5 Ways an Identity Thief Can Use Your Social Security Number

Man's hand holding Social Security card. Computer theft on laptop.

Having your Social Security number or card stolen isn’t quite like getting your bank account information taken—though granted, both are stressful experiences. The major difference is that you can get a new bank account number, while the Social Security Administration very rarely issues new Social Security numbers.

Why You Need a Social Security Number

If you’re unsure what an SSN is, the Social Security Administration loosely defines it as a nine-digit number for identity-tracking purposes. Whenever you start a new job or apply for government benefits, you need your Social Security number: it will be used to verify your identity and record earnings. You can locate your Social Security number on your Social Security card—if you can’t find your card, make sure you reach out to the Social Security Administration directly.

How Social Security Number Theft Occurs

How someone finds out and steals your identity (or Social Security number) can happen in a variety of ways. They could gain your Social Security number by exploiting data breaches, sifting through the trash for personal documents, or using any number of other approaches. The thieves can then sell your identity to the highest bidder on the dark web.

What Happens When Someone’s Identity Is Stolen

Once an identity thief has your Social Security number, they can commit all sorts of financial fraud with it, potentially leaving you on the hook for their misconduct.

Look at it this way: Social Security numbers are wrapped up in most aspects of Americans’ lives—employment, medical history, taxes, education, bank accounts, and so on. Below is a list of just a few things someone can do with your SSN if they get their hands on it.

1. Open Financial Accounts

Your Social Security number is the most important piece of personal information a bank needs when extending you credit or opening an account. With that number, a thief can get credit cards or loans, and when it comes time to repay them, they won’t, damaging your credit in the process. Those missed payments are tied to your Social Security number, so they’ll end up on your credit report and could impact your ability to apply for any type of loan or new account in the future.

Once you spot suspicious transactions, you can use your credit scores and credit reports to detect fraud and put an end to it. Unfortunately, it could take years for the fraudulent information to be removed from your credit report and, as a result, for your credit scores to recover.

2. Get Medical Care

Someone using your Social Security number could also undergo medical treatment, effectively tainting your medical records. Inaccurate medical records can have deadly consequences—for example, imagine what could happen if you received treatment based on a false history listing the wrong blood type. Additionally, it’s possible for thieves to poach your health insurance coverage, which could leave you in a bind when you need it.

3. File a Fraudulent Tax Refund

Taxpayer identity theft is a growing problem. Identity thieves use stolen Social Security numbers to get a fraudulent refund, which then delays any refund the victim is rightfully owed. In 2016, the IRS identified $227 million lost in fraudulent tax returns, and this issue is bound to become even more problematic in the wake of massive data breaches like the 2017 Equifax hack.

So the sooner you file your taxes, the more likely you’ll get your refund before an identity thief has an opportunity to take advantage of your stolen identity. You’ll know someone stole your identity if your return is rejected as a duplicate—then you get to start the process of resolving the fraud and, if necessary, getting the refund you deserve.

4. Commit Crimes

Getting your Social Security number might just be a fraction of the thief’s crimes. If the identity thief gets arrested for another crime and gives your Social Security number to law enforcement, you’ve become tangled in their criminal history. Their criminal record could prevent you from getting jobs or interfere with anything else that requires a criminal background check.

5. Steal Your Benefits

A thief could also use your Social Security number to file for unemployment or Social Security benefits, depleting those resources and preventing you from accessing that assistance when you need it later on.

How to Find Out If Your Social Security Number Has Been Stolen

Thieves can operate under your identity for years without discovery, and some of these crimes are very difficult to detect. One of the best things you can do is regularly check a free credit report. Review your credit report thoroughly for unauthorized accounts or public records not related to you. These red flags could indicate clerical errors or identity theft. Either way, you want to watch out for it and act as soon as you see something suspicious. You can also check out these other ways you can find out if you’re a victim of identity theft. 

Image: istock 

The post 5 Ways an Identity Thief Can Use Your Social Security Number appeared first on Credit.com.

14 Ways to Prevent Fraud on Your Debit & Credit Cards

There's no way to make yourself 100% safe from credit card or debit card fraud, but you can build some pretty tall walls. Here's how.

Every time there’s a large credit card breach, you’ll hear some expert say risks for consumers are low, because it’s easy to cancel a credit or debit card and get a new one. Not so fast. If fraud appears on your bill, but you don’t notice it, you’ll pay for it. More important, changing account numbers is a hassle. You’ll have to update all your automatic payment accounts, for example. Screw up one of those, and you could get hit with late fees from a merchant when your payment is denied.

