Unfortunately, credit card fraud is becoming more and more common. Especially if you’re a travel aficionado who uses credit cards to earn points and miles, you need to understand how fraud works and the best ways to protect yourself.
While you may at first be excited about an extra $30 in points you found on your credit card, you won’t be as excited when you see a $1,000 charge that you didn’t make and don’t want to pay for!
If you want to prevent credit card fraud, then you need to know how credit card companies treat fraud, the procedures for dealing with it, and your rights and responsibilities when it comes to unauthorized charges.
This guide will also walk you through the types of fraud you’re likely to encounter, how to spot fraud when it happens, and where to report it to the proper authorities.
What Is Credit Card Fraud?
Credit card fraud is primarily the unauthorized, illegal use of your credit card to either obtain goods without paying for them or obtain funds from your account by way of a cash withdrawal.
Frequently, credit card fraud is part of a broader theft of your identity, and your personal information is often used to take out new loans or other lines of credit in your name. We’ll talk about the distinction between credit card fraud and identity theft below.
Is Credit Card Fraud the Same as Identity Theft?
Put simply, credit card fraud is a specific type of identity theft that can sometimes be a part of a larger fraud scheme. Here are a few key differentiating points you should be aware of:
- Size and Scope — Credit card fraud can be as small as 1 or 2 extra charges made to your account using stolen information. In contrast, identity theft is usually much broader and can involve the theft of multiple pieces of information that make it easier for criminals to impersonate you (like your address, Social Security number, birth date, bank account numbers, etc.).
- Financial Liability — Many credit card companies will not hold you liable for charges made to your account if your card information is stolen, since they have strict internal fraud prevention measures in place. Those that do hold you liable will often have a liability limit, like $50. However, since identity theft involves multiple points of entry into your personal life (banks, telephone companies, government records, insurance companies, etc.), it can be much more difficult to get full compensation for all of the potential damage.
- Potential Impact — While the impact of credit card fraud is usually limited to the stolen account’s information, identity theft can be much more damaging. Repercussions from identity theft can last a lifetime. For example, your Social Security number, insurance information, and multiple addresses can be compromised as criminals impersonate you to open fraudulent financial accounts or take out debt in your name.
- Ease of Correction — Once discovered, credit card fraud can usually be cleared up in a matter of days simply by contacting your card issuer. If an unauthorized charge is made, it will usually be reversed; the card will likely be canceled, and you’ll simply be issued a new one. However, clearing all your accounts (and personal information) from identity theft can take years. You may have to deal with banks, insurance companies, debt collection agencies, and even law enforcement.
How To Identify Fraud
The most reliable way of finding credit card fraud before it gets out of hand is to keep a watchful eye on all your accounts and your credit reports. There are many free credit monitoring services that can help you do this, including Credit Karma and Credit Sesame.
Though you can pay to join other more comprehensive services that will monitor your credit for you, it’s usually not necessary if you’re using credit cards responsibly and keeping tabs on all your accounts. If you’ve been a victim of full-blown identity theft, though, this investment may be worth it.
Having trouble remembering to monitor your accounts yourself? One strategy is to turn off auto-pay to ensure you’ll actually look at your statements every month instead of just paying the entire bill automatically. Yes, this will take a bit more effort — but it’s worth it to catch fraudulent activity early!
If you see unusual information on your credit report or a charge you don’t recognize, you should call your card issuer immediately. Though credit card companies are getting better and better at recognizing fraudulent patterns, it’s always best to have multiple sets of eyes watching — their algorithms aren’t perfect yet.
Watch specifically for small purchases you don’t remember making at a location you don’t frequent. Whether it’s 1 single charge or a series of strange ones, this can signal that someone is testing the card to see if you’re watching (and will report the card compromised) before they go on a major spending spree.
Another red flag is any charge from a geographical location where you weren’t present and didn’t make an online transaction.
How Does Fraud Happen?
The best way to prevent both credit card fraud and identity theft is to ensure your sensitive information is secured as much as possible. Despite your best efforts, though, there is always the potential for an information breach that leaves you exposed.
According to a February 2021 report from the Consumer Sentinel Network (which collects fraud and identity theft complaints made to the state and federal government), 31% of consumers who gave a method of initial contact listed a phone call as these fraudster’s method of choice, followed closely by a text at 27%.
