Three habits that can help protect your credit cards from fraud

This article is reprinted by permission from NerdWallet

Last year, one of my family’s credit cards was used to rack up hundreds of dollars in bogus charges at Apple.com
AAPL,
+3.51%.
Another card was compromised four times in a row, as thieves repeatedly charged merchandise and Uber
UBER,
+2.61%
 rides.

We ultimately got our money back, but repeated credit card fraud can be frustrating and disheartening. Dealing with the aftermath taught me to prize security over convenience, and to change some bad habits that made me an easier target.

The clock is ticking on credit card fraud

Under the Fair Credit Billing Act, consumers have 60 days after bogus charges show up on a statement to report them to the credit card issuer to avoid most liability, says attorney Amy Loftsgordon, legal editor at Nolo, a self-help legal site. (The law limits a consumer’s liability to $50 per series of unauthorized uses, but most issuers waive that, Loftsgordon says.)

So my heart sank when I realized that the fraud on our Apple.com account had started at least six months earlier.

I’d noticed that the Apple.com charges had been ticking up, but assumed my husband was buying more audiobooks and my daughter was downloading more games. I’d grouse at them occasionally, they would proclaim innocence and the charges would continue.

Finally, the thief went too far and charged over $300 in a single month. I contacted Apple and discovered our card had been used to purchase dating apps and virtual phone numbers, which were likely being used to scam other people. The electronic receipts for these purchases were sent to an email address I didn’t recognize.

Also read: These new credit cards promise no credit checks, fees, deposits or even interest rates. What’s the catch?

A new card didn’t stop the fraud

The kicker: The thief was using a credit card number that had already been reported as compromised. Normally, credit card issuers will deny new charges on a compromised number. But according to the card issuer, the thief started their crime spree during the few days that my replacement card was in the mail. Since we already made regular purchases at Apple.com, the card issuer assumed the charges using the old card were legit and allowed them to go through “as a courtesy” — month after month. (I was assured that this sequence of events “is extremely rare and hardly ever happens.”)

An Apple customer service representative deleted the most recent month’s charges and the issuer removed the rest — even those well past the 60-day mark.

Read: These online scams to steal your money will shock you

My takeaways: Sites where you make multiple purchases each month need to be monitored carefully for bogus transactions. Compare what your credit card statement says you’ve charged with your purchase history on the site. You may have to search online for how to find that history; Apple certainly doesn’t make it easy or intuitive to find your charges. And if you find fraud, report it — even if it’s beyond the 60-day deadline.

Learn more: 6 things to do if you’re a victim of credit card fraud

Make fraudsters work harder

It’s still not clear why my other card was repeatedly compromised. I’d no sooner get a replacement card than I would receive a text from the issuer asking about another suspicious transaction.

I removed the card from the browsers and websites where it had been stored. We may like the convenience of not having to type in our credit card numbers, but every place we store our cards is another place where they can be stolen, says security expert Avivah Litan, a distinguished vice president analyst with research firm Gartner Inc.

The mobile app for this card allowed me to see many of the places where my card was saved. But the list wasn’t complete. After the fourth hack, a phone rep said my card was stored at Airbnb
ABNB,
+2.74%,
Walmart.com
WMT,
+0.12%
and Uber — three places that didn’t show up in my app and that I hadn’t authorized. The rep disconnected the card from those accounts. In the future, I’ll call in to report fraud so I can ask for this review rather than merely responding to a text warning or going online. I also learned that I could “lock” my card in the mobile app to prevent unauthorized use. Unlocking it when I want to make a charge just takes a few seconds. I wish more issuers offered this feature.

At the issuer’s suggestion, I ran antivirus and anti-malware software (my devices were clean) and changed the passwords on my email accounts as well as my financial accounts, in case a thief had broken into those. I already had two-factor authentication, which requires a code and a password to sign in, on my financial and email accounts. I added it to my most-used retail sites as well.

Also on MarketWatch: ‘I don’t use cash’: I’m 70 and my home is paid off. I live off Social Security, and I use a credit card for all my spending. Is that risky?

I’ve also started using a mobile payment system wherever possible. These systems — which include Apple Pay, Google Pay
GOOGL,
+1.79%
and Samsung Pay — create a “token” that’s transmitted to merchants so that your credit card number is never exposed or stored. Similarly, some credit card issuers will provide virtual numbers that you can use instead of your real account number when making purchases online.

I don’t imagine all this will make me fraud-proof, because that’s impossible. I’m just trying to make the thieves work a little harder next time.

More From NerdWallet

Liz Weston, CFP® writes for NerdWallet. Email: [email protected]. Twitter: @lizweston.

You May Also Like

Canopy Growth lays off 800 as its slashes spending and posts wider-than-expected loss

Canopy Growth Corp. CGC, -2.84% stock fell 5% Thursday after the cannabis…

Why sales of Botox and other cosmetic injections may be resilient in a recession

Many of the people in the U.S. who pay hundreds of dollars…

Powerful quake kills over 100 in Turkey and Syria

A massive earthquake struck southern Turkey and northern Syria, tearing down buildings…

UK faces legal action over windfall tax on energy companies

A UK developer of onshore wind farms is threatening the government with…