Despite the liability limits, you’re better off avoiding all this in the first place. Below are suggestions on how to do that. Most involve limiting the number of times you have to share your plastic with someone, decreasing your “attack surface.” Some might be familiar. Others might seem extreme. Either way, there’s no way to make yourself 100% fraud proof. That’s why we’ve also provided tips on the earliest possible detection and reporting of fraud, which is the main way to protect yourself. For example, regularly checking your credit scores can help you spot fraudulent activities on your credit cards. (You can check two of your scores free on Credit.com.) Here’s how to keep yourself as safe as possible.

1. Avoid Using Debit Cards to Buy Things

When I asked Gartner fraud analyst Avivah Litan about her fraud-fighting tips, this is the first thing she said:

“Never use PIN debit, except for bank ATM machines attached to bank branches.”

PIN debit is the technical term for using a debit card as “credit” at a merchant. From a fraud perspective, the “debit or credit” question is meaningless. Either way, you are putting your debit card account information into databases criminals can hack. And recovering from a debit card fraud is much more of a hassle than recovering from a credit card fraud. With credit card fraud, consumers call their bank, dispute a fraudulent charge and don’t pay for that part of their bill. With debit card fraud, money is taken from the victim’s checking account, and the consumer has to argue with the bank to get it back. That usually happens quickly, but in the meantime, the consumer’s balance can dip below zero, leading to overdrafts and other potential problems, like bounced rent checks.

It’s a bad idea to buy things with a debit card. Use a debit card to withdraw cash at a bank ATM. Otherwise, use credit.

Some people use debit card purchasing as a personal finance tool to limit spending. That’s a rational reason to do so. If you must, don’t use PIN debit, so at least a criminal can’t gain access to your PIN at that merchant.

2. Be Careful With Stored-Value Apps

The latest trend in money is “digitized stored value.” You probably familiar with it if you buy coffee with your Starbucks app. Many merchants are now imitating Starbucks with their own digitized stored value apps. But app makers and merchants are not banks. They have less experience keeping money safe. The consequences have been obvious: Starbucks consumers have complained for nearly two years about criminals raiding their app-linked credit cards. Worst of all, consumers with auto-fill have seen criminals conduct rapid-fire conduct transactions through the apps. Starbucks says this impacts a tiny fraction of consumers, and they are quickly refunded. If you are using “digitized stored value,” manually reloading value is safer than loading your credit card and especially your debit card.

3. Have a Separate Card for Digital Transactions

Splitting your transactions among cards can limit the “spillover” if fraud occurs. This tip isn’t for everyone. Some consumers like racking up points on one card. Others are afraid they’ll miss a payment if they have more than one credit card bill each month. But separating out transactions can have fraud-fighting benefits. If you are the type to buy items from less popular websites that might not have the security protections of a larger site, consider having a card you use just for those higher-risk purchases. That way, if the small site is compromised, the impact on your life will be contained.

4. Google Second-Tier Sites

Speaking of second-tier sites, you should always Google them before making a purchase. Search “BobsWidgetSite.com and complaints,” then “BobsWidgetSite and fraud,” before making a purchase the first time. Scroll through a page or two of results, in case the site has done search engine optimization work to beat back complaints. I talk often to victims who do that search only after they are victims of fraud, and then kick themselves.

5. Place a Sticker Over Your Security Code

Here’s a novel idea from computer security expert Harri Hursti. Most credit and debit card credentials are useless without the security code numbers on the back of the card. To limit the risk of physical theft, place a sticker over the numbers and memorize them. They are usually only three or four digits. That way someone else who holds your card for a few moments can’t get enough information to steal from your account. Such physical theft is less common than it once was, but the sticker idea is a simple fraud-fighting tool.

6. Say No to ‘Free’ Trial Offers & Avoid ‘Gray Charges’

About five years ago, a credit card fraud fighting firm named BillGuard.com coined the term “gray charges.” These aren’t traditional fraud, but they aren’t transactions you approved, either. It might be a magazine you didn’t realize you purchased as a bundle at a checkout. It might be a subscription travel service that “accidentally” ended up in your shopping cart when you booked a trip. Or it might be a free trial you forgot about that has now converted to a $20-a-month charge. Either way, gray charges are a hassle, and the easiest way to avoid them is to never sign up for a “free” anything that requires your credit card. Check your shopping carts diligently, and uncheck all the “sign me up for XX” boxes along the way.

7. Don’t Fall for Phishing

Phishing emails have been around for a while – so long you might forget the risk they pose. Big mistake. A study by the University of Texas last year found that phishers “thrive” on consumers’ overconfidence. There was a 500% increase in personalized, social-media-based phishes in 2016. A common, credit-card stealing email might be an alert claiming your credit card on file with iTunes has been rejected, and asking for an immediate update. If you think you can’t be phished, you’re wrong. Never enter your credit card number into a website unless you have manually visited the site by typing the address into your web browser’s address bar. Never click on a link in an email – even one you are certain is real – and enter payment credentials.