This indicates that fraudsters are becoming skilled at “phishing” for personal information over your phone. Here are a couple of examples:
- Fraudsters can offer a free gift or say you won a prize, but ask for your credit card information to cover shipping and require your address to claim it.
- Scammers may say they’re calling from a company and need more information to confirm an account that you didn’t really open, prompting you to give personal information.
Consumers also listed email as the initial point of contact in 15% of cases, website or apps in 7% of cases, social media in 6%, a piece of physical mail for 3% of cases, and 1% of fraud started with an online pop-up or ad. See below for more information on phishing scams, which can happen to anyone over any medium.
The states with the highest per capita rates of reported fraud in 2020 were Nevada, Delaware, Florida, Maryland, and Georgia.
Somewhat surprisingly, though, there’s no clear correlation between age and being a victim: in 2020, identity theft affected people from age 30 to 69 almost identically.
Not all credit card fraud involves outright theft of your physical card. There are plenty of other ways crooks can get access to your credit information, including:
- Rifling through your trash to find discarded receipts or copies of card numbers
- A dishonest clerk, server, or retailer copying your credit card information, including the security feature on the back of the card
- A telemarketing scam like the ones mentioned above
Crooks may also employ high-tech methods, including:
- Skimming — Electronic devices called “skimmers” can read your card’s magnetic strip and grab your credit card details. Dishonest service clerks can use these devices to make an electronic copy of your card, which they then transfer to a blank credit card or computer to make fraudulent charges. Skimmers can also be installed at ATMs and gas station pumps. See this reference for more guidance on skimmers and what to look for.
- Phishing — Phishing refers to phony emails, phone calls, or letters claiming to be a business or institution you might know asking for your credit card or other personal information. This is a type of social engineering tactic where the crook hopes you will voluntarily give up your personal information so he or she can use your credit for themselves.
Who Pays for Credit Card Fraud?
The short answer here is — all of us. The FTC estimates that the total cost of fraud-related incidents was $2.2 billion in 2020 alone.
The FTC doesn’t receive reports on all fraud cases, so many other sources report a much higher cost. According to CNBC, consumers lost over $56 billion from identity theft and fraud in 2020, while card issuers and merchants lost $28.65 billion. By 2027, Nilson Report suggests that card issuers and merchants could be seeing losses nearing $37.50 billion… so suffice it to say that fraud isn’t going anywhere soon!
Even if you’ve never been victimized directly, credit card fraud still affects you. When a credit card company has to cover fraudulent charges, it makes up for the loss by implementing higher fees and interest rate increases across all customers.
This means all that time you spent building up your credit score may not give you the low interest rate you wanted after all (though you might still find some 0% APR offers to take advantage of).
Who Investigates the Fraud?
For most cases under $2,000, credit card fraud is investigated by the issuing bank or card provider and not the police. This is mainly because some police departments don’t consider cases under $2,000 worthy of investigating.
In cases where the dollar amount exceeds $2,000, local police will typically get involved and work alongside the card issuer to pursue the criminal. For very large cases, the Federal Trade Commission may be involved.
Real Credit Card Fraud Cases and Examples
According to a Pew Research study in 2019, 79% of Americans say they are “not too or not at all confident that companies will admit mistakes and take responsibility if they misuse or compromise personal information,” and 69% report that they have a “lack of confidence that firms will use their personal information in ways they will be comfortable with.”
Capital One Breach 
Capital One, the fifth-largest credit card issuer in the U.S., revealed in July 2019 that a hacker had accessed the personal information of close to 106 million people who had applied for a credit card in the U.S. and Canada between 2005 and early 2019.
The information that was compromised included personal details on consumers and small businesses, such as names, some Social Security numbers, self-reported income, credit scores, and dates of birth.
Capital One said no credit card account numbers or log-in credentials were compromised as a part of this breach.
What Happened After the Breach
Capital One posted an FAQ that details how it responded to the breach and how those affected should respond. In short, the company said it would notify affected individuals directly.
Capital One did offer free credit monitoring and identity protection to those impacted but also suggested that customers monitor their accounts for suspicious activity and report it to the bank immediately.
Equifax Breach 
In the fall of 2017, credit reporting bureau Equifax announced that it had been the victim of a massive breach that put the personal information of over 143 million Americans at risk. Though the attack began in May 2017, it wasn’t discovered until July… and thieves began taking advantage in August.
