Growing Credit Card Fraud and How to Prevent it
Credit cards are usually considered a safer mode of payment as compared to something like a Debit Card because it provides the customer with a grace period where you can file a dispute against charges made on the card. This avoids a situation where your money is stuck with the merchant till the time the dispute is resolved.
I've noticed in the past few months the fraudulent transaction on cards is increasing and also received a few requests on writing an article about how to defend yourself against credit card fraud.
To start with it, we need to understand a few methods that the attacker may use to get hold of your information and use it to plan an attack.
It is one of the leading causes of information leak. It usually involves the attacker calling you or emailing you. They first try to find an entry point, starting with collecting contact information. It can obtained from:
- Suspicious applications or websites, where you may have provided your contact information.
- Online surveys on different social media platforms claiming to provide you discount coupons etc.
- Data breach, sometimes hackers steal information from well known reputed corporations (Eg. Equifax, a major credit bureau.)
The attacker then tries to gather information to develop a profile of you. It helps them in increasing credibility.
Here's some of the information they may use:
- Using apps like Truecaller or social media platform to build your profile.
- Trying to get details like your hometown, spouse name, etc.
This information is then used to convince you in trusting the attacker and trick you into providing sensitive information like CVV number, expiry date, OTP codes.
The first line of defence is to avoid your digital footprint. This means to avoid sharing information that is linked to your financial accounts.
- One should avoid sharing the phone number linked to your bank accounts or credit card account. It may be difficult to do sometimes. You can use most services using an email address, or use a different phone number if necessary.
- Disable lookup using the phone number on social media platforms. All big social media platforms provide privacy methods to block users from using your phone number or email address to look up your profiles.
- Use a separate email for your financial accounts, this is simple to do and I keep a complex address to prevent lookups. Eg, cch121sa@<domain>.com
It is a little more difficult to avoid than Social Engineering. We've seen in the past that even big corporates like Equifax failed to keep their database secured. There was also a case when the Marriott database was breached.
These type of breaches acts as a goldmine for attachers, they may not always find information that can be used directly to attack users, but it may increase their success rate. For eg., you're more likely to give your CVV to an attacker pretending to be a bank representative who already knows your card number and spouse name.
- Only share information on trusted websites, the ones you're not sure about using a separate email and phone number. Avoid using contact details that you're using in your financial accounts.
- Check the website is secured with SSL before you provide payment information, get to know the payment gateways used by the website.
- Don't save card information on websites that you don't use very often.
- Don't let your physical cards go out of sight at restaurants or stores. All it takes is a second to click a picture of the card and misuse it later.
- Use a good password manager to maintain and monitor your passwords, apps like Dashlane also provides DarkWeb monitoring and will inform you if any of the services you use had a breach.
Secure Financial Accounts:
The last line of defence is to secure your financial accounts, just in case everything fails. The attacker may use leaked passwords or your personal information to run a brute-force attack.
- Use strong passwords, and don't repeat passwords for your financial accounts. Use a password manager if you find it difficult to remember passwords.
- Disable international transactions on your account when they are not needed. Some merchants don't require OTP to validate transactions in other countries. It's critical to disable these transactions.
- Set a limit on the per-transaction amount, you can set a limit for both online and offline transactions with banks. Based on your spending behavior, you can set it on top of your credit limit.
In the ever-rising use of technology, it's crucial to be aware of how things work. Credit Cards and online banking is a great way to manage your finances. All it takes is to be a little careful about how you use them, and they are of great help to us in our day to day lives.
Please share your personal experiences in the comments below and I'll select one person per post for a ₹500 Amazon Gift card. The winner will be selected after one week.