AwardWallet receives compensation from advertising partners for links on the blog. The opinions expressed here are our own and have not been reviewed, provided, or approved by any bank advertiser. Here's our complete list of Advertisers.
Returning home from a recent holiday in Bali, I tried to pay for groceries using a Visa card, only to have the transaction declined from lack of funds. Putting aside the embarrassment of holding up a long line of customers at the checkout, I logged onto my bank's app to figure out why the card declined, as the card had plenty of funds the last time I checked.
The statement showed two pending transactions totaling just under $3,000 each, from an unnamed merchant, identified only as a random series of numbers and letters. I called my bank and was informed that both transactions were made that day from the same merchant in Indonesia. After explaining that we had recently returned home, and the transactions couldn't be mine, I was informed that my card was (most likely) skimmed while we were in Bali and would need to be canceled.
So, What Is Card Skimming?
Card Skimming is an illegal method of capturing personal banking information for use in credit card fraud and bank fraud, and it is BIG business. The stats for 2014 (the last year records were available):
- Credit card and debit card fraud resulted in losses amounting to $16.31 billion during 2014. Card issuers and merchants incurred 62% and 38% of those losses, respectively, with the following transactional breakdown:
- Card issuer losses occur mainly at the point of sale from counterfeit cards while merchant losses occur mainly on card-not-present (CNP) transactions on the Web, at a call center or through mail order.
(Source: Nilson Report, July 2015)
To put credit card fraud in perspective, Iceland's estimated GDP is $17 billion; these are big, global numbers.
There are four primary ways identity thieves can skim your card.
- At an ATM – Using an overlay on the card reader, the magnetic strip is scanned as the card goes in and out and pin numbers are recorded either via camera or pressure-sensitive keypads.
- During a purchase – Information is typically harvested using card readers at the point-of-sale, this method is declining in popularity with the introduction of EMV secure chips but is still prevalent in the U.S., Asia, and Eastern Europe.
- Contactless payments – Using mobile point-of-sale machines, all an identity thief needs to do is pre-set a sale of $30 or $40 into the terminal, place it in a bag, and walk around bumping into people's back pockets and bags.
- Online – Still the most widespread credit card fraud and most commonly not the result of user error. The majority of credit card details obtained online are from hacked e-commerce merchants or breaches from the processor or network that handles online payments.
And while there are multiple ways identity thieves can get your credit or debit card details, there is also several ways you can prevent yourself becoming a victim of identity theft. Below we've put together our list of 9 ways to prevent credit card fraud when traveling.
1. Charge to your room – When you are staying in a hotel or resort, charge everything to your room and pay the total at checkout. It may sound overly simplistic, but you are much less likely to be targeted at the reception of a busy hotel with a reputation to protect, where your card is in sight, than handing your card to a pool attendant to have processed at the bar. Don't let your card out of your sight!
2. Use an app to put a ‘hold' on your card – Try using a card that can be locked, or switched ‘on' and ‘off' via your phone. Some third-party apps have this functionality but check with your bank first. For example, my ING Direct Visa has a hold button in-app that locks further use of the card until I take it off hold, again via the app. The caveat with this is if you can't get online or your phone battery dies you cannot toggle the ‘hold' function on or off. Discover offers something similar as well, where you can freeze your Discover account.
3. Prepaid debit cards – Loading money onto a prepaid debit card for purchases while abroad can prevent your primary credit card details being scanned. Air New Zealand offers Airpoints™ members a onesmart™ card that functions as both a member card, and also as a debit Mastercard® that can be pre-loaded with up to eight different currencies. And, as a bonus you earn Airpoints™ on everything you spend. Check out the offering from Travelex as well — they're the people you likely see doing currency exchange at the airport.
4. Secondary accounts – On a recent trip to Asia, we opened a separate checking account with our bank and had a Visa debit card attached to the account. When we wanted to use the card to pay for anything or to withdraw cash, we only transferred the exact amount we needed into the account from our primary account attached via the banks app. This way, the account connected to the card remained empty unless we needed immediate access to the funds.
5. Geolocation software – Although not widely available yet, some financial institutions will pair geolocation software with your card on request. Paired with your phone, if the phone and the card are not in the same location, the transaction will not be processed. The downside is when you accidentally leave your phone in the hotel, or it runs out of juice, you can't use the card. Give your bank a call to see if this is a service they offer as it is a fantastic security feature.
6. EMV security chips – Use a card with an EMV security chip like the Chase Sapphire Preferred® Card. Most new merchant card terminals have a slot to accept credit and debit cards equipped with an EMV security chip. The reason cards with a magnetic strip are so susceptible to credit card fraud is the data contained in the strip never changes. EMV secure chips, on the other hand, produce unique 1-use tokens that are impossible to predict, and cannot be reproduced by hackers. The tokens are only good for one transaction.
Note: EMV technology doesn't work when using an ATM or if you use the swipe functionality at a point-of-sale terminal.
7. Cash – Cash is still king in many parts of the world. During our two months in Indonesia, there were times when there were neither ATMs nor card terminals for miles in any direction, and it was necessary to withdraw a significant amount of cash whenever we had the opportunity to do so. When withdrawing money from ATMs, look for ATMs inside bank foyers and hotel receptions, preferably places that have security on duty. These machines will be inspected daily and are much less likely to be targeted; you are most at risk of card skimming when using ATMs in bars, gas stations, and convenience stores.
8. Virtual Account Numbers – Protecting yourself online, particularly when using websites that are offshore and not subject to US laws, is surprisingly easy. Products like ShopSafe® from Bank of America and Virtual Account Numbers from Citi® will generate a temporary 16-digit account number, expiry date, and security code that can only be used for one transaction and then becomes void. There are also third party vendors that are providing a similar service through E-wallets such as AlliedWallet, but if your bank offers this service, it should be your first place to go.
9. RFID protection. As contactless payment becomes more popular, so does the use of wireless skimming technology. Nearly all financial institutions offer security promises and money-back guarantees in the case of fraud, but I believe it's far better to take the lead in protecting yourself from identity theft. RFID blocking wallets like the Access Denied Men's RFID Blocking Wallet protect your information from being stolen via RFID-skimming, or you could go for a more robust solution such as Amourcard, which actively jams nearby radio-frequency signals. You can also DIY a cheaper handmade solution by wrapping your cards in aluminum foil which, according to science (and my Dad), has much the same effect.
Having spent a good portion of the last 16 years traveling and the last year on the road in Asia, I considered myself fairly savvy when it came to protecting myself from credit card fraud … until someone withdrew almost $600 from my account without me knowing. The loss of a few hundred dollars was a nuisance, but having to cancel and cut up my cards (my rep from the bank recommended canceling every card I used in Indonesia) was a hassle.
While this list doesn't cover every solution to protect yourself from credit card fraud while traveling, if you implement as many of these as you can, you will be making the jobs of identity thieves the world over much harder. Let us know how you protect yourself from credit card fraud in the comments.
The comments on this page are not provided, reviewed, or otherwise approved by the bank advertiser. It is not the bank advertiser's responsibility to ensure all posts and/or questions are answered.