Last year, my family’s credit card was used to falsely charge hundreds of dollars at Apple.com. Another card was compromised four times in a row when thieves repeatedly billed for goods and Uber rides.
We eventually got our money back, but repeat credit card fraud can be frustrating and discouraging. Dealing with the aftermath has taught me to prioritize safety over convenience and to change some bad habits that made me an easier target.
THE CLOCK IS TICKING CREDIT CARD FRAUD
Under the Fair Credit Billing Act, consumers have 60 days after false charges appear on a statement to report them to the credit card issuer to avoid most liabilities, says attorney Amy Loftsgordon, legal editor at Nolo, a legal self-help website. (The law limits a consumer’s liability to $50 per series of unauthorized uses, but most issuers waive that, says Loftsgordon.)
So my heart sank when I realized that the scam on our Apple.com account had started at least six months earlier.
I had noticed that Apple.com fees had gone up, but assumed my husband was buying more audiobooks and my daughter was downloading more games. Occasionally I scolded them, they maintained their innocence and the charges continued.
Eventually, the thief went too far and demanded over $300 in a single month. I contacted Apple and discovered that our card was being used to purchase dating apps and virtual phone numbers that were likely being used to scam other people. The electronic receipts for these purchases were sent to an email address that I do not know.
A NEW CARD DID NOT STOP THE FRAUD
The trick: The thief used a credit card number that had already been reported as compromised. Typically, credit card issuers will refuse new charges for a compromised number. But according to the card issuer, the thief began his crime spree in the few days that my replacement card was in the mail. Since we were already regular purchasers at Apple.com, the card issuer assumed the charges on the old card were legitimate and let them through “as a courtesy” — month after month. (I have been assured that this sequence of events is “extremely rare and hardly ever occurs.”)
An Apple customer service rep wiped out last month’s charges, and the issuer removed the rest — even those well past the 60-day mark.
My Findings: Sites where you make multiple purchases each month need to be carefully monitored for fake transactions. Compare your credit card statement with your purchase history on the website. You may have to search online to find this history. Apple certainly doesn’t make finding your charges easy or intuitive. And if you find fraud, report it—even if it’s past the 60-day limit.
MAKE CHEATERS WORK HARDER
It’s still not clear why my other card was repeatedly compromised. As soon as I received a replacement card, I received a text message from the issuer asking about another suspicious transaction.
I removed the map from the browsers and websites that stored it. We like the convenience of not having to type in our credit card numbers, but any place we keep our cards is another place where they can be stolen, says security researcher Avivah Litan, distinguished vice president and analyst at research firm Gartner Inc.
The mobile app for this map allowed me to see many of the locations where my map was saved. But the list wasn’t complete. After the fourth hack, a phone operator said my card was stored with Airbnb, Walmart.com, and Uber — three places that didn’t show up in my app and that I hadn’t authorized. The representative has disconnected the card from these accounts. In the future I will be calling to report scams so I can ask for this review instead of just responding to an SMS alert or going online. I also learned that I can “lock” my card in the mobile app to prevent unauthorized use. Unlocking when I want to charge only takes a few seconds. I wish more issuers would offer this feature.
At the exhibitor’s suggestion, I ran anti-virus and anti-malware software (my devices were clean) and changed the passwords on my email and financial accounts in case a thief had broken into them. I already had two-factor authentication for my finance and email accounts, which requires a code and password to log in. I’ve also added it to my favorite retail sites.
I have also started using a mobile payment system wherever possible. These systems — including Apple Pay, Google Pay, and Samsung Pay — create a “token” that is sent to merchants, so your credit card number is never revealed or stored. Similarly, some credit card issuers provide virtual numbers that you can use in place of your real account number when making online purchases.
I don’t think all of this will make me fraud proof because it’s impossible. I’m just trying to make the thieves work a little harder next time.
______________________
This column was provided to The Associated Press by personal finance website NerdWallet. Liz Weston is a columnist at NerdWallet, a certified financial planner and the author of Your Credit Score. Email: [email protected] Twitter: @lizweston.
RELATED LINK:
NerdWallet: How to prevent credit card fraud https://bit.ly/nerdwallet-protect-against-credit-card-fraud
Liz Weston from Nerdwallet, The Associated Press
Don’t miss interesting posts on Famousbio
