Professionals take a minute, sometimes just a second, to pilfer your credit card data. “Back in the beginning, they got the imprint of credit cards from the carbon copies they dug out of the trash,” says William Noonan, a U.S. Secret Service special agent formerly in charge of the agency’s cyber operations branch. “Technology has changed things.”

Credit card numbers do get stolen, and credit card fraud does happen, both online and offline. But how does it happen? How does a thief get your card number? Why don’t verification systems prevent these problems? And what can you do to keep your own cards safe? Let’s take a look at credit card fraud and find out how you can protect yourself. Here are the most common ways thieves steal your credit card information. Monitoring your credit report for suspicious activity is a good habit.

Getting Your Card Number

Obviously, the first thing that needs to happen for credit card fraud to take place is someone else getting your credit card number. There are a number of ways to accomplish this, and they range from the very basic, to the more technologically complex.  If you regularly pay by credit or debit/cheque card (and who doesn’t these days?) you should be aware that your card can be cloned. Phishing, for example, is an old strategy that only requires a thief to be a smooth talker. They’ll get in touch with you via phone, email, post, or some other way, usually posing as someone from your credit card issuer, and talk to you into giving them your credit card information. It sounds like something you’d be able to spot right away, but some phishers are really good at what they do—this is very similar to the tactic that was used in the British phone-hacking scandal few years ago.


It’s not always a merchant or a bank that’s compromised, though; sometimes it’s your own computer. If a hacker manages to get a keylogger or another type of malware installed on your computer, they could easily nab your credit card information when you use it for online shopping. Because most people don’t do enough to protect their computers from malware, this is a serious threat. Viruses, Spyware, Malware, etc. Explained: Understanding Online Threats Viruses, Spyware, Malware, etc. Explained: Understanding Online Threats When you start to think about all the things that could go wrong when browsing the Internet, the web starts to look like a pretty scary place.

Your card itself can also be the target for card thieves. With the increase in contactless payment credit cards, radio frequency identification (RFID) scanners have become a more popular method to steal credit card information; all a thief needs to do is get a scanning device in close range to your card, and they’ll have all the information they need.


This same strategy can be used if your phone uses near-field communication (NFC) to communicate with points of sale to share your credit card information—Apple Pay, Google Wallet, Visa PayWave, and similar apps use this technology when you pay with them. If an NFC reader is compromised or tampered with, it could be giving your credit card information to a criminal. A similar method called “skimming” requires a thief to have a physical scanner that reads the information from your credit card. These devices are surprisingly easy to get (you can get a basic reader for $13 on Amazon), and thieves can be rather creative in using them to tamper with ATMs, card readers at businesses, and other places where your card is swiped on a regular basis.

And, of course, there’s the most time-tested, old-fashioned way: just stealing the card. A forgotten wallet or purse, a dropped card, an unlocked car door, or any number of things, can make your card easy for a thief to grab. Sometimes they’ll just write down your information—the number of waiters caught writing down card numbers while running customers’ cards is larger than you might expect.

Using Your Credit Card

Of course, once a thief has your credit card, the hardest part is done. Now all they need to do is use it (or sell it). Banks want you to think that your credit card transactions are very secure, but a quick trip to the store makes it clear that anyone with your card could use it wherever they want. I live in the US, where not all cards have EMV chips yet, and I haven’t had my signature checked against my card or driver’s license in a long time. Contactless payments with cards don’t require PINs or signatures, so they’re perfect for credit card thieves (even though the limits for contactless payments are rather small, they add up quickly). Online payments don’t require PINs or signatures ether, so going on an Amazon shopping spree with a stolen card is remarkably easy.


And, as I mentioned, these card numbers can be sold online. Rescator is one of many sites that sell this information—most of these sites are on the dark web, where all sorts of identifying information can be bought, but some are easy to get to from any browser. By staying hidden, using servers based in other countries, and making it difficult for law enforcement to look for patterns in stolen cards, these sites stay untouchable.

How to Protect Yourself from Credit Card Fraud

As you can see from the list above, there are a lot of different ways that fraudsters can obtain and use your credit card information—it might seem like it’s impossible to protect yourself. But by following a few simple guidelines, you can significantly decrease the chances that you’ll fall victim to credit card fraud.

First, don’t share your card information over the phone or in an email. Most credit card companies, banks, and stores won’t ask for your credit card information via email, so an email asking for this information should be a clear sign that you’re being scammed. If you need to share your information over the phone, be sure that no one is around to overhear you.

Second, pay attention to online security news; if a retailer or a bank that might have your credit card information gets hacked, call your bank, tell them what happened, and ask for a new card. You could wait to see if you get any suspicious charges on your account before alerting your bank, but it’s up to you whether or not you want to take that chance before starting the process.

Third, if your card is RFID-equipped, consider getting an RFID-blocking wallet so your card is protected while it’s in your pocket. By blocking RFID signals, the wallet prevents any device from reading the information on your card until you take it out to use it.

Fourth, be on the lookout for any card-scanning device that looks like it’s been tampered with. ATMs, pay-at-the-pump gas stations, small stores and restaurants, and many other places can be targeted by skimmers. If something looks suspicious, use another method to pay. Make cash withdrawals from within your bank, pay at the counter when you buy gas, and don’t let your card out of your sight.


Finally, make sure to monitor your credit card statements, bank statements, and credit reports on a regular basis. The earlier you catch a potentially fraudulent transaction, the better the chances that you’ll be able to prevent further trouble. You can get a credit report free every year from, but you should make sure to check your online accounts much more frequently than that to see if anything suspicious is going on.

What you can do

  • Set up mobile banking alerts for your smartphone. That way, you can be notified of unusual credit card activity as soon as possible.
  • Regularly monitor your accounts online, so you can identify fraudulent transactions sooner.
  • Avoid public computers. Don’t log on to your email if your bank corresponds with you there. Urban suggests setting up an email account just for your finances and checking it from safe locations.
  • Avoid doing business with unfamiliar online vendors, Noonan says. Stick to established merchants and websites.
  • If your information has been compromised, notify your financial institutions and local law enforcement. Ask the major credit bureaus — Experian, Equifax and TransUnion — to set up a fraud alert on your credit reports.