main

HacksSecurity

Online Credit Theft Happened to Me

February 4, 2016 — by Werner Thalmeier2

Pling Pling!  You all know the tone when a new message arrives to your private mail inbox.

Recently, when this happened to me, I checked the message subject and was shocked right away. “Urgent: Please call me back!”  In our business world this kind of e-mail happens, but in this case the sender was my personal bank manager. In the last 10 years, I have never received a message like this from him.  I gave him a call and my manager told me that my wife’s credit card was compromised. An unknown person had used it for shopping at a sporting goods store in the US and to set up a VPN account to hide his criminal activities.

Luckily for us, the bank and the credit card supplier identified this fraud right away and disabled the card immediately.

How Did This Happen?

To get closer to an answer let me provide some background about how my wife usually uses her credit card.  The card is usually used for only few online websites and for nothing else (no other stores, gas stations, hotels, or restaurants).  We always use the same computer with an up-to-date anti-virus (AV) / anti-phishing program and on top of this I run an offline AV scan once a week with a different tool.

So, why did the card still get compromised? Honestly, we don’t know.  There can be multiple reasons and we still are investigating, but there are many ways criminals can get a hold on credit card data.  Remember back in 2012 when Global Payments was hacked and more than 10 M credit card numbers were stolen. Also more recently in Europe, tens of thousands of cards began to be replaced pro-actively by several banks because of compromised databases and “possibly” stolen card numbers.  These are options we’ve considered.

Another popular source for thieves is to spy on credit card information when users are shopping online.  This can happen by cyber-criminals successfully installing malicious software on your computer through infected attachments in emails.  Once inside, this software can access and affect other entries and activities. Another commonly used method is the redirection from popular websites to spoofed websites operated by the criminals.

Can This Happen To You?

The lesson here is that this kind of cyber-crime can happen to everyone!  There is no 100% protection against the misuse of your credit card available. This is the reality and it’s important to keep this in mind.

[You might also like: Fraud on the Darknet: How to Own Over 1 Million Usernames and Passwords]

Using a credit card may be safer than having a lot of cash on hand and when shopping online, there is almost no alternative – no matter if you purchase a new smartphone app or a book. The plastic cards are convenient, despite the potential risks. You just have to make sure that your “virtual pockets” are not wide open to thieves and cyber-criminals.

Remember These Tips & Guidelines To Avoid Online Credit Theft

Never give your credit card to anyone.

Although this seems obvious, this rule can be difficult to follow. Maybe you give your card to the waiter, who then uses it somewhere else.  Maybe you lend the card to your partner or your kids.  To prevent potential misuse, you need to keep an eye on your card at all times.  This is even more important when you use the card abroad or have additional account cards for your family.

  • Do not use your credit card in an unsafe place.   Using the card at an ATM right on the road and in locations with poor visibility is a risk.  It’s easy for criminals to install a so-called skimmer that can steal card details and PIN codes. I also do not recommend using your card in very small shops and businesses with older or potentially outdated payment equipment.
  • Do not tell anyone your PIN code.  Nobody has the right to ask you for your credit card PIN. No exception.  Also, (and it may seem obvious) don’t write down your code and have this with your card. If you are afraid that you’ll forget the code, use the password manager that is available.  If you have concerns that your PIN code has been stolen, inform your bank immediately.
  • Report any problem you have with your card.  If you have any kind of problem – for example you lost of your card or you see unknown purchases on your credit card statement – you should inform your bank immediately. Time is the most important factor because thieves and scammers will try to abuse your stolen card as soon as possible.
  • Make sure that online payments are processed from a secure system. For your computer to not be infected by malicious programs, an up-to-date AV program is a must.  Your network should be protected and your online connection must be encrypted.
  • Beware of Phishing. Phishing e-mails are a popular theft tactic.  These mass emails look like regular emails from big banks, known online retailers, or online providers and they often tell the recipient that they have to “Confirm Account” or evaluate suspicious withdrawals. If you click on the included link, it will take you to a fake page of the Bank/Distributor/provider that prompts you to enter your password or credit card information.  Do not click on the link, under no circumstances.

There will be never be 100% security when you use a Credit Card.  However, these guidelines and tips can help to keep you safer when using your credit card in the real and cyber world.

Learn more about cyber-attack detection and trends in the 2016 Global Application and Network Security Report.

Download Now

Werner Thalmeier

As a Solution Evangelist, Werner Thalmeier is responsible for driving Security Product Strategy for Radware in the EMEA region. Before joining our team, he headed the global product management team at M86 Security as VP of Product Management and was also previously VP of Product Management at Finjan. An active member of IT industry for over 20 years, Werner has gained extensive field experience working with vendors, customers, technology partners and resellers in various management and engineering positions.

2 comments

  • Rick

    February 21, 2016 at 6:53 pm

    I wonder how long before we can choose two-tier validation for credit card purchases, so that when it’s used anywhere, it sends you a required verification number via text.

    Reply

    • Werner Thalmeier

      March 31, 2016 at 12:13 pm

      Hi Rick and thanks for your comment, actually we had a two-tier validation in place. But purchases below $ 20,- will go through without it and this is what happened to us.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *