I have 3 cards, one debit and 2 credit. At first my debit card got hacked twice. I read not to use that card for anything, so now it stays unactivated and I have had no further charges to that account. I have 2 Capital One cards. My first card was hacked, so I got a new card. While that card was cancelled I updated all my payments to my other credit card. I made sure for any online payment that I changed my password before updating or making payments. Then that card got hacked. So I activated the new credit card that was previously hacked, changed my passwords, and got hacked again. I made sure to put a warning to the 3 credit bureaus if any accounts get opened in my name, and I don’t think I have any malware on my iPhone (I checked all my apps and didn’t see anything suspicious). Any thoughts on what it could be or just how to fix it?
Cards hacked 5 times in 2 months
byu/CrazyCorgiParty inpersonalfinance
Posted by CrazyCorgiParty
21 Comments
I mean fool me once shame on you and all that but there is either a place you frequent that is either actively stealing that data or has so lax protections that your card info is free game or your device/account is compromised. I know it’s inconvenient but if I were you I would stop using my card in person and pay cash and see if that is it. In that case it’s one vendor you go to. If not it’s your account/device.
When you say “hacked”, what exactly do you mean? Is someone logging into your CC account(s), or are your card #’s being stolen and used without your permission?
I keep my debit/ATM card locked at all times and only unlock right before I’m about to use an ATM. I also keep all my credit bureau files frozen. This is a simple & free process that you can probably do in about 30 minutes total.
If your credit card #’s are being stolen that quickly, I’d say you’re either using them somewhere they are being skimmed, or you could have malware on your computer that is capturing the info somehow and sending it to a bad actor.
Scrutinize your card statements. The vendor causing the problem will one where you legitimately charged after getting new cards, but BEFORE your card info got used fraudulently. That can help reduce your list of potential problem vendors.
Most likely, it’s just one vendor, so that could further reduce the pool. Look to see which vendors were used for both compromised cards.
This sucks to deal with, but most likely either a website has VERY poor security or an in-person retailer has a skimmer installed. They may or may not know about the skimmer.
Good luck!
Cards don’t just get hacked. Some common place where you use these cards is compromised, or you have malware on one of your devices
First ideas: you DO have malware on either your phone or computer
Or maybe you are physically using your card somewhere that has a skimmer installed
I had three cards compromised in three months and realized that the gas station I went to most had skimmers on all their pumps. I stopped filling up at that station and the compromising also stopped.
Check your purchase history and try to find a common denominator.
Don’t go to 7-11 or non tap gas stations
What device are you using when you update your payment information to the new card? Because it could be that the device is compromised through a virus or malware. Factory reset it before doing anything sensitive with it again.
Alternatively one of those sites has been compromised, but I’d start with your own devices so you can rule that out first.
Any chance you are a T mobile customer?
A couple of strategies I use:
1) I have one card that I will use for restaurants or anywhere I actually hand the card to someone else to run payments. For that card, I physically scratch off the CVV security code after writing it down in a password manager. To use your card online, it only takes a photo of both sides of the card and sometimes a guess of your ZIP code, and it only takes seconds to get this data. Removing the CVV shuts down that avenue.
2) I have had other cards stolen that were never handed to anyone and figured out the common thread was that they were on-file at local businesses like doctors, therapists, etc. I figure some employee would go through their system, scrap a bunch of data and sell it on the dark web. So I use virtual cards for those businesses. I’ve got one for medical offices and one for other stuff.
3) Active your debit card if you need it for ATM use, but otherwise don’t use it. There used to be ATM-only cards, but I don’t know if banks still offer those.
I’m not sure your definition of “hacked” but I’m going to assume fraudulent charges of some sort and work from there.
Somewhere you frequent has been compromised. 5 cards in 2 months means you went back and bought something from that same place/location/online shop with the other cards as well. 2 month spread means they haven’t fixed their breach. This could be an online shop, or physical location, either through online payment issues, or a bad actor in their actual system scraping data. Less likely is something on your end causing it, but still possible, more likely with a computer and very unlikely with a phone, to show degree of threat.
Unfortunately, unless you see something in the mainstream media, you won’t know what business it is. Your bank won’t tell you either if they find out because they are “protecting their customer”. You are not their customer, btw, the big business that transacts through them is, you’re just SOL. They’ll just issue you a new card, and hopefully you’ll be able to recoup your losses through them.
