Credit cards

[nate001]

Lately, it seems like our credit card number is stolen every 6-9 months.  Our credit card company is really good at identifying fraudulent charges and notifying us promptly.  We aren't ever on the hook for those charges and I haven't detected any other wide spread identity theft beyond the credit card number.  So really it's just an inconvenience more than anything.  That said, it's something I'd like to prevent if possible.  I don't think we do anything weird with our credit card.  We travel some, but I actually think credit card security is better abroad than in the USA.  I do buy quite a lot of stuff online, so maybe that's the problem?  I do have a paypal account that I'm going to try to use going forward whenever its an option.  
Does anyone else have any insight here?  I'm sure forum members do a lot of online shopping.  Do others have this problem?  Is this just the new normal?  When I ask my credit card company, they don't really have any suggestions.

[bentin]

I think most of the theft comes from physically touching the card. There's certainly some online theft, but most of my issues seem to have stemmed from physical transactions.

I try to use a simple equation. The higher the hood rat quotient, the more likely I am to use cash. There's an important flip side of this too, the snootier the check out person is too, the higher the cash potential is too. Basically if there's much memorable about the person you're paying, use cash. Milquetoast gets plastic.

[nate001]

Mar 29, 2017 8:48:01 GMT -6 bentin said:

I think most of the theft comes from physically touching the card. There's certainly some online theft, but most of my issues seem to have stemmed from physical transactions.

I try to use a simple equation. The higher the hood rat quotient, the more likely I am to use cash. There's an important flip side of this too, the snootier the check out person is too, the higher the cash potential is too. Basically if there's much memorable about the person you're paying, use cash. Milquetoast gets plastic.

It's amazing to me that there isn't a bigger public outcry in the US for those portable credit card swipers you see in EVERY SINGLE RESTAURANT in Europe. 

[bentin]

That and more prevalent Android/Apple Pay would be nice.

[nate001]

Mar 29, 2017 8:48:01 GMT -6 bentin said:

I think most of the theft comes from physically touching the card. There's certainly some online theft, but most of my issues seem to have stemmed from physical transactions.

I try to use a simple equation. The higher the hood rat quotient, the more likely I am to use cash. There's an important flip side of this too, the snootier the check out person is too, the higher the cash potential is too. Basically if there's much memorable about the person you're paying, use cash. Milquetoast gets plastic.

How are you able to determine the issues have arisen from physical transactions?  This time the fraud was local.  The crooks tried to buy something at a local Wal Mart, which would, I guess, suggest this stemmed from a physical transaction.  The other times the fraud occurred on the East Coast or internationally.  That would seem to be online, no?

I think its funny the credit card company was tipped off by a purchase in a suburban Wal Mart.  That might say something about me as much as the crooks.

[bentin]

Yeah, I had my bank call one day because there was a local charge at a Walmart and I'd never been to one.

I've had local and non local charges made, but my bank has said both times they originated from a card swipe.

[disheveled]

I was surprised to hear from a long time merchant (both Brick and mortar as well as online) that Paypal is often the culprit. Just word of mouth but I did take pause.

[matt]

There are a lot of unique ways that someone looking to commit card fraud can get your information. Honestly, credit card fraud, while annoying, is probably the least of our worries. It's a simple confirmation to the bank/credit union/credit card company that you didn't make the purchase and in many instances you will be excused for the fraud.

There are some basic steps that you can take to help mitigate the risk.
1. Set up threshold alerts on your card for charges. Most banks/credit cards have our spending patterns formulated. We're a predictable bunch.
2. Explore your transactions for small incremental purchases (typically a few cents or even a dollar) - this could be a trigger that your card data has been compromised.
3. Obvious, but when using a debit card in brick & mortar, always use it as "credit" - you don't compromise your pin.
4. Chip & Pin technology. If all of your cards have this, it's harder for card thieves to replicate your card. (more on this below)
5. Check POS (point of sale) and gas pumps for overlays and tampering. It's very easy to add skimming technology as an overlay or compromise a gas pump.

The benefit is that there are networks in place (ID Analytics, for example, and others) who work with hundreds of retailers, mobile carriers and credit card providers - they are building a web of transaction detail that can help validate our purchases and detect when something is array in the network.

Card skimming:
Credit card/debit card (cards with magnetic strip) contain 3 "strips" of data:
Row 1: Your name, account number, expiration details. - Most POS do not read strip one. But card skimmer devices that criminals use could gather this info. Unavoidable at the moment, except for Chip & Pin.
Row 2: Account number, potentially expiration details - most commonly what is sent to retailers when the card is swiped. This is verified with the retailer and typically quickly synced to your info (if you've purchased from before) - so it shouldn't trigger an issue or alert.
Row 3: Typically limited to basic, non-ID data (think of hotel room keys, for example)

Background: I work in this industry and just spent some recent time training on card-skimming and identity-compromising awareness to help educate consumers.

Other basic steps worth considering besides chip & pin cards:
2-factor authentication where applicable (email, other vendors) - keep your details on lockdown
Don't online shop on public wi-fi. Duh. Or leverage a VPN. It's terrifying to see the stuff our in-office hacker has stumbled across on public wi-fi.

[nate001]

This is really interesting.  Thanks for chiming in.  As you said, its not the biggest deal in the world, but it is annoying, and it never feels good to feel like you've been taken advantage of, even if there is no direct cost to you.  I've heard of skimmers, but I've never knowingly seen one.  Are they pretty obvious?  A quick google image search makes it look pretty impossible to sniff one out.

[matt]

Mar 29, 2017 11:26:03 GMT -6 nate001 said:

This is really interesting.  Thanks for chiming in.  As you said, its not the biggest deal in the world, but it is annoying, and it never feels good to feel like you've been taken advantage of, even if there is no direct cost to you.  I've heard of skimmers, but I've never knowingly seen one.  Are they pretty obvious?  A quick google image search makes it look pretty impossible to sniff one out.

There are skimmer devices that can fit in the palm of your hand. Skimmers are one piece of the puzzle. The smaller ones could be used by (for example) wait staff who swipe your card. These skimmers gather the info. They need a reader/writer to put onto cards to use fraudulently. Fun facts - when people steal boxes of gift cards that are not activated, those cards can be used to load credit card data. So these cards, while no value when stolen, could house a lot more value to a thief. 

[matt]

Sorry, couldn't resist. 

[gaseousclay]

I have a Visa debit card through my credit union which uses chip technology. I virtually never have to deal with theft. I think my card was compromised once a few yrs ago but it was resolved.