8. Don’t Give Your Credit Card Number Over the Phone

This tip is similar: Never give your credit or debit card number to anyone who calls your house. Even if you are certain the call is legit. Always hang up and manually dial the company’s phone number, then give your payment details. That might sound like a hassle, but any reputable company will appreciate your efforts at security. If the person on the other end of the phone gets annoyed, that’s a good indication you are being hustled.

9. Get a Post Office Box

Mail theft is still a cause of identity theft. The simplest way to avoid it is to stop mail from coming to your house. Small P.O. boxes can cost around $100 per year and can offer peace of mind.

10. Use ATMs Carefully & Watch for Skimmers.

You know to make sure no one is watching while you enter your PIN code at an ATM. But how? It’s getting harder and harder to be sure, as hackers are inventing smarter skimmer devices that let them “watch” you remotely. The latest devices are designed to fit snugly over the slot where cards are inserted or even to be snuck inside that slot, invisible to the untrained eye. That’s one reason Litan only uses ATMs attached to a bank branch. ATMs outside grocery stores or gas stations can be easier to attack and often have higher fees. The risk isn’t only at ATMs. So-called “overlays” that fit on top of a merchant point of sale terminal have been spotted at major retailers across the country. Whenever inserting your credit or debit card into any machine, it’s a good idea to look for signs of tampering. You can take a moment to rub your fingers around the edges of a machine to see if an overlay of skimmer has been snapped on top.

11. Keep Track of Your Cards

It’s easy to forget your card at a restaurant after a meal. Develop a personal checklist so you avoid that. Each time you get up to leave a store, or before you go to bed at night, do a card count. If you can’t find your card but you are hopeful it will turn up, you might have better options than you realize. Many times, people are loathe to call and report lost cards because of the ensuing hassle. Some banks let you temporarily “freeze” your card while you look for it, then turn the card back on if it’s found safe. Discover has a feature called Freeze It. Visa and MasterCard also gives their banks similar options. Don’t be afraid to protect yourself while you are looking.

12. Sign up for Mobile Banking

Mobile banking is a great fraud fighting tool. If you aren’t using your bank’s app, you’re missing out. More people used mobile than used a bank branch for the first time in 2015, according to Javelin Strategy & Research.

Mobile banking lets you check your account every day for unusual activity. Use of mobile banking can reduce your attack surface, too, since mobile check deposits mean fewer trips to the ATM.

13. Set Text Alerts for Your Credit Card

Banking apps make it easier to use another trick that helps with fraud detection: text alerts. Most banks allow you to set up texts about transactions. Options include: A text with every purchase, a text for every purchase more than $100 or a daily text with the account balance. I prefer the last choice. Anything more frequent and the messages start to feel like spam, and can be ignored. The tool also helps with spending habits, as you’ll have a daily reminder of how much you’ve spent. Most banks can send the alerts via email, too.

14. Report Fraud Immediately

If you are hit by fraud, time isn’t on your side. You will likely be hit repeatedly until the card is canceled. Most importantly, if you don’t report the fraud in a timely manner, you can be held liable for some or all of it. Most of the time, financial institutions are responsive to fraud, and make reporting concerns and getting replacement cards easy, but early detection is critical.

Image: seb_ra

The post 14 Ways to Prevent Fraud on Your Debit & Credit Cards appeared first on Credit.com.

4 Credit Cards With Great Security Features

These credit cards help protect you from identity theft and fraud.

[Update: Some offers mentioned below have expired. You can view the current offers from our partners here — Discover it, Blue Cash Everyday from American Express and Citi ThankYou Preferred. Disclosure: Cards from our partners are mentioned below.]

Thieves lurk in the physical and virtual world, looking for ways to access your credit card number or commit identity theft. Whether you shop online or in brick-and-mortar stores, it’s wise to take steps to protect yourself against fraud.

Credit card companies have many tools to help combat credit card fraud, and sometimes offer additional security features to protect against identity theft.

Here are four credit cards with great security features.

1. Discover it

Rewards: 5% cash back on up to $1,500 in quarterly rotating categories like gas stations or restaurants, 1% cash back on everything else

Signup Bonus: Discover will match the cash back you earn in the first year.

Annual Fee: None

Annual Percentage Rate (APR): 0%  intro rate for 14 months, then variable 11.74% to 23.74%

Why We Picked It: Discover’s Freeze it feature gives you peace of mind if you’ve lost track of your card.

Security Features: With Freeze it, cardholders can freeze their card within seconds using Discover’s website or mobile app. This way, if you can’t locate your card, you can freeze it and look around before reporting it lost or stolen. If your card is misplaced, Discover offers free overnight card replacement. Cardholders also won’t be held liable for any unauthorized purchases.

Drawbacks: To maximize cash back, you’ll have to do the work of activating and tracking rotating purchase categories.

