your personal financial data.
- You get a phone call from a fraudster posing as a representative of your financial institution asking to confirm your credit card data. He or she claims there has been a breach in their system, or perhaps they simply want to “update your information.”
These are just a few examples, but there are many more (see more info on “swapping scams” and credit card skimmers below). Here are some basic tips to protect yourself from a credit card fraud scam:
- Store a personal file that includes complete records of all your credit cards and account information and their individual financial institution contact information in a secure, but easily accessible, place. Use this information to contact your financial institution separate and apart from any email or phone call alert you may receive. These “alerts” are often fraudulent.
- Regularly check your credit card account (real time) and statements. If anything looks suspicious, report the information immediately and cancel any credit or debit card involved. Act fast!
- Carefully control your physical debit and credit cards. Store those that are rarely used in a secure and confidential location.
- Do not store card numbers, relevant personal information or passwords on your smartphone. Fraudsters know where to look.
- Be sure that, when shopping online with a debit or credit card, the site you are on is secure. Secure sites will show “https” in the address bar and (in most browsers) a padlock symbol at the bottom of the screen.
- The use of a credit card instead of a debit card is always the preferred choice when shopping online. Federal law limits credit card liability but, if a fraudster accesses your debit card, they can drain your account.
- Independently contact a financial institution or any other organization that sends you an unsolicited email inviting you to “click here.”
- Never respond online with personal information unless you are 100 percent sure about who is asking for it and that it is a legitimate request.
- Never allow your credit or debit card information to be stored on a vendor website.
- If a credit or debit card reader at a gas pump or ATM, etc. looks funny, don’t use it. It may be compromised with a credit card skimmer.
No actions to protect yourself from credit card fraud are foolproof. But being alert, cautious and practicing a few simple safeguards will go a long way to protect against or at least minimize the damage should you fall victim.
Swapping Scams: A Credit Card Fraud Scam You May Not Know
Pay-at-table (PAT) devices are wireless credit/debit card payment terminals which operate on wireless technologies like WiFi, Bluetooth or cellular. They are commonly used in restaurants or by delivery services to make it more convenient for consumers to pay for their meals or purchases. They are also the most common target of credit card fraud scams due to the ease of unattended access.
A good example of how easy it is for fraudsters to take advantage of these payment devices was recently experienced by a small pub. Two males visited the establishment for beverages shortly before closing time. When these individuals asked to pay their bill, the server brought a payment terminal over to the table and returned to his duties. A few minutes later, they called the server back to the table and informed him the terminal was not working properly. They instead paid their tab in cash.
The next morning, the payment terminal service company received a request to replace the malfunctioning terminal. Upon arrival, the service technician was quickly able to determine the issue. Although the terminal was of the same make and model of the other terminals used by the merchant, it had labels from a payment processing company the merchant wasn’t doing business with. In addition, the security stickers which were normally affixed over the screw holes at the bottom of the device were no longer intact, indicating that tampering had occurred.
Swapping out devices is becoming more and more common. Fraudsters will swap out a terminal or PIN pad and may or may not return at a later time to swap them back. This practice is done in an attempt to collect credit and/or debit card information from either the merchant’s original equipment or from a modified device that the merchant’s staff may continue to use unawares.
Once the credit information is collected, duplicate credit cards are created to sell on the internet and/or make purchases until the activity is detected. Even though recent changes to the type of information is stored on a payment terminal (and how it is stored) is being implemented industrywide, fraudsters will often modify a stolen payment device with technology to copy card information. This is the more commonly known method of skimming (to be discussed in the next section).
In the case at the pub, the merchant had to pay a significant amount of money to replace the stolen device. In addition, the device contained confidential merchant account information and might have contained temporarily stored credit or debit card information from cards previously used on it.
Best practices to identify and avoid swapping:
- Don’t leave PAT or any payment device unattended around customers; they should be treated like cash.
- Periodically examine the devices to be sure labels are intact and the device appears untampered with.
- Secure wired terminals or PIN pads to counters or secure with cable lanyards.
Skimmers are small devices that fraudsters use to copy credit/debit card information when they are affixed to payment devices. They can be concealed within a device or attached to the outside. Depending on the type used, the criminal can either physically collect the skimming device to collect the stolen information or obtain the information from the device wirelessly via Bluetooth or WiFi.
This method of credit card fraud has become popular, especially at gas stations where access to payment terminals at the pump is easy, given that they are outside.
Best practices to identify and avoid falling victim to skimming include:
- Periodically examine all terminals to be sure nothing has been tampered with.
- Run a credit card thought the terminal to be sure the “feel’ is normal.
- Be sure all terminals are the same make, model, etc., if that is what is expected.
- Ask service personnel for proper identification before they touch any equipment.
- Observe, note and report any suspicious activity to the police.
As previously mentioned, credit card fraud scams are rampant, and fraudsters are getting more creative in taking advantage of the latest technologies to carry out their crimes. By knowing some of their techniques and methods, retailers, and LP in particular, will be better equipped to identify, prevent, or report it.
This post was updated March 21, 2019.