Some common cyber threats facing the retail industry include ransomware attacks, social engineering, system intrusions and insider threats. The retail sector is often targeted by cybercriminals
According to Experian, there have been approximately 416,000 reported cases of credit card fraud so far in 2024. Credit card fraud occurs when someone uses your credit card to make purchases without your permission by impersonating you. Someone can use your credit card without physical access by stealing your credit card number through credit card skimming, shoulder surfing, phishing and hacking.
Continue reading to learn how cybercriminals can steal your credit card information, what to do if someone fraudulently uses your card and how to keep it safe.
How cybercriminals can steal credit card information
Cybercriminals can steal your credit card information in a variety of ways, including credit card skimming and shimming, shoulder surfing, RFID readers and phishing attacks.
Credit card skimming and shimming
A cybercriminal can steal your credit card information through skimming or shimming. Credit card skimming occurs when you unknowingly insert your card into a credit card skimmer, which is a device attached to an actual card reader that steals your information. For example, when you pay at a non-bank ATM or gas station fuel pump, you may insert your card into a skimmer without realizing it, allowing a cybercriminal to capture your card’s information and commit fraud.
In contrast, credit card shimmers are small devices placed inside card readers. These are difficult to detect because they are thinner and more hidden. Shimmers scan the chip on your card rather than the magnetic stripe, unlike skimmers. Even though skimming and shimming use slightly different tactics, both aim to steal your credit card information so cybercriminals can commit fraud.
Shoulder surfing
Your credit card information can be stolen through shoulder surfing, which occurs when a cybercriminal watches you closely enough to see your screen or the information you type. This is why many PIN pads at stores have protective shields to block the buttons you press from view. If someone successfully shoulder surfs, they may glimpse your credit card itself and/or the PIN you enter. With this information, shoulder surfers can commit credit card fraud and potentially steal your money.
RFID readers
Radio Frequency Identification (RFID) readers are devices that use radio waves to identify and analyze information from RFID tags on various objects. Cybercriminals rely on RFID readers to commit credit card fraud by identifying information from a credit card chip to the reader, activating your card’s chip and stealing your payment information. To do this, they must be within the readability range of your card, which is several inches. This is why most RFID reading happens in crowded public spaces, such as gas stations or retail stores.
Phishing
One of the most common ways cybercriminals steal credit card information is through phishing attacks. Phishing occurs when a cybercriminal tricks you into sharing private information, such as your credit card number, by impersonating someone you trust. For example, you may receive a phishing email claiming to be from your bank. The message may alert you that you need to confirm your credit card information by clicking a link within 24 hours, or your account will be deactivated. Because the message contains urgent and threatening language, you are more likely to click the link, which will likely direct you to a spoofed website. Spoofed websites are fake websites created by cybercriminals to appear almost identical to legitimate ones. In this scenario, you may click the link in the phishing email and be directed to a website that appears to be your bank’s legitimate website. However, if you enter your credit card number on the spoofed website, your information will be sent to the cybercriminal who created the site, who can then use it to commit credit card fraud. You could also be tricked into sharing your credit card information through smishing and vishing attacks, which are subsets of phishing attacks.
Hacking a website
If your credit card information is saved on a website and that website is hacked, your information can be stolen and used by a cybercriminal. It is unsafe to store credit card information on websites because companies you have accounts with may suffer data breaches, leading to stolen login credentials and personal information. Once a cybercriminal gains access to your credit card information, they can use it to commit fraud or sell it on the dark web for other cybercriminals to use.
What to do if someone is fraudulently using your credit card
If someone is fraudulently using your credit card, contact your credit card issuer, place a fraud alert on your credit report and file a report with the Federal Trade Commission (FTC).
Immediately notify your credit card issuer
Notifying your credit card issuer as soon as you realize you are a victim of credit card fraud is crucial in protecting your finances and identity. You can contact your issuer by calling the phone number on the back of your card or reporting the fraud on their website. Once the fraud is confirmed, you will most likely receive a new credit card.
Place a fraud alert on your credit report
After contacting your credit card issuer about the fraud, you should place a fraud alert on your credit report. A fraud alert prevents anyone from opening a new line of credit or obtaining a loan in your name by requiring identity verification. To place a fraud alert on your credit report, contact one of the three major credit bureaus: Experian, TransUnion or Equifax.
