One of my family members’ credit cards was used last year to rack up hundreds in fraudulent charges at Apple.com. A fourth card was stolen four times, and thieves charged Uber for rides and merchandise.
Although we were able to get our money back, repeated credit card fraud can be frustrating. I learned to value security and not convenience. It also taught me how to deal with my past bad habits, which made it easier for me to be a target.
Credit card fraud is on the rise
Consumers have 60 days to report bogus charges to credit card issuers under the Fair Credit Billing Act. This is according to attorney Amy Loftsgordon of Nolo, which is a self-help legal website. Loftsgordon states that although the law limits consumers’ liability to $50 for each series of unauthorized use, most issuers will waive this. )
My heart was broken when I discovered that our Apple.com account was being fraudulently used at least six months before.
I noticed that Apple.com’s charges were increasing, and assumed my husband was purchasing more audiobooks and my child was downloading more games. They would grin at me occasionally and continue to charge me.
The thief took it too far, charging over $300 per month. Apple was contacted by me and I discovered that our card was being used to buy dating apps and virtual numbers. This could have been used to scam others. These electronic receipts were sent to an address that I did not recognize.
The fraud was not stopped by a new card
The best part? The thief used a credit card number already reported as compromised. Credit card issuers are not likely to charge new charges for a compromised credit card number. The card issuer said that the thief began their crime spree within the first few days after my replacement card arrived in the mail. The card issuer assumed that the charges against the old card were legitimate and let them through as a courtesy — month after month. I was assured that such a sequence of events is “extremely rare” .”)
A customer service representative at Apple deleted the last month’s charges, and the issuer took out all the rest.
My conclusions: Websites that allow you to make multiple purchases per month should be closely monitored for fraudulent transactions. Check your credit card statements to see how much you have been charged and compare that with the purchase history. It may be necessary to search online to locate your history. Apple doesn’t make it intuitive or easy to find your charges. Report fraud if you discover it, even if it is beyond the 60-day limit.
Make fraudsters harder
My other card was stolen repeatedly. It is still unclear why. I wouldn’t get a replacement card until I received a text message from the issuer asking for information about another suspicious transaction.
I deleted the card from all websites and browsers where it was stored. Although we may enjoy the convenience of not having our credit card numbers typed in, every place our cards are stored is another potential place for theft, according to Avivah Litan (security expert and distinguished vice president analyst at Gartner Inc.
I was able to view many of the locations where my card was stored using the mobile app. The list was not complete. A phone rep informed me that my card was being stored at Uber, Walmart.com, and Airbnb after the fourth hack. These were three places that didn’t appear in my app and I had not authorized. The representative removed the card from these accounts. In the future, I will call in to report fraud to ask for this review instead of responding to a text warning and going online. I learned that my mobile app could “lock” my credit card to prevent unauthorized use. It takes only a few seconds to unlock my card when I need it. This feature is something I wish more issuers would offer.
The issuer suggested that I run antivirus and anti-malware software on all my devices. Also, I changed my passwords for my email accounts and my financial accounts to prevent a thief from accessing them. Two-factor authentication is a method that requires both a code and password to log in to my email and financial accounts. It was also added to my most-used retail websites.
I have also begun to use a mobile payment system whenever possible. These systems, which include Apple Pay or Google Pay, create a token that is transmitted to merchants. This ensures that your credit card number will never be exposed or stored. Virtual numbers can also be provided by credit card issuers that you can use to make online purchases instead of your actual account number.
All this won’t make me foolproof. I am just trying to make thieves work harder next time.
This article is by NerdWallet. It was originally published in The Associated Press.