2. Blue Cash Everyday from American Express

Rewards: 3% cash back on up to $6,000 spent at supermarkets, 2% cash back at gas stations and select department stores, 1% cash back on everything else

Signup Bonus: $100 statement credit after spending $1,000 in the first three months of card membership

Annual Fee: None

APR: 0% intro rate for 12 months, then variable 13.99% to 24.99%

Why We Picked It: Cardholders can control available spending for authorized users.

Security Features: If you have multiple cards for authorized users on your account, you can set a spending limit for each card’s billing period. That way, your authorized user (or a conniving friend) can’t rack up a huge balance. American Express won’t hold you accountable for any unauthorized charges.

Drawbacks: If you don’t spend a lot at supermarkets or gas stations, you may want to look for another cash back card.

3. Citi ThankYou Preferred

Rewards: Two points per dollar spent on dining and entertainment, one point per dollar spent on everything else

Signup Bonus: 15,000 bonus points when you spend $1,000 in the first three months

Annual Fee: None

APR: 0% intro rate for 12 months, then variable 14.49% to 24.49%

Why We Picked It: Citi has an impressive range of security features that help you fight fraud and identity theft. (Full Disclosure: Citibank advertises on Credit.com, but that results in no preferential editorial treatment.)

Security Features: If your credit card is lost or stolen, Citi will send you a new card for free and provide an emergency cash advance. To protect you online, Citi can issue temporary credit card numbers for secure online purchases. Finally, if you become the victim of identity theft, a Citi specialist will help you contact TransUnion to put a fraud alert on your credit reports and help you complete a police report. Cardholders aren’t held liable for any unauthorized purchase.

Drawbacks: If you use your credit card for “meat and potatoes” spending and rarely use it on a night out, this card won’t deliver as much value.

4. Bank Americard Credit Card

Rewards: None

Signup Bonus: None

Annual Fee: None

APR: 0% intro rate for 15 months, then variable 12.74% to 22.74%

Why We Picked It: Online shopping is safer with Bank of America’s ShopSafe service.

Security Features: With ShopSafe, you can receive temporary credit card numbers to safely shop online. If abnormal spending patterns are detected, Bank of America will block the card’s use and contact you to discuss potential fraudulent activity. You’ll never be held accountable for unauthorized transactions.

Drawbacks: This is a very basic card without any rewards to speak of.

Choosing a Card With Strong Security Features

Federal law states that you can’t be held accountable for more than $50 in unauthorized purchases if your card is stolen. But cardholders concerned with security should look for card issuers that offer zero liability for unauthorized charges.

To further protect yourself, consider cards that go above and beyond in the realm of security and protect you in areas where you may be particularly vulnerable.

If you frequently shop online, you may want a card that offers temporary credit card numbers for limited time use, which stops digital thieves from gaining access to your real card number. If you tend to misplace things and you’re scared of losing your card, you may want a card that lets you easily freeze all activity.

Of course, if your only credit card requirement is security, you should pick a card with the most enhanced protections. But if you also want a card that rewards spending with points or cash back, you’ll want to consider your spending habits and how a card can reward your purchasing behavior.

What Is Required to Get a Card With Security Protections?

Any legitimate credit card should have some security features. Cards with strong security could be available for consumers with credit ranging from poor to excellent. No matter what card you choose, you should know your credit score ahead of time to gauge your chances of approval. Before you apply, you can check two of your credit scores for free at Credit.com.

At publishing time, the Discover it, Blue Cash Everyday from American Express and Citi ThankYou Preferred credit cards are offered through Credit.com product pages, and Credit.com is compensated if our users apply and ultimately sign up for this card. However, this relationship does not result in any preferential editorial treatment. This content is not provided by the card issuer(s). Any opinions expressed are those of Credit.com alone, and have not been reviewed, approved or otherwise endorsed by the issuer(s).

Note: It’s important to remember that interest rates, fees and terms for credit cards, loans and other financial products frequently change. As a result, rates, fees and terms for credit cards, loans and other financial products cited in these articles may have changed since the date of publication. Please be sure to verify current rates, fees and terms with credit card issuers, banks or other financial institutions directly.

Image: kali9

The post 4 Credit Cards With Great Security Features appeared first on Credit.com.

4 Mistakes People Make With Their Credit During the Winter

Here are some common credit mistakes people make during the winter.

No matter what seasonal holidays your family celebrates, we’re definitely in the festive season right now — it tends to start with Halloween and ends on January 1.

Over the last month or so, we’ve filled our pantries for Thanksgiving, hit the stores for Black Friday, and stocked up on gifts and food for Christmas or other family celebrations. (Not to mention all the pageants, concerts, get-togethers and parties that come with the season.)

During this time of year, many people get focused on gift giving and accidentally make these four credit mistakes, As we head into the home stretch, here are some not-so-smart spending behaviors to flag.

