By: Deshietha Partee-Grier, Manager, Payment Systems Fraud Analytics, Fraud & AML Risk Management; and Stella Katsipoutis
As you’re driving home from work, you suddenly realize that you need to make a pit stop at the supermarket to pick something up for dinner. Just like you almost always do, you use your credit or debit card to pay for your purchase at the cash register, and you head home to enjoy your much-anticipated meal. Shortly after, you receive a text or email notification asking you to confirm a strange transaction that you never made, and you suspect that your card has been compromised. What gives?
When you think of the word “compromise,” your first instinct is to, of course, react with fear. Your mind begins to race as you try to figure out how this happened. And, in doing so, it’s easy to assume that your credit union, bank or credit card company failed to protect your private information. But the truth is that, more often than not, the compromise isn’t the result of a mistake made by your financial institution. VyStar in particular has many different fraud detection and prevention features in place to protect our members from such compromises, including Electronic Security Protection (ESP), Visa® Transaction Alerts, EMV chip card technology, Visa’s Zero Liability Policy, and online account access. Rather, compromises are usually the result of some very carefully plotted schemes executed by fraudsters against merchants or the cardholders themselves.
Below, we explain how some of the most common types of credit or debit card compromises work so you can better safeguard yourself against them.
These small electronic or data-transmitting devices are used by fraudsters to illegally collect data from the magnetic stripe of numerous credit or debit cards. Skimming devices have been found on, in and around gas station pumps, ATMs, retail stores and even on handheld devices utilized by salespeople. The skimmers—which are usually crafted to look almost identical to the actual card-scanning device on which they’re installed—are placed there when no one is around or while there is a distraction available. The skimmer remains at the gas pump, ATM, or wherever it is installed, collecting card information from numerous unsuspecting patrons. The fraudsters later retrieve the skimmer and use the collected information to create counterfeit cards or sell the card information to other fraudsters on the black market for fraudulent e-commerce purchases.
The next time you find yourself at a gas pump or any other such freestanding point of sale, take the time to carefully inspect the card-reading device before you swipe your card. A gentle tug on the card slot should help reveal if it is authentic or not. Also, make sure you set up VyStar mobile banking alerts and Visa Transaction Alerts so that you are notified whenever a suspicious purchase is made on your account. To sign up for Visa Transaction Alerts for your VyStar card, follow these steps:
Phishing is a scam in which fraudsters manipulate victims into providing sensitive information, usually via email. They do this by falsely claiming to be from a legitimate business with which the victim often conducts transactions. These emails, which are complete with counterfeit company logos, direct victims to websites that retain any information typed in by the victim or download harmful software onto the victim’s computer. For example, a fraudster sends you an email from a commonly used merchant or business, along with a link to a fictitious website that appears to be the merchant’s or business’ website. When you click on the link, you are routed to the fictitious website, where the site installs malware on your computer (a key logger) that captures your keystrokes. The malware is installed without any visible indicators, so you never realize that you are being watched every time you type a username, password, card number, expiration date, etc.
Always be wary of any email or text message that asks you to provide personal information by replying to a message or clicking on a link, especially when it is unsolicited. Phishing emails are usually littered with spelling mistakes, and the sender address may also sometimes appear suspect when you look close enough. Do not click on any links or images from unknown senders. Instead, hover over them with your mouse (without clicking on them) to confirm that they are routing you to official sites. If you are ever in doubt, play it safe and go directly to the business website yourself by typing the URL into your Web browser, or just call the company directly to confirm the legitimacy of the information request. Finally, only enter your credit or debit card information on secure websites that have “https” or a lock symbol that appears in the site address.
During merchant compromises, fraudsters hack into a merchant’s or card processor’s computer network and steal customer credit or debit card data. Unfortunately, there is nothing you can personally do to protect a merchant from getting hacked or prevent your card number from landing in the hands of a fraudster when a merchant is compromised. However, you can rest assured that VyStar will take every action necessary to protect you in the event that your credit or debit card number is involved in a compromise.
When a breach like this occurs, the credit card company, such as Visa, identifies the issue and sends a list of the compromised cards to financial institutions, such as VyStar. They advise that the cards may have been compromised, but they do not reveal the name of the merchant. VyStar then takes immediate action to reissue the cards to the cardholders for their security. What you can do, however, is regularly monitor your account statements and notify your financial institution or credit card company whenever you spot something suspicious.
The content provided in this blog consists of the opinions and ideas of the author alone and should be used for informational purposes only. VyStar Credit Union disclaims any liability for decisions you make based on the information provided.