Credit Card Security Best Practices
The holiday season is one of the busiest times for most people worldwide, and it is here upon us. But unfortunately, it’s the same period when thousands of shoppers fall into numerous online frauds. As a result, scammers steal their personal information, hard-earned money, and festive mood.
There are studies and data on credit card fraud. For example, a recent investigation exposed an online school for scammers, where upcoming criminals can pay $745 to gain course materials on online theft and fraud, focusing on stealing vital customer credit card information. In 2021, almost 1.7 million were victims of identity theft, with 389,845 customers reporting credit card fraud activities to the Federal Trade Commission.
That said, understanding the different types of credit card security threats and the best practices to avoid them can protect you from falling victim this holiday season. This blog post describes how credit card fraud occurs and offers best practices to protect yourself this holiday season.
How does credit card fraud occur?
Credit card scams occur when cybercriminals steal your credit card data and use it unscrupulously to take out loans or make purchases. As more online shoppers use highly advanced eCommerce websites and devices to shop for the holiday festivities, credit card scammers leverage different techniques to pinch and harvest credit card information.
For example, they often use methods like superficial skimming to highly sophisticated techniques that plant hidden cameras on checkout counters and ATMs to capture the customers’ credit card details. Furthermore, as numerous transactions have gone online, attackers target holiday shoppers with phishing and other social engineering attacks to trick them into divulging sensitive credit card data. In other words, credit card fraud occurs anywhere, anytime, and can happen in a physical store or through online transactions.
Credit card scams to watch out for in the holiday season
1. Overcharge fraud
Overcharge fraud is a popular credit card scam that usually starts with a phishing attack. In this incident, cybercriminals often send unsolicited emails or texts to the victims claiming that their accounts have been overcharged.
For instance, the fraudsters may impersonate legitimate organizations that witness high traffic during the holiday season, such as eBay or Amazon, and send numerous phishing messages hoping that someone will reply. If a victim replies, the fraudsters solicit credit card data promising to issue a refund of the overcharged goods.
However, instead of receiving a refund, the victims reveal their credit card information, which the scammers use to drain their bank accounts.
2. Account takeover
Attackers use phishing and other social engineering attacks as a prelude to more dangerous attacks like account takeover. Once the scammers trick victims into revealing their credit card data, they use it to apply for fake credit cards they need to gain easier access to your finances.
Additionally, account takeover attacks may occur when fraudsters steal your credit card information and use it to make fraudulent purchases and transactions. They may go a step further and change the login credentials for physical cards and online accounts.
Account takeover incidents may be hard to detect since the fraudsters have full access and control of your accounts.
3. Card-not-present (CNP) scam
CNP scams occur via online transactions, where attackers use phishing techniques to trick cardholders into revealing their credit card details. The phishing methods include text messages, phone calls, and emails crafted to appear as if they originate from legitimate companies.
For example, an email message may claim that your credit card has been compromised and provide you with a link to update your login credentials. However, clicking the links redirects you to a spoofed website under the attackers’ control, where instead of updating your login credentials, they can see and harvest the details you input.
Best practices to strengthen credit card security
1. Continous Monitoring
Monitoring your credit card transactions frequently is recommended, but it is more important to monitor your credit card balances continuously during the holiday season. Monitor your listed transactions daily to ascertain that you or other authorized users purchased the listed items.
Also, turn on alerts from your card issuer, if available, to inform you of all the spending activities associated with your card.
Ultimately, continuous monitoring enables you to detect fraudulent transactions that indicate your card has been compromised, allowing you to undertake mitigation actions to protect against further fraud.
2. Exercise caution when shopping online
Many people shop lavishly during the holiday season and always look for the best deals. However, beware of online shopping platforms, such as Craigslist and Facebook marketplace, since they don’t provide the same purchase protections available from reputable retailers when using your credit card.
In addition, retailers asking you to pay using wire transfers, gift cards, or cryptocurrencies should be a red flag that you are being scammed. Instead, opt for peer-to-peer payment methods that offer purchase protections, such as Venmo or PayPal.
Also, watch out for deals that appear too good to be true since attackers can use spoofed websites to lure customers into entering their credit card details.
3. Look out for phishing attacks
Attackers use phishing as a preferred method for tricking users into revealing their credit card information.
The tell-tale signs that you are being phished include phone calls that you did not initiate, requiring you to provide sensitive credit card information. It is highly unlikely that your bank will text or call you to ask you for sensitive credit card data to verify your account. More importantly, do not click links sent from unknown email addresses. Spoofed websites enable fraudsters to harvest login credentials and other details you input.
4. Only shop through secure networks
All shopping transactions should go through a secure network like your home network.
Public Wi-Fi networks expose you to cybercriminals spying on the network, waiting to intercept valuable credit card details. Furthermore, using public insecure Wi-Fi networks for online shopping leaves you vulnerable to attacks that permit hackers to access your account passwords, sensitive financial information, login credentials for your online banking, and other types of confidential data.
It is also vital to ensure the online site has enabled the HTTPS protocol to encrypt the credit card details you provide.
5. Purchase from trusted sites only
Online shopping sites provide a lot of conveniences and have become increasingly popular, especially during the holiday season.
However, not every online shopping site is legitimate since hackers create some sites to steal your credit card data and bank account details solely. Such sites promise deals that are too good to lure more victims.
Before shopping from an unknown site, check it online for reviews to ensure it is legitimate. Otherwise, it would be best if you only used trusted online sites like Amazon or eBay for all your online shopping needs. Then, you can bookmark them on your browser to access them easily.
6. Observe strong password security
The largest number of credit card breaches occur due to weak passwords. Therefore, as a general rule, you should create complicated, hard-to-guess passwords for all your credit cards. The passwords should not contain personal details like birthdays and names and should instead be lengthy, combine upper and lower case alphabets, and contain special symbols.
In addition, you can strengthen your credit card password security by enabling multi-factor authentication. Multi-factor authentication requires you to provide additional details only you can access, including a verification code sent to your phone or a security question to which only you know the answer.
In conclusion, credit cards remain your best bet for holiday shopping despite the potential threats. However, as the holiday season gets in full swing, it is important to be wary of where you use your valued asset this time of the year to avoid financial loss and identity theft.
The offensive security experts at Pulsar Security wish our readers and community a safe, secure, and joyous festive season free from credit card fraud.
Corey Belanger
Corey is a Security Consultant and leads QA of product development, using his expertise in these dual roles to more effectively test and secure applications, whether while building enterprise applications or while performing penetration tests and vulnerability assessments for customers. An Army veteran with a tour of duty in Afghanistan, Corey has built a post-military career in security while earning Network+, Security+, GIAC Certified Incident Handler, GIAC Python Coder, GIAC Web App Penetration Testing, and GIAC Penetration Tester certifications. Corey is also a BsidesNH organizer and founding member of TechRamp, avenues which he uses to help others build their skills for careers in security and technology. Fun Fact: When not manning a terminal or watching the Bruins, Corey can often be found snowboarding or riding his motorcycle.