Aug. 2, 2004 -- -- For Hayley Sumner, the last 12 months have been credit card hell. The 39-year-old entrepreneur from Los Angeles was hit twice by credit card fraud.
About eight months ago, someone stole her Visa card from her car and charged hundreds of dollars at gas stations and movie theaters.
Then, in June, she went to Belize, where she had phoned in her American Express card information to the hotels and resorts where she intended to stay. The next month, she was hit with hundreds of dollars worth of false telephone charges from Belize to the United States.
"Credit card fraud is just so pervasive, it's ridiculous," Sumner laments. "And I don't really know what you can do to protect yourself, other than constantly second-guess yourself."
Sumner's story is sadly common these days. As the use of plastic continues to replace cash in the United States as the preferred method of payment, credit card fraud also continues to grow.
And criminals are getting more savvy, not only using older methods like stealing statements from the U.S. mail or the cards themselves, but newer techniques like stealing information via the Internet and even cell phones.
Experts say the credit card industry loses about $2 billion a year globally due to fraud.
Though MasterCard and Visa do not make public how much is lost to fraud on their cards each year, they said it equates to approximately 7 cents of every $100 transacted.
The Federal Trade Commission, in a report on identity theft released in late 2003, said one of the largest categories for identity fraud was the misuse of new or existing credit card information. Some 6 million people experienced credit card fraud in 2002 alone, the commission added.
Credit card fraud is as varied as the criminals conducting it. Here are some of the major ways it is committed.
Lost and Stolen: Loss and theft of credit cards is still the most common way credit card crimes are committed, accounting for 50 percent of credit card fraud at J.P.Morgan Chase & Co., one of the largest credit card issuers in the United States, notes Chris Conrad, senior vice president for fraud management at its Chase Credit Cards division, based in Wilmington, Del.
Skimming: Increasingly, fraudsters will attach a device to an ATM or point of sale terminal that will capture an account number from the magnetic stripe on the back of the card. This usually involves a complicit merchant who sells the information, which is then used to "clone" a duplicate card with your information.
Phishing and Spoofing: As use of the Internet and sales on the Internet continue to rise, hackers and other Internet criminals will attempt to steal your credit card information by sending you bogus e-mail claiming to be from your bank or credit card company. The e-mail may say something like the bank needs to make a change to your account and needs you to input your account information. Phishers and spoofers may even send you a link that looks almost exactly like your bank or credit card company's Web site, asking you to input your account information.
Social Engineering: Fraudsters may need some other piece of information from you to set up a fraudulent account, so they will contact you directly. "Criminals will actually contact the victim directly, usually by telephone (or cell phone), and tell some story which ends up in them requesting that the victim tell them 'a few basic details about your card,' " recounts Peter Dorrington, head of fraud solutions for SAS Institute Inc., a business intelligence company, based in Cary, N.C. "Human nature tends to be that we cooperate with other people, especially if they sound like they are someone in authority."
ID Theft: Your personal information like name, telephone number, home address and Social Security number are stolen, possibly from the mail, trash or even online, and then used to open up a new credit card account in your name.
Card Not Present: Your stolen credit card information is used to purchase something from a remote location, either by telephone or the Internet. The merchant cannot see the card and should be checking that the information is valid.
It's easy to get someone's personal data, according to reformed credit card and identity thief Robert Smith, now a businessman living in Rockton, Ill.. Smith explains it's sold online for as little as $20 at Web sites that contain public records.
"All you need is the money and they will sell it to you," Smith says. "You can get that information in two minutes."
Easy as it is to fall victim to credit card fraud, consumers can protect themselves in a number of ways, experts said. They said you should:
Never throw away any personal data, including credit card statements and offers for new credit cards, without completely destroying it or shredding the information.
Check your credit history once or twice a year at one of the three credit reporting agencies — TransUnion, Experian and Equifax — to see that nothing is amiss. This is particularly important because it can take months to sort out problems on your credit report once fraud happens. Experts recommend signing up for a fraud alert service, offered by the credit agencies, that will tell you if a new account has been opened, or will notify you about any changes to your credit file.
Never let your credit card out of your sight for too long when paying.
Never give out your credit card account or other personal information to people posing as bank representatives over the phone if you have not contacted them first. Call the bank yourself.
Never give out your credit card account information to anyone posing as your bank online, and never click on links to new sites that someone posing as your bank may send you in an unsolicited e-mail. Banks will never ask you for your full Social Security number or account number if you have an established relationship with them, experts said. Call your bank and inquire if changes need to be made; similarly, type in your bank's URL yourself. "The difference in the [fraudulent] URL could be off by one character, which you would never notice," said Jim Van Dyke, founder and principal analyst for financial services research firm Javelin Strategy & Research, based in Pleasanton, Calif.
Turn off paper statements wherever possible and use electronic statements.
Be proactive. If you are computer savvy, log on to your accounts more than once a month to monitor for suspicious activity.
Though it seems daunting, proactive consumers can do a great deal to protect their credit card accounts. "Secure your personal information — don't carry with you your Social Security card or right your personal identification number on your credit card," says Conrad of Chase, who adds: "Check your credit report a minimum of once a year. Always get one if you believe you have been a victim of fraud or identity theft."