The New York Post reported that 1 fraud prevention company saw a 15% spike in overall online fraud attempts, which was likely related to the stolen data (usually, surges in online fraud are seen during the holiday season, not late summer).
Similar spikes in online fraud activity occurred in the 3-month window just after hacks on Home Depot in 2014 and Target in 2015, though the scale of this Equifax breach means consumers could feel the effects for much longer.
Equifax blamed the breach on a flaw in its software, which resulted in hackers being able to access consumers’ Social Security numbers, birth dates, addresses, driver’s license numbers, and credit card numbers.
What Happened After the Breach
After the attack, Equifax offered a free year of credit monitoring service to everyone in the U.S. with a valid Social Security number. It also began offering a service called “credit lock,” which is similar to a credit freeze but easier to lift and re-engage as necessary (we’ll discuss the differences between a credit freeze, credit monitoring, and a fraud alert below).
Hot Tip: Equifax is still offering 6 additional credit reports due to the breach. Check its website for more information on how to get these.
According to a poll by CreditCards.com, 61 million Americans checked their credit score in the 2 weeks following Equifax’s announcement — a strong sign that consumers were ready to take action to prevent further damage to their accounts.
However, the poll also found that 21% of consumers had never checked their credit scores or reports at all, even if they’d heard the news about the Equifax data breach. Clearly, there’s more work to be done educating the public about staying on top of their financial information consistently, not just when there’s a big fraud case.
TJX Security Breach [2005 to 2007]
From 2005 to 2007, a security hole allowed hackers and other criminals to steal cardholder data from T.J. Maxx, Marshalls, and other retail stores in the TJX family. Because the security breach spanned several years, it’s impossible to know the full extent of the damages. However, it is estimated that more than 45 million credit card numbers were stolen and $8 million in fraudulent purchases were made.
Celebrity Cases of Fraud
Even celebrities aren’t immune to credit card fraud! Here are a few interesting cases that prove even the best support staff around can’t protect everyone from a determined criminal.
Will Smith, the actor who starred in movies like “Men In Black” and “Independence Day,” was once a victim of identity theft by a man named Carlos Lomax. Lomax opened up 14 credit cards in Smith’s name and charged $34,000. He was eventually caught, but not before damaging Will Smith’s credit and reputation. Smith recovered, of course, but Lomax hasn’t.
A Bulgarian college student named Alexey K. hacked Bill Gates’ personal information and opened a credit card in his name. This brash 22-year-old was a known member of a global crime ring involved in producing counterfeit IDs in more than 25 countries. Once caught, authorities were able to put an end to Alexey’s criminal activities and arrest more than 30 people involved in other related crimes since 2004.
Jennifer Aniston, Anne Hathaway, and Liv Tyler
Jennifer Aniston, Anne Hathaway, and Liv Tyler were all victims of credit card fraud by a local spa they frequented. Maria Gabriella Parez, the owner of the Chez Gabriela Spa, scammed the actresses out of thousands of dollars. Parez’s spa catered to the stars’ hair, skin, and other cosmetic needs, offering basic facials for prices that started at $300.
Tyler’s management company discovered a discrepancy in the billing on the actress’ American Express card, which amounted to $214,000 in erroneous charges by the spa. It was subsequently found that Aniston and Hathaway had been victimized in a similar fashion.
Infamous Cases of Fraud
COVID-19-Related Fraud [2020 to Present]
Unfortunately, it comes as no surprise that fraudsters took advantage of the global pandemic to exploit individuals and the government. Reuters reported that U.S. losses related to coronavirus fraud had reached $100 million — primarily related to identity theft.
Of the identity theft reports received in 2020, the FTC reports that 406,375 reports came from people who said their information was misused to apply for a government document or benefit, such as unemployment insurance. That represents a tremendous increase from 2019 when the number was 23,213.
Best Western Hack 
In 2008, one of the world’s largest and most well-known hotel chains had its IT security networks hacked. The security breach resulted in a year’s worth of visitor data, including home addresses, phone numbers, and credit card information being stolen. The amount of potential damages to hotel guests amounted to more than $5 million.
The Largest U.K. Credit Card Fraud in History [Mid-2000s]
In the mid-2000s, a group of international criminals stole credentials for over 32,000 credit cards, made clone cards, and subsequently went on a spending spree with their newfound money. They used these cards to rack up over £17 million ($24.1m) in fraudulent charges over a period of several years.
The scam was initiated by Russian and Eastern European criminals working out of London. Their elaborate scheme involved shifting money from the U.K. to Poland through Estonia, Russia, the U.S., and the Virgin Islands.
However, these hackers were eventually caught during a routine anti-terrorism check by transportation police. Officers became suspicious when they found 40 mobile phone top-up cards during their check, leading to an investigation that brought 5 men to justice.
Anup Patel’s Credit Card Skimming Scam 
In 2008, England experienced another crime wave when Anup Patel and an accomplice stole more than 19,000 credit card numbers using gas station credit card terminals. The scam involved using a special hardware device called a “skimmer.”
Skimmers typically replace or attach to a legitimate credit card terminal (see above). When a victim uses the terminal, their card information passes through the skimmer and is captured. From there, the thief can duplicate the credit card information, make phony cards, and use them as though they were authentic.
Patel’s plan was to set up a home-based credit card factory. Patel and his accomplice also set up hidden cameras to capture private information like PINs. The scammers stole $3.5 million before they were caught.
Ways To Prevent Credit Card Fraud
Even as prevalent as fraud has become, there are plenty of methods you can use to help protect yourself. Here are some ways to reduce your risk of falling victim to credit card fraud:
Use these general best practices for credit card safety, which you should be implementing daily to protect yourself from fraud:
- Sign any new cards immediately. By establishing your signature on the card, you make it much more difficult for someone else to erase or cover your signature and forge it in their own handwriting if the card is ever lost or stolen.
- Carry your cards separately from your cash. Most people carry their cards and cash together in their wallet, but that means if your wallet is stolen, your cards will be stolen as well.
- After you hand your card over to pay, keep it in view when you can.
- Don’t sign a blank receipt. Draw a line through any space above the total amount (including any tip amounts) if you do not intend to authorize additional charges on your card.
- Void all carbon copies and incorrect receipts.
- Save all receipts in a safe place.
- Open your billing statements as soon as you get them, and reconcile your card accounts every month the same way you would reconcile your checking account.
- Report any suspicious activity on your card immediately.
- Never lend your credit card to anyone.
- Always destroy receipts by using a shredder or cutting them into small pieces.
- Never put your card number in a photo online.
- Do not give out your card number over the phone unless you initiated the transaction and you know the company is reputable.
Almost everyone is shopping online nowadays, and it’s important to understand how you can protect your personal information when doing so. Here are some quick tips:
- Only use your card for purchases on websites you trust.
- Do not click links in emails, especially those from any company or individual you don’t recognize.
- Never enter your card information (or Social Security number, etc.) in response to an email or via an emailed link. Always go directly to the company’s site instead of typing the address yourself.
- When entering card information, check the page you’re on to make sure it’s secure (e.g., starts with https:// or includes a lock symbol in your browser bar).
- Use a credit card (not a debit card) to limit your liability for any fraud that may occur.
- See if your card issuer offers a “disposable” or 1-time use card number, which still links to your account but expires after 1 use (or is only good for use at a single merchant).
- Do not enter personal information (including credit card numbers) if you’re on a public computer or public Wi-Fi network.
- Keep your anti-virus software up to date to prevent hacking.
- Watch your transaction history — make sure transactions match the amounts on your receipts, and look out for anything you don’t recognize.
As you can see, the tips above are not complicated — but they can end up saving you a ton of hassle down the road if you protect your information now.
Telephone credit card fraud is on the rise, especially among elderly populations… but scammers are getting bolder in asking people of all ages to give up personal information over the phone.
A good rule of thumb is to always ask who you’re speaking to if the call was unsolicited. If you didn’t request them to call you or make the call yourself, get their information and call back.
Any legitimate person working with a real company will be able to give you their name, department, and a valid number at which to return their call. If they can’t, beware, because you might be the victim of fraud.
Also watch out for phishing via text message, which is becoming more prevalent as well. Never give out or send personal information via text, even if you think you know who you’re communicating with.
Scammers can now impersonate numbers to make it look like you’re talking or texting with someone you know when in reality it’s a criminal on the other line looking to take advantage of you.
The risk of credit card fraud can increase when you use your card in unfamiliar environments. When you’re traveling, cultural and language barriers create fertile grounds where fraudsters can operate. Knowing what to look out for, how to stay protected, and what to do in case you fall victim to such attempts is the best form of defense when traveling.
For starters, make sure to notify your card company when you’ll be traveling or changing residences. If you don’t, the company might flag a charge in an unfamiliar location, causing you to lose access to your account.
Once you’re traveling, consider using a hidden pouch you can wear inside your clothes. Instead of carrying a large purse or pocketbook, these carriers can offer a cheap solution for storing your cards and other valuables safely.
What To Look Out For
Pickpockets are known to take advantage of situations where people gather in crowds and confined spaces, such as public transportation and museums. Use inside and front-facing pockets to carry your valuables where possible.
These thieves sometimes operate in gangs where 1 thief passes on the stolen item to a chain of collaborators. If confronted, this means the thief would no longer be personally in possession of your stolen items, making any crime much harder to prove.
Advances in technology have seen credit card skimming technology become more sophisticated and widespread. Watch for ill-fitted keypads on ATMs, which may be sitting on top of the official keypad to skim your PIN details.
Credit card skimmers can also be fitted to the card slot itself, so make sure this has not been tampered with either. Look for any additional cameras that are pointed at the ATM from above the machine, since these can capture your PIN number.
Any machine that looks tampered with or altered in any way should be treated as suspect, and you should seek an alternative ATM. Online ATM locators from Visa and Mastercard can point you to the next nearest ATM, as can mobile apps like Google Maps.
Planning ahead can minimize the need for you to improvise while traveling. Hotels, transportation, excursions, and rental cars can all be prepaid from the comfort of your home to minimize the need to make transactions on the go.
You can even research restaurant and taxi expenses online to create a daily cash budget that will minimize the use of your card for such purchases. Make use of your hotel room safe to avoid carrying excess cash or cards. As a general rule, use cards for major purchases and cash for small items.
Bottom Line: No matter where you are or where you’re making purchases, remaining aware of your spending patterns and your card’s physical location is the best way to protect yourself from fraud attempts. So keep an eagle eye on those statements, credit reports, and online transaction history!
What To Do if You’re a Victim of Credit Card Fraud
How To Report Credit Card Fraud
If you think you’ve been a victim of credit card fraud, you must act immediately. Most credit card companies publish a toll-free number for you to call, which is also located on your statement and in your online account.
Some credit card providers also offer 24/7 assistance for fraud. For example, if you have a major credit card like the Chase Sapphire Preferred® Card or Chase Sapphire Reserve® Card, Chase bank has an established procedure in place that helps you report the fraud over the phone, document it, have the charges reversed, and then obtain a new card.
A similar procedure exists for other card providers like American Express and banks like Citi, Bank of America, TD Bank, and HSBC. Note that some cards with a higher annual fee (like The Platinum Card® from American Express or American Express® Gold Card) will provide you with the absolute best protection against credit card fraud.
Most banks also encourage you to contact the 3 major credit bureaus to place a fraud alert on your account. A fraud alert simply sends out a blanket request to all creditors to contact you before they open any new accounts on your behalf.
Holds, Freezes, and Monitoring Your Credit — What’s the Difference?
In addition to a fraud alert, there are also some stronger steps you can take on your credit reports if you’ve been a victim of fraud or identity theft. Here’s how they work.
As discussed above, a fraud alert is a free and temporary measure that helps alert creditors that they should perform extra identity checks before issuing any new lines of credit. In contrast, a credit freeze is a much stronger measure.
After you place a freeze on your account with all 3 credit reporting agencies (Equifax, Experian, TransUnion), no one will be able to open new accounts under your name until the freeze is lifted (also by you).
Credit freezes are guaranteed free by federal law and they can be put in place within 24 hours if you request the freeze online or by phone. This process takes a bit longer by mail.
Though you can freeze and unfreeze your account at any time (temporarily or permanently), this solution is usually better for those who don’t plan on taking out any new lines of credit often. You can, however, freeze and unfreeze your accounts by phone or online using a PIN you’ll acquire during the process. A freeze must be lifted within 1 hour of receiving a request.