1. Overspending

‘Tis the season for giving, but some people give so much that they hurt themselves financially by spending more on their credit cards than they can pay back. That $25 gift for a friend that you thought you were getting a good deal on can suddenly cost $40 (or more!) once interest and fees are added onto an unpaid credit card. So be sure in these last few shopping days to stick to your budget. It’s okay to put things on your credit card … as long as you can pay off your credit card right away. (You can see how your holiday shopping has affected your credit by viewing two of your credit scores, updated every 14 days, for free on Credit.com.)

2. Not Watching for Fraud

There’s a lot of shopping this time of year – it starts with Halloween candy and costumes for the kids and ends with champagne for a New Years Eve celebration (and maybe a gym membership to go along with your 2017 resolution). Along the way, you’ve probably had your credit card in hand fairly often – shopping for a turkey for Thanksgiving or angling for a great deal on Black Friday or Boxing Day. With all that extra credit card use, it’s important to stay vigilant and monitor your credit card statements carefully for fraudulent charges. Also, be sure to report them to your issuer immediately to have the charges reversed and your card replaced.

3. Lending a Credit Card

If your spouse is running out to pick up some last-minute fixings for the annual family get-together, or maybe some stocking stuffers for the kids, it might be tempting to hand off your credit card to them if they don’t have their own. However, this common mistake can prove costly for so many people every year, because while your family member might be very trustworthy, a simple mistake of leaving behind a credit card they’re not used to carrying could lead to fraud. (Something else that’s important to note: Lending your credit card to someone else, though it isn’t illegal, could put you in violation of your card agreement and make it harder to reverse the charges made while the plastic was out of your hands. You can learn more about how this works here.)

4. Putting Your Credit Review on Hold

I always recommend reviewing your credit report at least twice a year — or even quarterly. But this season can be so busy that people will often put their good habits and responsibilities on hold so they can focus on the turkey, decorations, costumes and shopping that needs to be done. However, skipping a credit report check just once a year (especially during the holidays) can set you back dramatically and make it that much harder to check and clean up your report in the spring. (Remember, you can pull your credit reports for free each year at AnnualCreditReport.com.)

Image: svetikd

The post 4 Mistakes People Make With Their Credit During the Winter appeared first on Credit.com.

5 Cyber-Security Myths We Need to Ditch

Pick a subject, any subject, and there are myths and pure nonsense that someone will buy into.

  • Birds will die if they eat the uncooked rice flung at newlyweds. (Nope)
  • If you eat Mentos and drink Diet Coke simultaneously your stomach will explode. (Hardly)
  • You only have one credit score. (Wrong)
  • Napoleon was short. (At 5’ 6”, his height was average in his day).
  • “President Obama was the founder of ISIS.” (Oh, come on Donald!)

Cyber-security has its own set of misconceptions as well. Here are five.

1. Software Will Protect You

Say it with me now: “Software alone is not going to stop cyber-crime, even a little.”

There is no more harmful notion than the one that leads people into doing whatever they want on their computers or smartphones because they downloaded a software update. While software has its benefits, they often have to do with containing damage, not stopping an attack.

The false sense of security fostered by the idea that software can protect anyone from the kinds of daily mutating, highly sophisticated attacks out there today is dangerous.

2. Cyber-Crime Is Mostly About Credit Card Fraud

The idea that cyber-crime is just about credit card fraud is a pernicious misconception that, ironically, can lead to credit card fraud and other forms of credit-related crimes.

There is no right answer to the question regarding the most prevalent forms of cyber-crime. But by far the majority of the capers out there are focused on grabbing colossal amounts of personal identifying information from organizations that do business with millions of people or, alternately, stealing confidential business information that can be sold to the highest-bidding competitor. Sure, there are other forms of attack, some of them very much on the rise, such as ransomware schemes, but by and large the focus among cyber-criminals is on sellable information and making a lot more money than can be had from a credit pump-and-dump.

That said, the ways that stolen information can be used leads back to consumers and can very easily result in credit fraud, since stolen data can be easily purchased by identity thieves for next to nothing on the dark web.

3. Cyber-Crime Is Only About Making a Buck

If cyber-crime were only about making money, we’d all be a lot safer than we are right now.

Let that sink in.

Make no mistake, there are hordes of hackers out there driven by ideology. Many are far less interested in making money than in making money disappear or taking down the electrical grid or rigging an election. For them, mere monetary reward is not a motivation unless it is needed to facilitate an attack.

This is the stuff of nightmares and blockbuster Hollywood films, and there isn’t a thing most of us can do to stop any of it from happening.

In a world where the Stuxnet worm that was used to attack Iran’s nuclear program is quaint technology and detonating a hydrogen bomb would inflict less casualties than a cyber-attack that shuts off the power grid, having our credit ruined by a pajama-wearing identity thief is the least of our worries.

