What Identity Thieves Do With Stolen Credit Cards

MoneyTips

The convenience of modern digital commerce comes with an unfortunate side effect: it makes identity theft more convenient as well. The 2016 Identity Fraud study from Javelin Strategy and Research found that 13.1 million consumers in the U.S. were victims of identity theft during 2015, to the tune of $15 billion. Over the last six years of available data, the identity theft totals have reached approximately $112 billion.

In the end, the fraud affects you and your creditors and card issuers directly, but your stolen card information can generate multiple transactions before you even see a dime of losses. Identity thieves can choose to sell your credit card information to others instead of using it for their own purposes.

If your credit card information is stolen as part of a large breach, it’s more likely that your identity and information will be sold at least once as part of a package deal. Along the path to fraudulent purchases your card will be valued based on such factors as whether it is proven to be active (typically with small purchases that may go unnoticed) and whether other information is included — such as passwords, Social Security numbers, and birthdates that make it easier to open new lines of credit in your name.

Once your card information ends up in the hands of the final “user,” the fraudulent action can take many forms. The thief may make a duplicate card, choose to open up fraudulent accounts in your name, or simply use your existing card to buy items that can be resold for cash. Common purchases include expensive items such as jewelry or high-end electronics that are lucrative to resell, gift cards that may be easily cashed in with retailers, online shopping sprees — even items that would be considered “costs of doing business” such as website and server expenses.

You probably do not care much about which thieves (or how many) take advantage of your stolen information or how they monetize it; you just want to minimize the damage and prevent further losses. That requires a mix of corrective and preventative action.

If thieves have already made fraudulent purchases on your account or opened new accounts in your name, you must take immediate action. Call your card issuer immediately to have your current account closed and a new card reissued, and file the police reports and other paperwork necessary for your fraud protection.

Use the MoneyTips credit monitoring service to check your credit report for any fraudulent accounts that have been opened in your name, and contact the credit issuer(s) to close any accounts. Apply either a fraud alert (requiring creditors to verify your identity before issuing new credit) or a credit freeze (blocking most access to your credit report) to lessen the chances of more fraudulent accounts being opened in your name.

If you have not had any problems with stolen credit cards or identity theft, count your blessings — and take preventative action to keep your good fortune intact. Use strong passwords and do not repeat passwords for each site. Make sure that online purchases are made through legitimate and secure websites, and do not give your credit card information over non-secure public computers or unsecured wireless systems. Check your credit card statement regularly for any fraudulent purchases, no matter how small.

Still unsettled about identity theft? Consider using services that monitor your account activity and alert you to unusual activity.

Take proper actions to protect your credit, and hopefully you will never have to find out firsthand what happens when your credit is compromised — and if you do end up with compromised credit, know what actions to take to limit the damage. Make sure that thieves get the lowest return possible on their efforts.

If you would like to prevent identity theft, check out our credit monitoring service.

Photo ©iStockphoto.com/AndreyPopov

It can happen to you. And what you can do about it…

It can happen to you. And what you can do about it…
• March 6, 2014
• Christopher Budd (Global Threat Communications)

We’ve heard the phrase “it can happen to anyone” many times in life in many different contexts. The point of the saying is to humble us and remind us that no matter how smart and careful we are, bad things can still happen to us. We’re not so smart and careful that we can control everything.
In the realm of security and privacy, it’s very easy for people to start thinking that they can prevent bad things from happening if they’re smart and careful enough. There’s a tendency to think “Oh, people get malware because they’re stupid or go to bad sites like porn” or “people’s credit cards get stolen because they used it on dangerous sites or got malware on their system.”
While I’ve never gone so far as to think these things, I certainly think of myself as a relatively savvy, sophisticated user. I’ve been in the security and privacy business for over fifteen years. I do all the best practices, I’m careful. I’ve never had malware on my system to date (touch wood). I’ve never had my credit card stolen.
That is, until a few weeks ago.
My charmed life came to an end via email from my credit card company one Friday evening. It asked, did I make a charge for $268 with an online vitamin seller in Florida? I knew I hadn’t made that charge. I checked with my wife and she hadn’t either. So that would be no, that’s not my charge.
Fortunately I was home when I got the message and so immediately logged into my online account. I verified onlincharges, e the number for their anti-fraud division and called them while I was reviewing my pending charges. I saw the charge for dinner that I had just made, that was OK. I saw a couple of other charges of mine from the past day or two, those were OK. Then I saw a charge for $4.11 at a hotel in Naples, Florida. I’ve never been to Naples, Florida in my life, so I recognized that as a problem.
After a short wait, I was connected to an anti-fraud agent. I explained that the charge they asked about wasn’t mine. I also alerted them that the $4.11 charge was false (this was most likely a test charge to see if the card was still active). I told her that the other charges were valid. She denied the invalid charges, kept the valid ones and then we went through the process of cancelling that card and reissuing it.
Over the next couple of days I took time to do full security scans on all my systems that I use for online banking (they came up clean). I checked my other credit card statements for any unauthorized activity (no issues there). I’ve mentioned before that I have a real-time identity-theft and credit monitoring service: I was very happy to have that because that gave me confidence that nothing else had happened yet. I contacted my service and put a credit watch in place to thwart any possible future attempts to open unauthorized credit cards. I checked my credit report to make sure nothing slipped through and was opened without my knowing (nothing was).
Once I was done with all of that I then moved out of alert mode into watch mode and have been watching my statements closely to see if there’s any other unauthorized activity. So far, though, there hasn’t. I’ll keep watching closely like this for a few weeks yet.
So there’s the obvious question: how did this happen? None of the obvious means of loss apply to me here. I’ve never lost possession of my card save for at restaurants when you have to give it for them to run the check. So how this card was stolen is a mystery. Most likely the data was lost or stolen through issues with a back-end processor or a retailer.
And that’s really the point of this article. In this era of Target-type data breaches, the simple fact is that now more than ever these things really can happen to anyone. You can do all the right things and still fall victim because someone else isn’t doing the right thing. And this means you have to be prepared for bad things to happen unexpectedly, despite your best efforts.
To help you in case something like this should happen to you, here are ten tips on what to do to better protect yourself in case something like this happens to you and help you recover as quickly as possible.
TOP 10 TIPS: WHAT TO DO BEFORE OR AFTER CREDIT FRAUD
Before an incident
1. Make sure all of your computers and mobile devices that you use for online banking and finance are fully up to date for security updates and signatures (and don’t use Windows XP after April 2014).
2. Make sure all of your systems that you use for online banking and finance run mature security packages when they can.
3. If your credit card company offers an alerting service for suspicious charges, sign up for it.
4. Consider enrolling in a real-time identity-theft and credit monitoring service.

If an incident occurs
1. If contacted by your credit card company about a suspicious charge, respond to it immediately. Make sure you verify the phone number they are calling from either on your card or on the card issuer’s website.
2. Work with your credit card company to review all charges and cancel and replace the card right away.
3. Do a full security scan of all systems you use for online banking and finance.
4. Consider putting a credit alert in place to help prevent new accounts being opened in your name.
5. Review your credit report.
6. Review all of your credit card statements. Consider doing so on a daily or near daily basis after the event. Also consider verifying by reviewing your paper statements (some malware can alter online statements to hide malicious activity).