So, you went and got yourself a credit card. Ok, six or seven cards, that’s fine. Credit cards are as American as oak trees. I always remember going to Europe and no one accepted credit cards. That’s a quick way to try and learn how to use a Dutch ATM machine.
Today, credit card fraud is commonplace. Credit cards are ridiculous in terms of security since you don’t need very much information to steal one and getting that information is really quite easy. Credit cards have a number (16 digits), an expiration date, and a “secret” code on the back that uses encryption to match up to the other information. Modern chip based cards have more information, but almost no one uses the information to verify that you are who you say. I mean, when was the last time someone verified your signature on the back? Mine was yesterday, but what exactly were they verifying it against? I couldn’t figure that out. The clerk said, “Can (sic) I see your card?” Then he looked at the signature. I guess they require clerks to memorize the signatures of all potential customers just in case they spot a fake. The almost straight line I made on the electronic pad didn’t look anything like the signature. And then there’s the internet. Wow. Don’t even get me started. So, a couple of basic frauds:
- You swipe your card in a fake reader. This fraud means that the reader is likely broadcasting the card information from the magnetic strip to someone nearby. This has happened several times at major chains.
- You give your card to someone (like a waitress) and they simply grab the information from the card with a pocket reader (Available online for cheap.) that scans the strip and then they can make their own card.
- A clerk simply doctors the charge as they put it in. So you think you paid $47.50 and they type in $147.50 which you don’t notice. They pocket the difference.
In both these cases, the fraudster will typically use your card information to then purchase online stuff that can be resold (electronics, tennis shoes, etc).
The Good News:
For the most part, credit card companies work hard to keep this from happening (without actually adding security to the cards for some reason). They have computer algorithms which detect unusual behavior on your part (like my card got disabled once because I made charges in Chicago, Hong Kong, and Vietnam all within 24 hours, legitimate charges, but I don’t do that very often).
The Fair Credit Billing Act and the Electronic Fund Transfer Act provide some remedies for you as well. Basically, you are NOT liable for losses incurred AFTER you report the loss of your card. The FCBA also limits your liability to 50$ if your card is stolen. The law also goes on to limit your liability if just the number is stolen (like my scenarios 1 and 2).
The Bad News:
Credit card companies vary wildly in their handling of this and scenario 3 is a tough one. The card company and a clerk can both refuse to do anything since you theoretically accepted the charge. (I had this happen in a gas station once). Some companies may refuse to acknowledge the law and try to pressure into paying, etc. The crimes using your number will often be committed elsewhere (like say in Europe) as your number was sold to a third party. So, what can you do besides carry around gold Krugerands to try and pay your bills? Well, not much. Think about this - All Discover cards have a 16 digit number that starts with 6011. So, if you can guess the other 12 digits, you can make fake visa cards all day. Your number will eventually get “guessed”. For instance, Google fake credit card numbers (I don’t advise you to go to the sites.), and you will get pre-written algorithms which will assist you in creating these. Any 10 year old can do it. So, again you say, “What can I do?" Here are the key points:
- Ensure you have all the information about your card with you (This is questionable since, if you lose this information, well...lucky thief.). I usually take a picture of the cards and put it in my phone. I also have a copy of this at my house in case my phone is stolen. If you have to contact the card carrier, you need the card number and the phone number. (If your phone is stolen, you might also get the opportunity to try and use a pay phone in Japan.) If you write these on paper, use a code (like add one to every other number), so that the card number is not on a piece of paper laying in your hotel room.
- Find out what your credit card company policy is on the card you have. Most likely they will have a policy and work with you on fraud transactions. But, be advised, this can also be a bad experience.
- Get an “online” card. Credit cards are mostly free, so get another one that has no annual fee. Set the maximum credit on this card to a low limit (Yes, you can lower your credit by calling them). Pick a number that is as low as you can live with for this card. That becomes the true limit of your liability.
- Get a “dining” card. Again, get a card that you only use for restaurants (This is a big source of fraud since the staff get to take your card in the back for a while.). Set the limit as low as you can live with for dining. Again, this number is the limit of your liability.
- Monitor your transactions. Most of the major cards have tracking by text, notification of use of the card (especially when the card was not present) that texts or emails you, and even the ability of restricting your card’s ability to do things you don’t normally do.
- Advise the card’s fraud division before you do something dramatic. I normally only take a single card out of the country. The card has very clear liability but a very high limit. It also texts me usage so I can see it being used. You can let them know you are travelling to Munich tomorrow, so they don’t disable your card when you need it to buy a fahrkarte at the Bahnhof.
- If you experience ANY kind of odd behavior (transactions fail, etc.) with a card reader, immediately contact your card provider and let them know. RIGHT THEN. Then tell the manager of the store.
All that said, the best thing to do first is to contact your issuer and ask them to explain your liability for fraud, so that you understand what your liability is. Get it in writing from them (They will have it.). This will allow you to make an educated evaluation of risk. I hate to be this way, but this will happen to you. Since I can write program right now that will generate random card numbers and test them, someone else can too (or they can just use the handy web sites that generate them), so you have a chance of this occurring regularly. The good news is that the card companies have come a long way in stopping this stuff and my last couple of experiences were much improved in terms of liability limits and response. (I never did get that hundred dollars back at the gas station after months of trying.)
More About Doug
Doug White is the Chair of Cybersecurity and Networking programs at Roger Williams University. He has worked in the technology industry for many years and specializes in networking, disaster, forensics, and security. He has been paid to break into buildings, talk tech people out of their usernames and passwords, steal money, and figure out horrible scenarios like “What if a rabid shark swarm was caught up in a tornado while a core meltdown occurred? Could we still watch Netflix?” Doug has a PhD in Computer Information Systems and Quantitative Analysis from the University of Arkansas, is a Certified Computer Examiner, A Cisco Certified Network Administrator, A Certified Information Systems Security Professional, and a licensed private investigator.
Photo Credits: Photo of credit card and laptop from Pexels.com. Photo of Doug White courtesy of Ashley Farney.