Hacked: What to do when your credit card is exposed


“You could sit at home, and do like absolutely nothing, and your name goes through like 17 computers a day.” That’s one of my favorite lines from the cult classic movie Hackers and it’s a bit mind boggling that, today, your name probably passes through far more than just 17 computers.

And it’s not just our names passing through computers. We’re also making payments online, in retail stores using new gadgets like the Apple Watch, and from our phones with apps. Our credit card numbers are passing back and forth through computers around the world, and more often than ever before.

That connectivity and, ultimately, that convenience, can sometimes come back to bite you. What happens when a retailer you trust gets hacked, and your data ends in the hands of a hacker on the other side of the world? Or what happens when you use an ATM only to find out that your credit card information has been skimmed?

I researched out to find an expert to find out what sorts of scams can leave you at risk, what to do if your credit card ever is stolen, and to discuss the best practices for keeping yourself safe.


Scams

Your credit card doesn’t just mysteriously end up in the hands of hackers, even if it might seem that way sometimes. Instead, it often winds up in bad places — or the “dark web” — as a result of a coordinated attack or a scam.

There are a few ways hackers can get your credit card information, and Jason Glassberg, co-founder and managing principal of Casaba Security walks through a few of the most popular scams.

“Thieves sometimes use skimmers, which are card readers on top of card readers,” Glassberg explained. “So you think you’re putting your card in an ATM, but it’s first passing through a skimmer that’s reading the magnetic strip and collecting your credit card number.” Glassberg said skimmers can take many forms, but the most popular are clipped right over the reader on an ATM, or in a point of sale machine at a retailer.

“Thieves can also attack back-end systems like they did with Target and Home Depot,” Glassberg said, referencing major breaches at both retailers. The most popular way hackers get credit card information is through online scams, Glassberg said. “Getting malware installed on your computer, which captures keystrokes and knows when you’re entering in credit card numbers,” is one danger noted by the expert. “Being sent to a malicious site that has hijacked a legit site” and tricks a user into entering his or her credit card data is another popular method. That malicious fake site is often used as part of larger and popular phishing schemes.

“If it seems suspicious, don’t click on it,” Glassberg warns. “Run a good anti-virus and keep all of your software up to date.”
What hackers do with your credit card data

Shopping spree!

Not quite — at least not every hacker simply goes out and buys a big-screen TV with your credit. Instead, Glassberg explained that numbers are often sold in bulk online, where people spend around $500 (give or take) for bundles of 1,000 credit card numbers.

“Generally speaking, the older the credit card batch, the less amount of money it’s worth,” Glassberg explained. “If 1,000 credit cards hit the market within a couple of days, inevitably many of the victims aren’t going to report them as stolen; at some point, when the bundle is 6-8 weeks old, the value goes down because the percentage of cards that have been reported is much higher.”

Glassberg also explained hackers will try to charge very small amounts, $1 here and there, to make sure that your credit card number and security code are valid.

That’s one of the key red flags that you can keep an eye out for, so let’s explore what to do if your card is stolen now.


What to do if your credit card is stolen

At one point or another, whether you simply accidentally fell victim to a phishing scheme, your data was collected in a hack on a major retailer, or you used a hijacked ATM, your credit card might end up in the wrong hands.

How do you know? What should you do if that happens?

First — take a look for those small $1 charges on your bill, and where they might be coming from. “If you didn’t buy a $3,000 TV, that’s obvious, but $1 or $2 charges slip under the radar, you need to look out for those things,” Glassberg advises.

You should then immediately get in touch with your financial institution, whether that’s your bank or credit card issuer, and let them know about the suspicious charges. “They’ll immediately initiate an investigation. You should also notify local law enforcement so there’s a record you’ve reported this. If it’s fraud, you’ll get a new credit card and credit card number.”

The good news is, Glassberg said that your troubles should mostly end there — so long as you’ve made sure to update all of your autopay accounts online. While there’s some risk for identity fraud, since owning a credit card number is a piece of that puzzle, losing your credit card number isn’t as troublesome as losing all of your health data, for example, which might have your social security number, address and more attached.

“A credit card number, in and of itself, is not an undue risk of having an identity problem, but it can be other information that will help a bad guy create an alternative identity for you,” Glassberg explained.

How do you protect yourself?

Glassberg said there are plenty of ways you can protect yourself online. As he noted earlier, you should keep your software up to date, and should have a good anti-virus client installed.

You should always use a credit card instead of a debit card, Glassberg warned.

“The benefit to using a credit card versus an ATM card is the credit card has a number of provisions and protections in place by law that aren’t afforded to ATM cards,” he said. “So I recommend using a credit card whenever possible, don’t pay online with an ATM card.” This should also apply to things like Android Pay and Apple Pay, where you typically have the choice to use either.

Glassberg also recommends using more than one credit card, when and if possible. “I have one that I only use for online purchases and one that I use for traveling, and that makes unusual charges stick out more,” he noted. “If I’m seeing some activity in Ohio on my card that I don’t use for travel, that stands out. It’s not always possible, but if it is possible, and feasible, it’s a very nice way to watch charges.”

You also shouldn’t use public Wi-Fi that doesn’t require a password for logging in, and should consider a virtual private network, or a VPN, Glassberg said. “And don’t use easily guessed passwords for banking and financial sites, that’s where something like 1Passowrd comes into play. It’s a very good product and is handy for this kind of use.”

“We also always recommend subscribing to a credit monitoring service,” Glassberg continued. “All of the rating companies, CRW and the like, offer the ability to monitor activity on your credit. If someone tries to open a loan or take out a new card in your name, you’re notified. You can prevent things from getting a lot worse.”

Comments