4. Cyber-Criminals Don’t Target Small Businesses

The myth that cyber-criminals don’t focus on businesses that aren’t at the top of the food chain can be debunked with one name: Target. The company was hacked by one remove. The criminals managed to get malware on a far-flung point-of-sale system by coming in the side door. They merely had to compromise a smaller HVAC vendor.

No matter how small the enterprise, it must have serious security protocols and a meaningful cyber-defense plan, lest it suffer an extinction-level event and potentially bring down a whole lot of other folks with it.

5. There Is No Way to Stop a Cyber-Attack

This is the biggest myth out there, in my opinion. Except, of course, that in the final analysis it is true: There is no way to stop every single cyber-attack.

That said, for many attacks, PEBCAK is the answer. Unfamiliar with this approach? It’s an oldie but goodie that anyone in IT will recognize, the letters forming an acronym that neatly states why countless attacks are successful. PEBCAK stands for Problem Exists Between Chair and Keyboard.

While it is true that cyber-threats abound, the only way to contain the pandemic and meaningfully push back is if everybody does what they are supposed to do. That is a big “if.” But one can hope, and while fixing the human problem is a Herculean task, it’s a worthy goal.

If you’re concerned you’ve been a victim of identity theft, it’s important to keep an eye on your credit as new accounts in your name or a sudden drop in credit scores indicate fraud has occurred. You can view two of your free credit scores, updated monthly, by visiting Credit.com.

This story is an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its partners.

Image: PeopleImages

The post 5 Cyber-Security Myths We Need to Ditch appeared first on Credit.com.

Are Chip Cards Counterfeit-Proof? Not Exactly

counterfeit-chip-card

Computer researchers may have found a flaw in chip-based credit cards. Though the cards are designed to combat fraudulent cloning, apparently there’s a way to rewrite the magnetic strip code so it resembles the standard Europay, MasterCard and Visa (EMV) card.

Researchers at the payment technology company NCR presented their findings at the Black Hat computer security conference last Wednesday, CNN Money reported. “There’s a common misperception EMV solves everything,” Patrick Watson, one of the researchers, reportedly told the site. “It doesn’t.”

All a thief has to do is alter the data on the magnetic stripe so that it fools the terminal, the researchers said. As a result, the researchers suggested retailers encrypt whatever they can to help protect customers.

For their part, major machine makers Verifone and Ingenico said that they offer end-to-end encryption on retailer’s machines, CNN reported. Meanwhile, Jason Oxman, a spokesperson for the Electronic Transactions Association, a trade group, said via email that the issue “actually has nothing to do with the chips” at all. Here’s why:

“Every magnetic stripe on a chip-enabled card has a code on it that tells the POS at a retailer that if the customer tries to swipe the card, they should be prompted to insert the chip card instead. This ensures that the chip is used instead of the magnetic stripe. What this researcher figured out a way to do is alter the code on the magnetic stripe to say to the POS ‘I am not a chip card,’ and then to ask the POS to send the transaction to the issuing bank for approval as a magnetic stripe transaction. This is called a fall back transaction because the transaction should be a chip transaction, but it will fall back to a magnetic stripe transaction.

The issuing bank, when it receives the authorization request, will know that the card is a chip-enabled card [despite] the bad code on the magnetic stripe card, and the issuing bank will make the decision whether to approve the fall back transaction or not, based on a variety of factors. (The hacked code on the magnetic stripe card can only fool the POS, not the issuing bank.)”

Doug Johnson, senior vice president of the Payments and Cybersecurity Policy division at the American Bankers Association, said it’s important to remember banks’ additional protections for customers.

“End-to-end encryption is an important security measure for retail point-of-sale transactions that merchants have endorsed and should implement,” he said. “At the same time, it is important to remember that bank customers will be fully reimbursed for any unauthorized transaction against their account.”

If you carry a chip card and believe you’ve been a victim of fraud, you’ll want to contact your credit issuer immediately to cancel the card. After that, it’s a good idea to monitor your credit reports for any additional signs of trouble. (You can see your free credit report summary, updated monthly, on Credit.com.) You may also want to change your financial account passwords and pins to be on the safe side.

Image: alice-photo

The post Are Chip Cards Counterfeit-Proof? Not Exactly appeared first on Credit.com.

How Companies Know Your New Credit Card Number Before You Give it to Them

company-knew-your-new-credit-card-information

Recently, a Netflix customer took to Reddit to explain how he got a big surprise when the streaming service charged him using his new credit card number, which he hadn’t given them. How did that happen?

One commenter offered a clue: Netflix likely participates in Visa’s Account Updater program.

Netflix declined to comment on whether it uses updater services.

