Top 8 Reported Ways Your Card Information Is Stolen

Have you experienced fraud on your debit or credit card? If so, you have most likely thought to yourself, how did they get my card information?

To answer this question, I have researched numerous articles over the past three years, compiled a list of the ways reported on how card information is stolen and tallied any repeats. The resulting list is order of the frequency in which they were mentioned:

1. Four-way tie:

   1. Phishing: When a scammer tries to trick you into disclosing your personal information and or payment information.

   2. Data Breaches: The loss of privately stored information held that can include personal information and or payment information.

   3. Malware/Spyware: A program or part of code that is installed on a device without your knowledge for the purpose of stealing your information and recording what you type.

   4. Skimming: Unauthorized capture of your card information which can be used to make card not present transaction (such as online purchases) or even the creation of a cloned card.

2. Public Wi-Fi: A wireless public network typically used for accessing the Internet. You are sharing a wireless network with others you do not know and often leads to information being captured by bad actors.

3. Card is stolen or lost

4. Your Trash

5. Familial Fraud

Every article that was reviewed mentioned Phishing, Data Breaches, Malware/Spyware, and Skimming as the most common methods used to steal card information. Public Wi-Fi came in at a very close second. Stolen or lost cards, information in your trash, and familial fraud all were mentioned 60%-75% less than the other methods.

A little deeper exploration: 

Now that we have an idea of how card information is commonly stolen, lets dig in to define each method and discuss a real-life scenario.

Phishing according to Merriam-Webster is “the practice of tricking Internet users (as through the use of deceptive email messages or websites) into revealing personal or confidential information which can be used illicitly” (Merriam-Webster, n.d.). These deceptive emails, texts, calls or websites trick you into entering your card information and then the fraudsters use your card information to make illicit purchases. Here is a link to hooksecurity.co that has a nice array of different phishing email examples: https://hooksecurity.co/phishing-email-examples

Data Breaches occur when unauthorized users gain access to a companies database of sensitive information. Here is a link to csoonline.com of the largest data breaches: https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html

Malware/Spyware: malware is malicious software that is used in a variety of ways to afflict illicit consequences. Spyware is a form of malware that not only records what you type and sends to the bad actors it can also track and document anything you do on the device, yikes! On webroot.com there is a great overview of how spyware can steal credit card information: https://www.webroot.com/us/en/resources/tips-articles/malware-credit-card-fraud

Skimming is where card information is stolen during the transaction. Skimmers can be physical or virtual. A physical skimmer is placed on a device in such a way that it looks like it is part of the terminal and copies your card data. A virtual skimmer, known as an e-skimmer, does the same thing but is a string of malicious code that is deployed where the online transaction is taking place. Here is a link to an article by CNBC on e-skimming: https://www.cnbc.com/2020/01/31/e-skimming-cyberattack-is-growing-along-with-online-shopping.html

Public Wi-Fi. If you have read any of my previous material than you know just how much I distrust them. Unless you have a reliable VPN do not do anything on a public Wi-Fi network that you do not want someone else to know. Anyone or any device on that network can capture and collect the data you transmit, all of it! Check out this short article from Norton on how public Wi-Fi can be used to steal your information: https://us.norton.com/internetsecurity-wifi-why-hackers-love-public-wifi.html

The last three are straight forward when compared to these other methods. If your card is lost or stolen, please use our mobile app right away and navigate to Remote Control Cards and deactivate your card(s) and then call to report them. Do not just through out your cards or documents with personal and financial information. We offer free secure shredding to our members for free, let us securely destroy that information for you. Finally, familial fraud. Yes, I know that this is a sensitive area, and it happens more often than you would think. Those closest to you might also be taking advantage of you by stealing your card information.

I hope this helps you understand the eight most common ways your card information can be stolen. Next month we will discuss how to protect ourselves in these eight areas. In the meantime, this is a great article to jump start the discussion on how to protect ourselves: https://www.creditcards.com/credit-card-news/online-card-protection-guide/

References

Hook Security. (2022, January 21). Phishing email examples. Hook Security - Phishing Testing & Security Awareness Training. https://hooksecurity.co/phishing-email-examples

Johnson, A. (2020, May 13). How to protect your cards and accounts online. CreditCards.com. https://www.creditcards.com/credit-card-news/online-card-protection-guide/

Merriam-Webster. (n.d.). Definition of phishing. Dictionary by Merriam-Webster: America's most-trusted online dictionary. https://www.merriam-webster.com/dictionary/phishing

Norton. (2019, February 22). Why hackers love public WiFi. https://us.norton.com/internetsecurity-wifi-why-hackers-love-public-wifi.html

Solomon, J. S. (2020, January 31). A cyberattack known as E-skimming is getting more common with the rise of online shopping. CNBC. https://www.cnbc.com/2020/01/31/e-skimming-cyberattack-is-growing-along-with-online-shopping.html

Swinhoe, D. (2021, July 16). The 15 biggest data breaches of the 21st century. CSO Online. https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html

Webrrot. (n.d.). How Spyware and malware are used in. Cybersecurity & Threat Intelligence Services | Webroot. https://www.webroot.com/us/en/resources/tips-articles/malware-credit-card-fraud