A credit lock is similar to a freeze in that no new accounts can be opened on your behalf while it’s in place. You also need to ensure the lock is placed with all 3 reporting agencies.
The difference is that you won’t use a PIN to lock/unlock your credit, and the process is usually more immediate than with a freeze. You can use a computer or mobile app to lock/unlock, but it can’t be done over the phone.
There is also a fee for using a credit lock, which varies depending on the reporting agency and can also change over time. If you use this service, you’ll want to pay close attention to the agreement you sign up for. Some agencies charge a monthly fee that can increase, making this option potentially more expensive than a credit freeze.
Credit Monitoring Services
While credit locks and credit freezes prevent access to your accounts, credit monitoring services simply help you keep a close watch on their activity.
You can pay for credit monitoring that costs $10 to $30 per month. Paid packages often comb the internet to see if your information is being used fraudulently, and may even offer robust insurance against any losses from fraud that occur under their watch.
Many companies also offer free credit monitoring that can alert you automatically of any changes to your credit report (we mentioned Credit Karma and Credit Sesame above).
Unless you’ve been a victim of identity theft, many consumers find that free credit monitoring combined with keeping an eye on their credit reports is enough to make them feel safe.
You can also make strategic decisions about when paying for credit monitoring might be worth it. For example, if you’re planning to buy a home in the next year, you might want monitoring to help ensure your credit score is as high as possible (to get a good rate on your mortgage).
To keep tabs on your credit history on your own, contact the credit bureaus directly to order your credit report and score. Remember you’re entitled to at least 1 free report per year from each agency; you can even stagger these to keep tabs on your credit every 4 months or so.
- Equifax — 888-548-7878
- Experian — 888-397-3742
- TransUnion — 800-916-8800
What To Do If Things Go Wrong
In any situation where you’re dealing with fraud, your personal safety is of the highest importance. Don’t confront any fraudsters or thieves in person, even if you think you know who or where they are. They may be armed or have collaborators at hand that you are unaware of.
Remember, the first step is always to notify your card issuer of any fraud, theft, or loss of your card and/or identity details. The sooner you do this, the better.
We recommend keeping a separate note that contains the emergency hotline contact details of your card issuer, especially if you’ll be traveling.
Keep this information separate from your actual card (e.g., not in your wallet, purse, or another location that could be easily stolen). Once you call, your card issuer will walk you through any next steps.
You might also want to get a backup card, which could be another credit card or a prepaid debit card loaded with a certain amount of funds (and NOT tied to your bank account!).
Carry and store these cards separately from your main card at all times, especially when traveling.
What Happens After I Report a Stolen Card?
By law, you have no further liability once you report the card stolen, regardless of the number or amount of unauthorized charges. Per the Fair Credit Billing Act (FCBA), your maximum liability, even before you report fraud, is $50 per card.
If you think that someone might have illegally used your credit card, you must report any fraud (via an app, website, or phone call) to the credit card company or bank immediately. You may also want to follow up with a letter.
The card issuer may contact you asking for further information or to sign an affidavit under oath that you didn’t make the purchases being disputed.
You may also sue the criminal who stole your identity or credit card information. Normally this is done in small claims court unless the amount exceeds your state’s small claims limit.
Before suing, you should consult a lawyer to ensure you understand your rights under the law and the potential damages to which you are entitled. Most often, if the criminal is caught, he or she also faces criminal charges.
Do not confuse credit card fraud with mistaken or erroneous charges. For example, if you authorize a charge to your card, but the merchant accidentally processes the transaction twice, this would not be considered fraud. However, you would want to dispute the additional charges for items you did not receive or cases where you were double-billed.
In these cases, you must dispute the charges within 60 days under the Fair Credit Billing Act. This can be done by writing a letter to the card issuer letting them know there were erroneous charges on your account.
There is a free PDF produced by the FTC available for download here that provides more information.
Global Emergency Contacts for Card Issuers
If you’re using credit cards to earn points and miles, you should definitely be aware of some of the common types of credit card fraud you might encounter. This guide has tons of tips and tricks for best practices when it comes to using your credit card to prevent credit card fraud.
In addition, it’s always good to be prepared in case fraud happens. This includes reporting fraud to the credit card company quickly in order to limit your liability, knowing the tools to protect your credit score, and having a good backup plan in case you are traveling.
Find this helpful? Pin it on Pinterest!