However, for retailers who rely on recurring payments or cards on file in general, “it’s becoming very normal to use this technology,” according to Eric Lindeen, vice president of marketing for ID Analytics in San Diego, California, which offers fraud prevention tools to issuers. And updater services, which notify merchants of changes to customers’ cards, will only become more common, as Visa will reportedly require U.S. issuers to participate in its service, effective October 1. (Visa did not respond to Credit.com’s request for comment.)

How Updater Services Work  

Each month, merchants send a list of names and card numbers to their acquirer, or payment processor, who check their data against Visa, MasterCard, American Express and Discover, Lindeen explained. The acquirer lists the cards with updated information, and returns the list to the merchant. From there, the merchant updates their files before submitting transactions that month.

Lindeen cites the rise of identity theft as one of the main factors contributing to the proliferation of updater services offered by startups like Stripe and BrainTree and old-school issuers like Visa and MasterCard.

“As fraudsters become more competent,” he reasoned, “the financial system has to become more complex to deal with them. So many credit cards have been stolen that led to numbers being changed.”

Brave New World

A few years ago, it was typical for customers to forgo updating their card when they wanted to cancel a service. The reasoning, according to Lindeen, was they’d just let it expire and eventually the billing would stop. Even today, it’s not uncommon for people to assume their account is going to lapse, like the Reddit user.

However, as more merchants enroll in updater services, our behaviors are going to change. It’s perfectly legal for issuers to share card information with merchants with whom you do business, — the assumption is if you signed up for their service, you’ve assumed responsibility for the bill — so consumers must be more vigilant about canceling various services, Lindeen said. Another imperative: Letting card issuers know when you don’t want a merchant to receive your new info, which you can do by phone.

“The good news is, I think the issuers and networks are really thinking about how to adapt to this new normal,” Lindeen said of the updater services. “We need to go from a world where [identity theft] was an exception to a world where we’re built to handle that effectively.” Updater services are a step in that direction, he said.

If you have reason to believe you’ve been a victim of fraud — common signs of identity theft include unauthorized charges, unfamiliar addresses and mysterious accounts opening in your name — be sure to check your credit score to find out more. You can view your two free scores, updated each month, on Credit.com.

More on Credit Cards:

Image: AleksandarNakic

The post How Companies Know Your New Credit Card Number Before You Give it to Them appeared first on Credit.com.

Most of Us Do ‘Risky’ Things With Our Credit & Debit Cards

credit-card-fraud

More than half of credit, debit and prepaid card users around the world are opening themselves up to fraud and identity theft through risky behaviors that could be completely avoided.

That’s one of the findings of a report released today by ACI Worldwide that looked at credit, debit and prepaid card fraud in 20 countries.

The report, “2016 Global Consumer Card Fraud: Where Card Fraud Is Coming From,” found that 30% of all cardholders globally had experienced fraud in the last five years. Cardholders in Mexico (54%), Brazil (49%) and the United States (47%) experienced the greatest rates of fraud over that time period, while cardholders in Sweden (14%), The Netherlands (14%) and Hungary (9%) experienced the least.

The risky behaviors and rates of fraud don’t necessarily correlate, however. Respondents reported virtually the same rate of risky behaviors across countries, but the rates of fraud varied dramatically. For example, 23% of respondents in Brazil, the country with the second highest rate of card fraud, reported throwing away documents without shredding them, while 22% of respondents in The Netherlands, the country with the second lowest rate of card fraud, did.

The study looked at behaviors such as:

  • Responding to emails or calls asking for banking information
  • Carrying PINs with cards or writing the PIN on the card
  • Shopping or banking online without security software or on a public computer
  • Throwing away unshredded documents with account numbers and other personal information
  • Leaving smartphones unlocked while not in use

Not All Risk Is Behavior-Related

It turns out EMV technology likely has more to do with fraud rates than cardholder behavior does. EMV stands for Europay Mastercard Visa, the three firms that originally developed the standard. In the U.S., they’re frequently referred to as “chip cards” or “chip credit cards.”

“Europe was much earlier in enabling EMV and having it pushed out at a continental and industry level. As a result, protections have been better [than in countries that were later to adopt EMV technology],” said Andreas Suma, vice president and general manager of ACI Worldwide in Latin America. “The weaknesses in instituting EMV represents the biggest opportunity for fraud, and as a result we’ve seen more fraud in places like Brazil, and the United States and Mexico.”

According to the report, fraud rates in the U.S. are driven “by the fact that it is a wealthy economy and that card payments are the go-to payment method for most consumers.” That, combined with the prevalence of online shopping and slow adoption of EMV, make the U.S. a gold mine for criminals. Already, the U.S. has seen a doubling of new account fraud, and based on other countries’ experience with EMV adoption, ACI Worldwide’s report said it is expected that card-not-present (CNP) fraud also will increase as the country continues to migrate to EMV.

