Credit Cards Easy Pickings for High-Tech Thieves
By Erica Sandberg
October 12, 2012
Yesterday my bank called me saying there was fraud on my new credit card account and asked if I used it at a Walmart in Colorado. I said that I did not, as I live in California. They put a stop on the card, and now I can’t use it until I get a new one. The bank says that I don’t have to pay for what the thief spent and that I needed to tell the credit reporting companies, which I did.
What is freaking me out is that I don’t know how my account information was stolen in the first place. No one knows! I don’t shop online at all, and I don’t even shop with the card at all that much. I have never lost it or had it stolen, either. Do you think someone has been going through my garbage? I’m baffled. — Paula
In your case, I’m going to go with the culprit not being the dirty work of a dumpster diver, but someone just as devious, with considerably cleaner hands.
The first possibility is that you were the victim of skimming. Card-skimming devices can be attached to pretty much any payment terminal, but they’re most commonly used on ATMs and gas pump card readers. When you scan your card, you’re actually running it through a skimmer that a thief has cleverly concealed to look like a legit card reader. The skimming device captures the information stored on your card’s magnetic stripe. Sometimes, the thief will install a hidden camera or a PIN pad overlay to capture your PIN as well.
Another possibility: The thief was a person armed with some high-tech machinery who tapped into a radio-frequency identification (RFID) chip embedded on that credit card.
If you still have the card, look at it closely. Does it sport a radio wave symbol or have the word “PayPass” or “Blink” written on it? If so, that piece of plastic contains a computer chip and radio antenna. This RFID technology allows cardholders to quickly pay for things with just a wave of their cards. Simple and fast. However, the convenience it offers can also be abused by fraudsters.
The scam goes something like this: You’re out and about and have your wallet with the card in your pocket or purse. A thief, who is armed with an electronic card reader scanning device (sold on the Internet), saunters up and stands close to you. He places the device against your body or handbag and voila! In seconds he’s got possession of your card’s account numbers and expiration date. With that information, he uses another easily bought machine to create a duplicate card. He uses that fake card to charge items he’ll use or resell. Sometimes he’s in cahoots with a specific cashier, too, who won’t report his illegal behavior as long as she gets a little kickback.
If you’re freaking out even more now, please don’t. Protective measures are in place. The security codes on most credit and debit cards equipped with RFID change with every transaction, so counterfeit cards can usually be used only once before they are disabled.
Assuming you were robbed in this way, the thief might have tried to swipe the card multiple times, but the sales didn’t go though and the bank was notified. Soon after, you received the call alerting you to the problem. And as you said, you were not responsible for the fraudulent charges, so that’s a relief. The alert you put on your credit files will help prevent future fraud.
You can take additional measures to protect yourself from this type of crime. For example, you can wrap your card in foil, and that should stop scanners from working. Some wallets on the market are also promoting their scan-blocking abilities, though their efficacy is questionable.
To be sure that a stealthy stranger is unable to steal your card’s numbers, you can request that your bank issue you a card without the RFID chip. Not all will do so, but it’s worth asking if you’re concerned that it might happen again.
In the meantime, Paula, be sure to check your credit reports at AnnualCreditReport.com on a regular basis. Also check your credit card statements monthly for evidence of wrongdoing. This way, you can do your own sleuthing.
Got a question for Erica? Send her an email.