This post may contain affiliate links which may compensate us based on your interaction. Please read the disclosures for more information.
Americans reported nearly 442,000 incidents of credit card information being misused last year. Take a look at how credit card info often gets stolen.
Last year, credit card fraud topped the list of types of reported identity theft, according to the Federal Trade Commission (FTC). There were nearly 442,000 reports from people who said their information was misused with an existing credit card or when they applied for a new one, up 13% from the previous year.
And that fraud adds up to a lot of money being spent. Stolen credit card information contributed to the broader fraud category, in which $8.8 billion was stolen in 2022, a shocking $2.6 billion increase from 2021, according to the FTC.
While credit card companies typically protect customers from having to pay for items that were purchased with stolen credit card information, it can still be a significant headache to have your card — and potentially your identity — stolen.
Here are the ways your credit card information often gets stolen and how to keep yourself safe.
Phishing
Phishing involves scammers sending a message, like an email, text, or phone call, that appears to come from a legitimate source, like a bank. The message typically asks the recipient to click on a link to a website that will eventually ask for their credit card number.
A specialty version of this scam is spear phishing, a sophisticated, tailored attack sent to someone to steal their credit card information.
Skimming
Credit card skimming is when a device is placed over a card reader at a register and it steals your card information when you make a purchase, according to Capital One.
Some criminals have placed skimmers at gas pumps, which then read and store the card’s information when swiped.
Shimming
Shimming is similar to skimming, except it differs in that this theft targets credit cards with the small, embedded microchips in them, called EMV® chips. A paper-thin device, or shim, is put inside a credit card machine, according to Experian, and it then copies and stores the credit card info when you put the card into the machine.
It’s worth noting that chip credit cards are still more secure than using a card’s magnetic strip.
Physical theft
This one is a more obvious way to lose your credit card information. If you’ve ever lost your wallet or had it stolen, you know there’s a possibility your credit card will be used to make fraudulent purchases.
Data breach
A data breach can occur at a company you’ve done business with or purchased from. If the company is the victim of a phishing attack or is targeted by hackers, your credit information can be stolen in the process, according to Chase.
Public wifi
Public wifi connections, like at a coffee shop, can be popular places for criminals because these networks often aren’t secure.
Equifax says that anyone can easily access these networks, and some don’t use proper encryption, making them easy targets for criminals to access someone’s personal information.
Malware and spyware
Just like companies, you can experience a data breach as well. Your credit card information could be compromised if your device is infected with malware — software that’s intentionally designed to cause harm — or with spyware, which is software installed on your device without your knowledge to steal personal information, according to McAfee.
Account takeover
Sometimes criminals get your credit card information by gaining access to personal information, like through an e-commerce account. For example, someone could buy your login credentials on the dark web, then use them to log in to your favorite online shopping platform and steal your credit card information stored in that account.
Mail theft
Sometimes criminals use less sophisticated ways of stealing your identity, like sifting through your mail looking for credit card numbers. According to Allstate Insurance, this may involve looking through your trash for personal information or even filling out a fraudulent change-of-address form to have your mail forwarded to them.
Social engineering
Social engineering is a technique where a criminal poses as someone you know or trust to steal your credit card information. According to HSBC, this sometimes happens on social media platforms where someone poses as your friend, wins over your trust, and then eventually asks you for credit card information.
Database SQL injection
Hackers can sometimes put malicious code in the backend of an online database that displays sensitive information, like credit card numbers. When this happens, criminals see your credit card information when you use an infected website or app.
How to protect yourself from credit card fraud
If you’re thinking of switching to all cash after reading this, there’s an easier way to protect yourself. First, the FTC recommends never giving out your credit card information over the phone unless you’re the one who initiated the call. The organization also says you should never leave your account information out in the open.
Setting up two-factor authentication for accounts that use your credit card information is also recommended. This security protection will require you to enter a code or log in from an app before you can access your account, which makes it harder for criminals to use your stolen account information online.
And finally, using chip cards can help reduce fraud because they’re more secure than swiping your card’s magnetic strip. Taking these simple steps can help you avoid having your credit card information stolen and make it harder for criminals to impersonate you.
Alert: highest cash back card we’ve seen now has 0% intro APR until nearly 2025
If you’re using the wrong credit or debit card, it could be costing you serious money. Our experts love this top pick, which features a 0% intro APR for 15 months, an insane cash back rate of up to 5%, and all somehow for no annual fee.
In fact, this card is so good that our experts even use it personally. Click here to read our full review for free and apply in just 2 minutes.
We’re firm believers in the Golden Rule, which is why editorial opinions are ours alone and have not been previously reviewed, approved, or endorsed by included advertisers.
The Ascent does not cover all offers on the market. Editorial content from The Ascent is separate from The Motley Fool editorial content and is created by a different analyst team.JPMorgan Chase is an advertising partner of The Ascent, a Motley Fool company. HSBC Holdings is an advertising partner of The Ascent, a Motley Fool company. Chris Neiger has no position in any of the stocks mentioned. The Motley Fool has positions in and recommends JPMorgan Chase and Target. The Motley Fool recommends HSBC Holdings. The Motley Fool has a disclosure policy.