“It’s generally recognized that there will be a migration of fraud to card-not-present,” Suma said. “The report doesn’t break that out explicitly, but it’s seen as a general trend. Also, as e-commerce explodes … merchants are coming up to speed with solutions and capabilities to defend against fraud, but that is an evolving landscape.”

Once Bitten, Twice Shy?

Data breaches have become almost everyday occurrences, and it can be safely assumed that most consumers’ payment card details as well as other information, such as PINs, emails and addresses have been breached. In the Americas, for example, approximately 53% of U.S. residents received a replacement card in the past year, along with 46% of Mexicans, 30% of Canadians and 45% of Brazilians, according to the report. Some issuers replace cards when a breach is suspected, even when no signs of fraud have been detected on a particular account.

That might not be great news for issuers, as 40% of cardholders who receive replacement cards dramatically reduce their account use. It’s probably not as much a matter of trusting the issuer’s ability to keep their account safe as it is of convenience, Suma said. He theorizes it has a lot more to do with automatic payments.

“A lot of people use their cards for billing purposes for example, and … as you’re waiting for a replacement card, it could be that you’re updating a lot of the payments with another card,” Suma said. “Institutions need to get ahead of this from a customer-experience and customer-service perspective.”

What If You’re a Victim?

When prevention isn’t an option, rapid detection can make all the difference in containing the damage of fraud or identity theft. Sudden changes in your credit scores can be a sign of identity theft (you can see two free credit scores every 30 days on Credit.com), and you’ll want to regularly review your free annual credit reports for errors.

Identity theft victims can file reports with the local authorities, notify their creditors and the credit bureaus and file a complaint with the Federal Trade Commission, among other things. If you’re a victim, you’ll also likely need to dispute any errors you find on your credit reports. You can go here to learn how.)

[Offer: If you need help fixing errors on your credit report, Lexington Law could help you meet your goals. Learn more about them here or call them at (844) 346-3296 for a free consultation.]

More on Credit Reports & Credit Scores:

Image: Georgijevic

The post Most of Us Do ‘Risky’ Things With Our Credit & Debit Cards appeared first on Credit.com.

Do I Have to Activate My New Credit Card? (The Answer May Surprise You)

activate-my-new-credit-card

A lot can happen in the seven-to-10 business days it typically takes a new credit card to arrive in the mail. But if you’re having second thoughts about your chosen plastic, you’d be remiss to think that failing to formally activate the account negates its existence.

Issuers typically ask that new cardholders “activate” their cards by calling them or registering the plastic online once it’s in hand. This requirement helps to prevent someone from scooping the new card out of your mail and taking it on a shopping spree, but it doesn’t serve much of a purpose beyond that.

“Activation is simply a fraud protection measure,” Nessa Feddis, senior vice president and deputy chief counsel at the American Bankers Association, said. “It’s divorced from whether the account is opened or reported [to the credit bureaus].”

In fact, issuers typically start reporting the card to the credit reporting agencies once you’ve been approved. The application will almost immediately generate a hard inquiry on your credit report and, shortly thereafter, the card’s credit limit will factor into your credit utilization rate, whether you abide by the activation request or not.

Interestingly, there’s also a chance the card itself would work at a store, should you try use it without making that phone call or registering online.

“All American Express cards are flagged as pending confirmation of card receipt when a card is mailed. We strongly recommend Card Members confirm receipt when the card arrives to help verify their identity and mitigate against fraud,” a spokesperson for American Express said in an email. “However, because of our relationship with our Card Members, we are able to selectively approve charges that we evaluate to be of very low risk, even if the card receipt has not yet been confirmed. For example, if a Card Member receives their new card, puts it into their wallet and proceeds to use it at their local coffee shop they frequent, we might be able to approve the transaction.”

Making the Call

It’s still in a cardholder’s best interest to activate a new credit card, since that’s the quickest way to ensure you won’t hit any snags when trying to make a purchase. It also minimizes the odds of fraudulent charges.

If you haven’t received a card you applied for, you should notify the issuer — they can tell you if the account has been used and/or send you a replacement. It’s also a good idea to keep an eye on your credit to make sure someone else didn’t run up any balances or commit any other nefarious activity in the interim. You can do so by pulling your credit reports for free each year at AnnualCreditReport.com and viewing your credit scores for free each month on Credit.com. A sudden drop in scores can be a sign identity theft is occurring.

If you are having second thoughts about an account you opened, you should call to formally close the card. Just be aware that doing so might affect your credit score.

Keep in mind, too, an issuer may elect to close a card if it remains inactive long enough, so you may want to address an unwanted account head on (or use it from time to time to make small purchases) rather than weather any damage a sudden, unplanned closure may do to your score. (You can find out more about the effects closing a credit card can have on your credit here.)

More on Credit Cards:

Image: JackF

The post Do I Have to Activate My New Credit Card? (The Answer May Surprise You) appeared first on Credit.com.