Credit card scams are on the rise in Virginia. Experts explain how to lower the risk of being scammed
Last year, one of my family’s credit cards was used to make fake charges at Apple.com for several hundred dollars. The same thieves used a different card four times in a row to buy things and take Uber rides.
We got our money back in the end, but credit card fraud that keeps happening can be frustrating and disheartening. Dealing with the aftermath taught me to put security over convenience and to change some bad habits that made me an easier target.
Time is running out to report fraud
Under the Fair Credit Billing Act, consumers have 60 days after bogus charges show up on a statement to report them to the credit card issuer and avoid most liability, said Nolo legal editor Amy Loftsgordon. Loftsgordon said that most issuers don’t hold customers responsible for more than $50 per series of unauthorized uses, even though that’s what the law says.
So it broke my heart to find out that the fraud on our Apple.com account had been going on for at least six months.
I had noticed that the charges from Apple.com were going up, but I thought that was because my husband was buying more audiobooks and my daughter was downloading more games. I would sometimes complain to them, but they would always say they were innocent and the charges would keep coming.
The thief finally went too far when he charged more than $300 in one month. I called Apple and found out that our card had been used to buy dating apps and virtual phone numbers, which were probably being used to scam other people. I didn’t know this email address where the receipts for these purchases were sent.
Fraud continued even with a new card.
The thief used a credit card number that had already been reported as being used by someone else. Credit card companies will usually not let new charges go through on a compromised number. But according to the company that issued the card, the thief started committing crimes while my new card was in the mail. Since we already bought things from Apple.com on a regular basis, the card issuer thought the charges made with the old card were valid and let them go through “as a courtesy” every month. (I was told that this set of events “almost never happens and is very rare.”)
The most recent month’s charges were taken off by an Apple customer service rep, and the rest were taken off by the card issuer, even though they were more than 60 days old.
What I learned is that sites where you buy a lot of things every month need to be closely watched for fake transactions. Compare what’s on your credit card statement with what you’ve bought on the site. Apple doesn’t make it easy or obvious to find your charges, so you may have to look online to find out how to find that history. Even if it’s been more than 60 days, you should still report fraud.
Don’t save your card information on browsers or websites.
Still, I don’t know why my other card kept getting hacked. As soon as I got a new card, the company that gave it to me would send me a text message asking about another suspicious transaction.
I took the card number out of the browsers and websites where it was saved. We might like not having to type in our credit card numbers, but security expert Avivah Litan, a distinguished vice president analyst at research firm Gartner Inc., says that every place we keep our cards is another place where they can be stolen.
With this card’s mobile app, I could see many of the places where my card was stored. But it wasn’t a full list. After the fourth hack, a phone rep told me that my card was saved at Airbnb, Walmart.com, and Uber, which didn’t show up in my app and which I hadn’t given permission to. The worker took the card out of those accounts. Instead of just responding to a text message or going online to report fraud, I’ll call in from now on so I can ask for this review. I also found out that I could keep other people from using my card by “locking” it in the app. When I want to charge it, it only takes a few seconds to unlock it. I wish that more issuers had this option.
At the issuer’s suggestion, I ran antivirus and anti-malware software (my devices were clean) and changed the passwords on my email accounts and financial accounts, just in case a thief had broken into those. On my financial and email accounts, I already had two-factor authentication, which requires a code and a password to sign in. I also added it to my list of most-used shopping sites.
I’ve also started paying for things with my phone whenever I can. Apple Pay, Google Pay, and Samsung Pay are all examples of these systems. They create a “token” that is sent to merchants so that your credit card number is never shown or stored. In the same way, some credit card companies will give you a virtual number that you can use when shopping online instead of your real account number.
I don’t think that all of this will make me immune to fraud, because that can’t happen. I’m just trying to make it harder for the thieves to steal again.
