How Did My Card Get Compromised?


“We understand the inconvenience this causes (it is not isolated to Alden Credit Union) but as an overall business practice our main responsibility is to protect our members and their financial assets. Because of that we proactively try to react so our members do not incur any financial losses. While other institutions pass along the cost to their customers, Alden Credit Union has never charged our members for circumstances that are out of their control. “                                                                                                                                                                                                          – Adam D. Corcoran – President/CEO   

 

 

 

Fraudsters have many tricks up their sleeves when it comes to stealing your credit or debit card data.

As you’re driving home from work, you suddenly realize that you need to make a pit stop at the supermarket to pick something up for dinner. Just like you almost always do, you use your credit or debit card to pay for your purchase at the cash register, and you head home to enjoy your much-anticipated meal. Shortly after, you receive notification that your card may have been compromised. What gives?

When you think of the word “compromise,” your first instinct is to, of course, react with fear. Your mind begins to race as you try to figure out how this happened. And, in doing so, it’s easy to assume that your credit union, bank or Credit Card Company failed to protect your private information. But the truth is that, more often than not, the compromise isn’t the result of a mistake made by your financial institution.

Alden Credit Union has many different fraud detection and prevention features in place to protect our members from such compromises, including 24hr Fraud Watch Plus, EMV chip card technology and online account access. Rather, compromises are usually the result of some very carefully plotted schemes executed by fraudsters against merchants or the cardholders themselves.

Below, we explain how some of the most common types of credit or debit card compromises work so you can better safeguard yourself against them.

Merchant Compromises
During merchant compromises, fraudsters hack into a merchant’s or card processor’s computer network and steal customers credit or debit card data. Unfortunately, there is nothing you can personally do to protect a merchant from getting hacked or prevent your card number from landing in the hands of a fraudster when a merchant is compromised. However, you can rest assured that Alden Credit Union will take every action necessary to protect you in the event that your credit or debit card number is involved in a compromise.

When a breach like this occurs, the credit card company, such as Visa, identifies the issue and sends a list of the compromised cards to financial institutions, such as Alden Credit Union. They advise that the cards may have been compromised, but they do not reveal the name of the merchant. Alden Credit Union then takes immediate action to reissue the cards to the cardholders for their security. What you can do, however, is regularly monitor your account statements and notify your financial institution or credit card company whenever you spot something suspicious.

Skimming Devices
These small electronic or data-transmitting devices are used by fraudsters to illegally collect data from the magnetic stripe of numerous credit or debit cards. Skimming devices have been found on, in and around gas station pumps, ATMs, retail stores and even on handheld devices utilized by salespeople. The skimmers—which are usually crafted to look almost identical to the actual card-scanning device on which they’re installed—are placed there when no one is around or while there is a distraction available. The skimmer remains at the gas pump, ATM, or wherever it is installed, collecting card information from numerous unsuspecting patrons. The fraudsters later retrieve the skimmer and use the collected information to create counterfeit cards or sell the card information to other fraudsters on the black market for fraudulent e-commerce purchases.
The next time you find yourself at a gas pump or any other such freestanding point of sale, take the time to carefully inspect the card-reading device before you swipe your card. A gentle tug on the card slot should help reveal if it is authentic or not.

Phishing
Phishing is a scam in which fraudsters manipulate victims into providing sensitive information, usually via email. They do this by falsely claiming to be from a legitimate business with which the victim often conducts transactions. These emails, which are complete with counterfeit company logos, direct victims to websites that retain any information typed in by the victim or download harmful software onto the victim’s computer. For example, a fraudster sends you an email from a commonly used merchant or business, along with a link to a fictitious website that appears to be the merchant’s or business’ website. When you click on the link, you are routed to the fictitious website, where the site installs malware on your computer (a key logger) that captures your keystrokes. The malware is installed without any visible indicators, so you never realize that you are being watched every time you type a username, password, card number, expiration date, etc.

Always be wary of any email or text message that asks you to provide personal information by replying to a message or clicking on a link, especially when it is unsolicited. Phishing emails are usually littered with spelling mistakes, and the sender address may also sometimes appear suspect when you look close enough. Do not click on any links or images from unknown senders. Instead, hover over them with your mouse (without clicking on them) to confirm that they are routing you to official sites. If you are ever in doubt, play it safe and go directly to the business website yourself by typing the URL into your Web browser, or just call the company directly to confirm the legitimacy of the information request. Finally, only enter your credit or debit card information on secure websites that have “https” or a lock symbol that appears in the site address.