File a report with the FTC
You should file a report with the Federal Trade Commission (FTC) by visiting www.identitytheft.gov as soon as you know someone is using your credit card without your permission. The FTC will collect the information you provide about the fraudulent charges and share it with law enforcement to investigate your claim. They will also offer steps customized to your unique situation and help you recover any lost finances, if possible.
How to keep your credit card information safe
Secure your credit card information by protecting your online accounts with strong passwords, enabling Multi-Factor Authentication (MFA), avoiding saving your payment information on websites and learning to spot phishing scams.
Protect your accounts with strong passwords and MFA
Make sure your accounts, especially your bank accounts, are protected with a strong, unique password. A strong password should consist of at least 16 characters, combining uppercase and lowercase letters, numbers and symbols. Using a strong, unique password for each account makes it significantly harder for cybercriminals to crack your passwords and hack into your accounts to steal your financial information.
In addition to using strong passwords, you should enable Multi-Factor Authentication (MFA) for another layer of security. MFA prevents cybercriminals from accessing your online accounts even if they know your username and password, as it requires an additional verification step. Some types of MFA include an answer from a security question, a PIN, a code from an authenticator app or biometric information.
Never save your card information on websites
Protect your credit card information by not saving payment details on websites. If a website where you have an account suffers a data breach, a cybercriminal could steal your personal information, including your email address, phone number and credit card information. Avoid saving your credit card information on websites frequently targeted by cybercriminals, such as retail websites.
Learn to spot phishing scams
Since cybercriminals commonly use phishing attacks to trick you into sharing credit card information, it’s important to learn how to spot phishing attempts. Here are the most common indicators of a phishing attempt:
- Warnings from your email service provider about the safety of a message
- Urgent or threatening language with severe consequences
- Too-good-to-be-true offers with embedded links
- Spelling and grammatical errors
- Unsolicited email attachments
- Requests for your personal information
- Discrepancies in the sender’s email address and domain name
By recognizing these signs of phishing, you can report phishing emails as scam and avoid interacting with them. This will significantly reduce your chances of accidentally sending personal information, including your credit card number, to a cybercriminal.
Be wary of credit card skimmers and shimmers
When using your card at a non-bank ATM or gas station fuel pump, be cautious of credit card skimmers and shimmers. Although shimmers are more difficult to detect than skimmers, it’s important to know what to look for. You can spot a credit card skimmer or shimmer by searching for a tampered security seal, checking for misalignments on the card reader, wiggling the card reader to see if it’s loose, looking inside the card reader or comparing it to others nearby.
Consider investing in an RFID wallet
Most wallets cannot prevent RFID readers from analyzing your credit card information, which is why investing in an RFID wallet is worth considering. RFID wallets protect your credit cards and other personal information from RFID scanners by incorporating a protective layer that blocks the radio waves RFID readers use to communicate with your cards’ chips. By keeping your credit card in an RFID wallet, you can prevent RFID readers from stealing your card information.
Similar to RFID wallets, Faraday bags also protect you from a wider range of radio waves and wireless signals, ensuring the data on your credit cards and devices is safe. Faraday bags are like RFID wallets except on a larger scale, protecting your credit cards, key fobs and electronic devices from being tracked or hacked. If you place your wallet inside a Faraday bag and a cybercriminal tries to gain unauthorized access to your cards with an RFID reader, they will be unsuccessful and your privacy will remain intact.
Avoid conducting transactions over public WiFi
When you connect to public WiFi, you can never be certain if a cybercriminal has hacked into the network and is monitoring your online activity. That’s why it’s crucial to avoid conducting transactions while connected to public WiFi. Otherwise, a cybercriminal could intercept your data or infect your device with spyware, which will give them unauthorized access to see what you do on your device. Instead of making transactions over public WiFi, use a Virtual Private Network (VPN) or wait until you can connect to a trusted private WiFi network.
Keep your credit card information safe from cybercriminals
Your credit card information holds so much value to cybercriminals, both in terms of your finances and other Personally Identifiable Information (PII). It’s important to protect your credit card information from cybercriminals by securing your accounts with strong passwords, enabling MFA and avoiding saving your card information on websites.
To protect your bank accounts and other sensitive accounts with strong, unique passwords, you should use a password manager like Keeper®. Keeper Password Manager allows you to update your account passwords and store your credit card information in a secure, digital vault. You can protect your online accounts from being compromised in spoofing attacks or other phishing attempts by using Keeper’s autofill feature, which only fills your login credentials and credit card information on websites associated with your records.
Start your free 30-day trial of Keeper Password Manager today to protect your credit card information and online accounts from becoming compromised or used to commit fraud.