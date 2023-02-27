There’s a perfect fraud storm happening right now with payment cards.

Cybercriminals have long prized the lengthy strings of digits on the plastic cards in your wallet, and they continue to devise wily ways to steal them. In light of the rise in online shopping and lagging payment card security standards, safeguarding credit and debit cards is something we all need to prioritize.

The Online Shopping Boom Heightened Fraud

During the pandemic, online shopping and the use of contactless payments went into overdrive as the pace of digital transactions jumped ahead by several years.

The U.S. Census Bureau’s Annual Retail Trade Survey, released in December 2022, noted that electronic shopping—including mail-order houses—saw a 15.4% increase in sales from 2020 to 2021, representing a jump from $891 billion to $1.03 trillion.

More transactions has meant more companies are storing cardholder data, much of it in the cloud, which hackers often target and successfully infiltrate.

Payment Card Security Standards Are Evolving, But Slowly

Industry analysts at the Nilson Report expect losses from card fraud to reach $165 billion in the U.S. over the next decade.

The Payment Card Industry (PCI) Security Standards Council, which oversees cardholder data security requirements, proposed stronger controls in 2022 to counteract the surge in fraud. However, an updated PCI data security standard won’t go into effect until March 31, 2024, giving scammers more time to capitalize on existing weaknesses.

4 Ways To Protect Your Payment Cards From Thieves

Credit and debit card numbers can be pilfered in numerous ways. Here are the most common scenarios to watch out for, based on what I’ve seen as the senior fellow for threat research at Fortra.

1. Cardless Fraud and E-Commerce

Cardless credit card fraud—when stolen card numbers are used to make internet, phone, and mail-order purchases—drove $8.75 billion in U.S. losses last year, representing 72% of all fraudulent card purchases, according to Insider Intelligence. The fact is, you never know who’s using your payment card details online.

You also can’t really know how an e-commerce site is protecting your data, even when the site is legit. Misconfigured cloud servers have led to many a data breach. And e-skimmers—malicious code inserted on a website’s payment page to collect sensitive data—also can cause your account information to fall into the wrong hands.

How to protect yourself: It’s best to buy from trusted sites, which follow PCI standards to protect cardholder data. If you’re unfamiliar with the company, look at the format of its URL. Never input your card number somewhere that doesn’t start with “https” to indicate secure information exchange. Storing cards on trusted sites can reduce the chance of e-skimming.

2. Skimmers and Shimmers

The FBI estimates skimming results in more than $1 billion in annual losses. Criminals can easily acquire and install hardware to skim card numbers at gas stations, ATMs, parking meters and other unattended payment terminals. These devices are placed over the card slot but aren’t always obvious.

The skimmer may include a membrane overlaying the keypad to capture your PIN or ZIP code, or use a camera to capture those keypresses. Someone might also shoulder-surf you at the payment terminal. It’s even possible to obtain a user’s PIN by analyzing the unique audio signature made by each key on a keypad.

Worse yet, newer devices called “shimmers” can be planted inside payment terminals to transmit electronic card numbers via Bluetooth, even cards with chip technology.

How to protect yourself: Inspect the slot where you insert your card at the ATM, gas station, and so on. Pull on it to ensure it’s fixed, especially if part of the hardware appears to cover the arrows on the base unit. Look at the keyboard to see if there’s an overlay. If anything is amiss, don’t insert your card. Remember that location matters: An indoor ATM is safer than one behind a building.

In general, use contactless credit cards (those that allow you to tap to pay) or your phone’s mobile wallet (Apple Pay, Google Pay, etc.) if available. These will protect you from a magnetic skimmer.

3. Physical Card Theft

If your card is stolen or you accidentally leave it somewhere and don’t realize it for a while, there could be Johnnies-on-the-spot ready to run up charges before you can lock down your account.

How to protect yourself: Always monitor charges, and contact the card issuer immediately if you realize your card has gone missing.

4. Data Breaches

This one’s tricky, because you must rely on companies that maintain your payment card details to safeguard them wherever they’re stored, particularly if you shop online.

How to protect yourself: Once again, prioritize purchasing from trusted websites, and monitor your account for any unusual charges.

Additional Tips To Keep Payment Cards Safe

Favor credit cards over debit cards. Although both typically offer ”zero fraud liability” once fraud has been proven, it can be harder to get your money back from a debit card because the funds have been removed from your account. Another reason to give your credit cards preferential treatment: They’re more likely to reward you with cash, points or miles for every dollar spent.

Although both typically offer ”zero fraud liability” once fraud has been proven, it can be harder to get your money back from a debit card because the funds have been removed from your account. Another reason to give your credit cards preferential treatment: They’re more likely to reward you with cash, points or miles for every dollar spent. Set up transaction alerts. Elect to be notified anytime there’s a charge to your card for any amount over a penny. Fraudsters will often start small and buy something at a common store or restaurant to make sure the card works before moving on to more expensive purchases.

Elect to be notified anytime there’s a charge to your card for any amount over a penny. Fraudsters will often start small and buy something at a common store or restaurant to make sure the card works before moving on to more expensive purchases. Don’t fall for phishing scams. Your bank or credit card company won’t call or email asking to verify your debit PIN, full credit card number, name, expiration date or a card’s three-digit CVV code. That request will come only from a scammer wanting to clone your card. Remember to look closely at the “from” line in emails and website URLs to make sure they indicate a known entity.

Your bank or credit card company won’t call or email asking to verify your debit PIN, full credit card number, name, expiration date or a card’s three-digit CVV code. That request will come only from a scammer wanting to clone your card. Remember to look closely at the “from” line in emails and website URLs to make sure they indicate a known entity. Consider an RFID wallet. A scammer would have to get pretty close to you to successfully capture your card number from a wallet in your pocket or bag using radio frequency identification technology. But an RFID-blocking wallet may be helpful in crowded areas such as on public transit or at events with tight seating.

A scammer would have to get pretty close to you to successfully capture your card number from a wallet in your pocket or bag using radio frequency identification technology. But an RFID-blocking wallet may be helpful in crowded areas such as on public transit or at events with tight seating. Report theft and fraud. Call your bank immediately if you spot fraudulent charges. You can also file a complaint with the Federal Communications Commission or the Federal Trade Commission.

