How are Credit Cards Compromised?

Last Update: February 8, 2021 • Credit Cards •

You are about to pay for a purchase with your credit card, and the message “Card Rejected” flashes across the screen.

The first thoughts that might enter the mind are if the recent bill was paid on time, if the account balance is maxed out, or an error with the merchant’s processing equipment.

Then, you look at your recent account balance and see several mysterious purchases that were not made. At this point, you realize your credit card information has been compromised, even though it is still being held in your hand.

Credit card fraud is surprisingly common and affects approximately 11 million Americans every year. In 2014, international credit fraud accounted for $16 billion, and 48% occurred within the United States, primarily because of outdated magnetic strip technology, according to The Nielsen Report.

What is a Compromised Credit Card?

A credit card or debit card becomes compromised when a hacker can “skim” the card number and payment information from a magnetic swipe in a credit card reader.

Thieves normally attached devices that wirelessly transmit data from the credit card reader to their own computer, which might only be a few feet away by sitting in a car in a parking lot or sitting at a nearby table drinking a cup of coffee while appearing to work on their electronic device.

What Happens Next: The “Cloned” Card Scenario?

The thief will then produce a cloned credit card that can be sold for a few bucks to a buyer who will normally use it for a variety of small and large purchases such as gas, clothing, sporting goods, and anything else before the bank finally freezes the account for unusual activity.

As many credit card transactions in North America are still completed by swiping the magnetic stripe on the back of the credit card, instead of inserting the golden EMV chip, cashiers rarely ask for a photo id to verify the cardholder. Despite being a cloned credit card, legitimate credit cards come in many different brands and colors.

The fake credit card has the same appearance as a real credit card, and the cashier probably won’t think it is fake, especially since it works just like the one it is pretending to be.

Card Present Transactions

The easiest way to compromise a credit card, also known as credit card skimming and credit card cloning, is with “card-present transactions.” These are in-person purchases when a card is physically swiped to pay for a purchase at any store or restaurant. The thief only needs a basic skimmer device that can store credit card numbers and “blend in” with the crowd.

Scammed at the Drive-Thru: The Fraud Risks Are Real!

Skimming can happen anytime when swiping the magnetic strip in an ATM, self-service gas station pump, a vending machine that accepts plastic payments, and at regular places of business as well.

The advanced thieves use devices that are very hard to detect, especially if the customer isn’t looking for it and habitually inserts the credit card and is fixated on the digital screen that might ask for a PIN or billing zip code. It is even possible that a restaurant waitress or store cashier can skim the date by having their personal small device and swipe it when nobody is looking.

While this type of skimming does happen, the most common way is in low-security areas such as gas stations and ATMs where a cashier is not constantly hovering over the device. The thief can act like just another customer when, in reality, they are installing or retrieving the skimmer.

Card Not Present Transactions

Credit card data can also be skimmed from online purchases as well.

This can be accomplished in several different ways. Hackers can install malware on your computer or the merchant’s computer that will give them undetected access to sensitive files or the ability to record keystrokes.

“Hotspot” Equals “Honeypot” for Credit Card Fraudsters!

Another way is to “hack” into public Wi-Fi networks and download data from several users. If anybody purchases these public hotspots, they can download the credit card information that can later be used to make a physical credit card or make other online purchases.

Also, hackers can randomly enter credit card numbers and try making a small purchase, such as buying a song for $1, which will not set off any fraud alerts for most banks. If that transaction processes successfully, they will go on a spending spree before the card is finally frozen.

How to Prevent Credit Card Skimming?

Credit card fraudsters are always coming up with new ways to steal information, especially as credit card issuers are rolling out EMV-chip credit cards that are significantly harder to hack as the cards provide a one-time payment code, similar to digital wallets, instead of transmitting personal information to the merchant’s payment processor.

But, this technology is still very new on this side of the Atlantic. Magnetic stripe transactions will still be very prevalent for the near future as merchants update their readers and cardholders receive new cards.

If you need to pay with the old-fashioned magnetic strip, which is anytime you fill up your car or make an ATM withdrawal, here are some tips:

Inspect the card reader for any possible signs of tampering. If the reader seems bulkier than usual or the keypad seems a little “squishy” when pressing the various numbers, this might be a sign that a thief has installed a device. A card skimmer can also look like a very thin and clear plastic film that slides into the credit card slot. Some are very hard to see.
Regularly monitor banking activity. Most people do not check their bank account activity regularly. They might only do it when it comes time to pay the bills once or twice a month. Checking activity regularly is the easiest way to spot any unusual activity. It can also prevent frustration and public embarrassment when a credit card is rejected.
Signup for text alerts. Many banks offer cardholders the opportunity to link a phone number and send you a text message asking to verify a purchase. The alerts can also come via a phone call or e-mail. To receive these alerts, ensure your contact information is up to date. Otherwise, you might not find out until you receive your monthly statement or try to make a purchase yourself.
Enroll in an identity protection plan. Even the most cautious consumers have their credit and debit card information compromised. Hackers are crafty and relentless.
Be careful if any cards get compromised. When a credit card is compromised, they might only retrieve the card number, expiration date, CVN, and billing zip code or pin. Still, advanced hackers might retrieve more information such as a social security number and other sensitive information that might have been required to complete a purchase.

A criminal like this might be able to sell your credit card information and personal information that can be used for identity theft. Read our 100 Ways to Prevent Identity Theft if this is a worry for you!

The Future of Credit Card Skimming

As the world switches to EMV-chip credit cards and digital wallets compromised, credit cards should not occur as often as it does currently. But, hackers are always discovering new ways to outsmart the latest security measures.

Companies sell RFID-blocking wallets that prevent hackers from stealing card information with a pocket device even when the credit card isn’t used to make a purchase. Credit card issuers say that EMV cards are very safe because each purchase uses a different purchase code, while traditional magnetic stripe credit cards use the same code for every purchase.

Contactless Payments are Growing (and Less Dangerous!)

Another security concern is contactless payments, where a credit card doesn’t physically need to be inserted to complete payment. With contactless payments, the credit card or smartphone only needs to hover a few inches from the card reader to complete the payment as the information is transmitted wireless.

A fraudster can use computer software to intercept the wireless signals. However, it will still need to find a way to employ the credit card information as each payment also transmits a one-time code to complete the payment.

Most American EMV credit cards only have contact payment capability, meaning they must be physically inserted (dipped) into the card reader to complete a purchase.

As the magnetic credit card is slowly phased out, credit card fraud is shifting from in-person skimming to online skimming instead.

This Practice has Reduced Card Fraud before …

In Europe, where EMV cards have been used for several years, traditional credit card cloning techniques have been greatly reduced, along with credit card fraud in general. It mostly occurs from online transactions when payment information needs to be manually entered.

The extra layers of encryption are deterring thieves, but it is important always to remain vigilant.