Houston Chronicle

Make credit cards less vulnerable to fraud

- By Liz Weston This column was provided to the Associated Press by the personal finance website NerdWallet. Liz Weston is a columnist at NerdWallet, a certified financial planner and author of “Your Credit Score.” Email: lweston@nerdwallet.com. Twitter: @l

Last year, one of my family’s credit cards was used to rack up hundreds of dollars in bogus charges at Apple.com.

Another card was compromise­d four times in a row, as thieves repeatedly charged merchandis­e and Uber rides.

We ultimately got our money back, but repeated credit card fraud can be frustratin­g and dishearten­ing.

Dealing with the aftermath taught me to prize security over convenienc­e, and to change some bad habits that made me an easier target.

Clock is ticking on credit card fraud

Under the Fair Credit Billing Act, consumers have 60 days after bogus charges show up on a statement to report them to the credit card issuer to avoid most liability, says attorney Amy Loftsgordo­n, legal editor at Nolo, a self-help legal site.

The law limits a consumer’s liability to $50 per series of unauthoriz­ed uses, but most issuers waive that, Loftsgordo­n says.

So my heart sank when I realized that the fraud on our Apple.com account had started at least six months earlier.

I’d noticed that the Apple.com charges had been ticking up, but assumed my husband was buying more audiobooks and my daughter was downloadin­g more games. I’d grouse at them occasional­ly, they would proclaim innocence and the charges would continue.

Finally, the thief went too far and charged over $300 in a single month.

I contacted Apple and discovered our card had been used to purchase dating apps and virtual phone numbers, which were likely being used to scam other people.

The electronic receipts for these purchases were sent to an email address I didn’t recognize.

New card didn’t stop fraud

The kicker: The thief was using a credit card number that had already been reported as compromise­d. Normally, credit card issuers will deny new charges on a compromise­d number.

But according to the card issuer, the thief started their crime spree during the few days that my replacemen­t card was in the mail.

Since we already made regular purchases at Apple.com, the card issuer assumed the charges using the old card were legit and allowed them to go through “as a courtesy” — month after month.

An Apple customer service representa­tive deleted the most recent month’s charges and the issuer removed the rest — even those well past the 60-day mark.

My takeaways: Sites where you make multiple purchases each month need to be monitored carefully for bogus transactio­ns.

Compare what your credit card statement says you’ve charged with your purchase history on the site.

You may have to search online for how to find that history; Apple certainly doesn’t make it easy or intuitive to find your charges.

And if you find fraud, report it — even if it’s beyond the 60-day deadline.

Make fraudsters work harder

It’s still not clear why my other card was repeatedly compromise­d. I’d no sooner get a replacemen­t card than I would receive a text from the issuer asking about another suspicious transactio­n.

I removed the card from the browsers and websites where it had been stored. We may like the convenienc­e of not having to type in our credit card numbers, but every place we store our cards is another place where they can be stolen, says security expert Avivah Litan, a distinguis­hed vice president analyst with research firm Gartner Inc.

The mobile app for this card allowed me to see many of the places where my card was saved. But the list wasn’t complete.

After the fourth hack, a phone rep said my card was stored at Airbnb, Walmart.com and Uber — three places that didn’t show up in my app and that I hadn’t authorized.

The rep disconnect­ed the card from those accounts. In the future, I’ll call in to report fraud so I can ask for this review rather than merely responding to a text warning or going online.

I also learned that I could “lock” my card in the mobile app to prevent unauthoriz­ed use. Unlocking it when I want to make a charge just takes a few seconds. I wish more issuers offered this feature.

At the issuer’s suggestion, I ran antivirus and anti-malware software (my devices were clean) and changed the passwords on my email accounts as well as my financial accounts, in case a thief had broken into those.

I already had two-factor authentica­tion, which requires a code and a password to sign in, on my financial and email accounts. I added it to my most-used retail sites as well.

I’ve also started using a mobile payment system wherever possible. These systems — which include Apple Pay, Google Pay and Samsung Pay — create a “token” that’s transmitte­d to merchants so that your credit card number is never exposed or stored.

Similarly, some credit card issuers will provide virtual numbers that you can use instead of your real account number when making purchases online.

I don’t imagine all this will make me fraud-proof, because that’s impossible. I’m just trying to make the thieves work a little harder next time.

 ?? Associated Press file photo ?? Some credit card issuers will provide virtual numbers that you can user when making purchases online.
Associated Press file photo Some credit card issuers will provide virtual numbers that you can user when making purchases online.

Newspapers in English

Newspapers from United States