Best bet is to avoid the shops/locations listed in your statements that were in common. If it still happens, and its only automatic payment stuff on that card, then one of your autodraft payment locations is hit. If it happens between different cards, one used on the PC, one on the phone, but same locations, then its on their end. If it only happens when you make payments via your PC, or phone, it could be a compromised device, but for that to happen you would have to have something that was installed on your device that is hijacking the browser or payment application and grabbing the data, and for the most part thats way too involved for general population usage, the returns on the time to craft something like that for use against random people is relatively low compared to getting a big score like a large business and gathering customer data.
The reality is someone isn’t stealing your card then using it, they stole bulk data from somewhere then sold the entirety to LOTS of people online to use for shady stuff. So its not one guy or one group using your card, it was sold as part of a bulk lot of credit card info on the dark web to multiple buyers who then hit ALL the cards they got as fast as they could before the cards were shut down, and it will keep happening as long as whatever group still has access to whatever business because they will just keep scraping the new card info and selling it again and again. The take away for this for your benefit, is finding the compromised business so you don’t keep feeding cards to the company until they fix their issues.
Hi, here’s how to avoid it. One simple rule, but two routes to follow:
Don’t use the credit card numbers/magnetic strip, only use the chip or tap to pay.
Physical purchases:
1. Use tap to pay from your phone. Add the cards to Google Wallet or Apple Pay. This is the most secure as not only does it generate a new, one time use credit card number every time you pay, you also need to unlock the phone with your fingerprint.
2. When using the card, only pay via tap to pay or the chip reader (where you stick the card in, not slide it through).
The above is *especially* important for places like gas stations, where criminals can easily add skimmers.
Online purchases:
1. Google Chrome supports generating [virtual cards](https://support.google.com/chrome/answer/11234179?hl=en&co=GENIE.Platform%3DAndroid), similar to how Google Wallet works in the physical world. This is the best method, but it’s new and not every card is supported yet.
2. The more reliable method here is to use a trusted service. I ONLY checkout on websites via either Google Pay or PayPal.
By saving my credit card to PayPal for example, when I then check out on some random website, instead of typing in my card number and trusting a clothing company to keep my data safe, by using PayPal to check out (paying with the exact same card) now my card isn’t exposed to the actual store. It does involve trusting PayPal security, but that’s like their one job and reputation.
Always have a voice in the back of your head that says when you’re checking out online: “Hey, I’m manually typing in my credit card number. This is a reusable number. Do I trust where I’m typing it?”
If you do the above, no more stolen cards. Even if a breach occurs, a thief getting a one time use number or PayPal receipt is useless.
Start using [privacy.com](http://privacy.com) to create single-use or merchant-locked cards. If there’s a merchant where your card keeps getting compromised, this will make it really clear. This service lets you create a brand new card number for each merchant, so the number you give to Amazon is different from the number you give to Target.
If someone then steals the card number from one place and tries to use it to shop somewhere else, those transactions are automatically denied ***and*** you get email saying which card was used and where.
(I have no affiliation with [privacy.com](http://privacy.com) other than as a happy customer.)
I use Google Pay with a linked card where possible. It uses a virtual number at the transaction. This only works with these credit card pads that allow tap to pay and online where possible.
Most likely is one that you’re regularly doing payments with online or otherwise, is compromised, so yeah, one card is hacked, through compromised vendor, switch all payments to another card, that one’s compromised, first is replaced, switch all to that one, compromised again, I lay odds it’s someone/somewhere through which you’re cards are being compromised.
So, how ’bout divide and conquer – don’t switch ’em all over, use 2 or more cards, see which gets compromised, and continue to thin, as needed.
Also, many credit card companies offer “shop safe” or the like, where one can get a temporary card #, for either just one single payment, or even for recurring monthly payments for up to a year. If so, may want to use such a service, that way only such a temporary # would be compromised, not the main card # (necessitating yet a new replacement card #) – and would also quite quickly point out which vendor/merchant is screwing up with your card data – as the compromise(s)/attempts would be unique to the temporary #. Then stop doing business with such a sh*t vendor that can’t keep people’s card data safe.
If it keeps happening the leak is almost always your routine not the bank.
Not sure what kind of device you’re using, but there are sim card scams that allow hackers to continuously get into your accounts. Possibly worth investigating and checking with your phone company if they’ve sent you any replacements recently that you never received.
Get 2FA for all accounts and wipe all data from your browsers on pc and your phone.
Try to use Google pay or apple pay for any online purchases so your card isn’t saved or used.
I’m not sure what you mean by “hacked” but it seems you left your wallet somewhere like a hotel room and someone just took pictures of all your cards.
Do you use Uber Eats? I had 4 CCs hacked over the span of two months via them. No more Uber Eats.
Capital One provides the ability to create virtual cards. Take advantage of that feature. For debit cards look into privacy.com.