While the focus of the huge Equifax breach has largely been on the personal data stolen from 143 million Americans, the hack also included the theft of credit card numbers belonging to 209,000 Americans.
Affected cardholders are being contacted by Equifax, and will need to contact their card’s issuer to cancel it and report any suspicious charges from recent bills. More broadly, the breach underscores the most common type of fraud out there—the unauthorized use of existing accounts, largely credit cards.
Data hacks aren’t the only ways your credit card information can fall into the wrong hands. Many use other high- and low-tech ways to snag your credit card (or debit card) numbers. While there’s no way to protect your card data that’s entirely foolproof, there are precautions you can take to minimize your risk.
Unmanned card readers
One risk are skimmers attached to unmanned card readers at gas stations or ATMs. These readers, which are glued on top of the real readers, collect the card information stored on the magnetic stripe when you insert your card. That information can be used to create counterfeit cards or used for online purchases. Fraudsters may also install mini cameras to capture your debit card’s PIN when you enter it on the keypad.
What you can do: Look over unmanned card readers before inserting your card. Check to see if the pump or ATM machine you’re using, and particularly its card reader, looks like the others around it. If in doubt, jiggle the card reader and the PIN pad to check for anything that might be affixed to it. If anything seems suspicious, move onto another, pay inside the gas station or withdraw money from the bank teller (while reporting your suspicions to them). Whenever you enter your PIN, try to shield the keypad as you punch in the numbers.
Note: Skimmers will eventually become less of a problem at gas pumps in 2020, when gas stations will be required to take chip cards, which defy skimming.
Fraudulent restaurant servers
Improbable as it may seem, a scam artist posing as your server may copy your card information or skim it when taking your card to run your check.
What to do: Unfortunately, you can’t follow the waiter. But you can track purchases made on your card after you eat out. Sign up for text alerts on your credit cards. These alerts will ping you almost immediately after your card is used for a transaction over an amount that you set. Credit expert John Ulzheimer puts that minimum amount at $0, so he knows about any purchase—no matter how small—on his card.
“Sometimes a fraudster will charge a small amount to see if the card is active, but the small amount won’t set off any bells and whistles,” says Ulzheimer. Asked if the barrage of texts are annoying, Ulzheimer says: “No, I think it’s cool. But what I do find annoying is logging onto my account every two to three days to scroll through my recent transactions.”
Bogus, yet official-looking, emails
Fraudsters often will send emails that look like they’re from your bank or credit card issuer, or a retailer that you frequent. The email will include a link to a website asking to update your personal information or card data.
What to do: Inspect all official-looking emails for typos or awkward phrasing that seem at odds with the usual high standard of communications from major financial institutions. Hover over the sender’s name to see if their actual email address looks legit. Do the same thing for any link included in the email. If you click, don’t input any information. To be completely safe, call your bank’s customer service directly to ask about the information in the email. Forward any suspicious emails to the Federal Trade Commission at [email protected]
Faux shopping sites
Some online criminals go so far as to set up lookalike retail websites or fake e-stores to get you to “make purchases” with your credit or debit card, which then allow them to capture and misuse your card data.
What to do: Put a layer of protection between your purchase and card numbers, says Brian Riley, director of credit advisory services at Mercator Advisory Group. He notes that Citi and Bank of America both offer a temporary credit card number linked to your account to complete online purchases. The temp number, which comes with spending limits and expiration dates you set, keeps your real one private and safe from hackers. Riley also prefers to complete purchases using his PayPal account, which has its own number and shields his card number from the vendor.
Unsecured public Wi-Fi
Online surfing at Starbucks or other locations may allow a hacker on the same public Wi-Fi network to get access to unsecured devices or to capture valuable keystrokes, including those associated with online shopping. Hackers can also distribute malware in this way.
What you can do: Secure your computer when using an open network. Use a virtual private network (VPN) connection and enable the "Always Use HTTPS" for encryption. Shut off sharing options in your control panel or system preferences. Turn Wi-Fi off when you’re not using it. Avoid entering sensitive information, such as your Social Security number or credit card numbers, while on public Wi-Fi. If you do so without the precautions above, check credit card and other accounts afterwards, to ensure no unauthorized transactions have occurred.