Skip to content

Shield Your Wallet: A Comprehensive Guide to Protecting Your Credit

Author: John Osborn, OSCP, OSWP

April 30, 2024

Credit card fraud is not just a buzzword—it’s a real threat that affects millions of Americans. With the rise of online shopping and digital transactions, the risk of unauthorized access to your financial information has skyrocketed. Knowing how this type of fraud occurs and learning effective strategies to protect yourself are crucial steps in maintaining your financial health.

How Credit Card Fraud Occurs

Credit card fraud can happen in several ways, each distinct and dangerous:

  • Skimming: Thieves can capture credit card information using small devices called skimmers. These devices are often hidden on ATMs and point-of-sale terminals, recording all the details stored on your card’s magnetic stripe. More advanced tools do not even require you to physically touch the card, but are instead positioned close enough to capture the data from the chip when you use your card normally.
  • Phishing: Fraudsters may send emails or create websites that look legitimate but are designed to trick you into providing the credentials to your personal accounts. Advanced fraudsters increasingly use phishing emails not to steal login credentials directly, but to covertly gather personal data through seemingly harmless inquiries. This information can be exploited to answer security questions or reset passwords, effectively bypassing traditional security measures without immediately raising alarms.
  • Data Breaches: Large-scale breaches at companies can lead to your card, financial, and bank information being stolen, even if you’ve never lost physical possession of your card. Any working credentials appearing in these breaches would also give an attacker direct access to your bank and credit information.
  • Old-Fashioned Theft: Simple theft of physical cards can also lead to fraud. Thieves can use stolen cards or card information to make unauthorized purchases or withdrawals.

How to Protect Yourself from Credit Card Fraud

Physical Controls:

  1. Use an RFID-blocking wallet.
    Companies like SLNT or Ekster offer wallets with built-in RFID blocking features to prevent thieves from scanning the cards in your wallet just by standing next to you.
  2. Hide and lock your wallet when left in the car.
    If you need to leave your wallet in the car, ensure it is out of sight and is locked away in a small compartment before arriving at your destination. Thieves frequently observe people securing valuables in their car’s glove box just before leaving their vehicle. To avoid attracting attention from potential thieves, it’s safer to place your valuables out of sight before you arrive at your destination. This precaution helps ensure that your belongings remain unseen and can help reduce the risk of theft. Most vehicles often allow you to lock the glove box using the car’s physical key, which is a great way to prevent glass-smashing thieves from stealing your valuables. Next time you’re in the car, check to see whether you have a lock on your glove compartment; you may have never noticed it was there!
  3. Inspect tamper seals (if present).
    Tamper seals are more commonly found on gas station pumps, but some exist on ATMs as well. Quickly double-checking the tamper seals (if there are some) can help you determine whether someone has gained unauthorized access to the card reader. Usually, the seals will say “VOID” if they have been tampered with. Avoid using a system whose tamper seals are void, even if your skim-detecting device suggests it is safe. Be sure to report these findings to the appropriate staff.
  4. Use a skim-detecting device.
    Yes, people may give you a weird look, but quickly testing a point-of-sale device before inserting your real card can save you a lot of time and money. Skim detectors like the Hunter Cat are very easy to use and are worth the small investment.
  5. Slightly tug on Point of Sale (POS) systems.
    I do this when I leave my Hunter Cat at home and have no other options. Quickly running your hands along the outside of a card  reader and lightly tugging on the card insert may help you uncover poorly-adhered skimming devices.
  6. Use a prepaid card.
    Depending on your level of dedication, you may opt to use a prepaid card before making a purchase. This would require you to “load” the card with a predetermined amount of funds before making a purchase. You will need the foresight to know how much you intend to spend before going to the checkout. The advantage to using this method is that your card will always be empty after each use, and if someone captured that card’s information, they can only withdraw the pennies left over from previous purchases. If you detect fraudulent activity, you can simply shred the card and order a new one.
  7. Shred paper documents that contain your information.
    Shred your receipts, mail, old credit cards, bank statements, credit card offers, and everything else to ensure your credit footprint is as small as possible. Shred even the non-important stuff so a thief or the NSA has to sift through even more paper! I’d recommend a high-security shredder from Amazon for starters, but if you have the cash, grab a Level 6/P-7 High Security paper shredder from a reputable source like Whitaker Brothers.

Virtual Controls:

  1. Use a virtual card. Even modern garage door openers use a one-time code to prevent unauthorized access. Why should you have to expose your real card over the Internet when you can create a new one with every purchase? Privacy.com offers a virtual card service that allows you to quickly create burner, one-time use cards for things like paying bills or online shopping. You can even set the card to a specified withdrawal limit or lock to a certain vendor as soon as it is used. For the free version, you can create up to 12 cards per month.
  2. Use strong passwords and 2FA. This goes for everything, but especially for financial services. Oftentimes when setting a password, apps will display the maximum length a password can be. Your goal should be to max out that limit using a randomly-generated password. Some apps do not set password length limits. In that case, I use a password of 999 characters (the most KeePassXC can randomly generate). Use a password manager like KeePassXC on your desktop, KeePassDX on Android, or StrongBox on iOS. Use a second form of authentication whenever a service allows you to do so. If an attacker can somehow crack your 999-character password, they’d still have to steal your phone and/or your hardware key before doing anything meaningful with your password. For Android, I would recommend using a TOTP (Time-based One Time Password) like Aegis Authenticator. This prevents you from disclosing your phone number and ensures your accounts are safe even if you’re a victim of a SIM-swapping attack.
  3. Familiarize yourself with social engineering/phishing attacks and how they occur. Social engineering and phishing are the easiest ways to circumvent each of these security measures. If an attacker can convince you to give up your bank passwords, 2FA codes, and/or credit card numbers, each of the steps mentioned here are practically worthless. Learn the basics of how phishing works and how you can prevent it using the guide in the ‘Resources’ section below.
  4. Use HTTPS (always). Yes, you saw this coming, but seriously, always use HTTPS, even on a network you trust. You never know who has Wireshark open in a public network or how/when/where/ Starbucks stores its web logs. Ideally, you won’t be using public Wi-Fi to buy things over the Internet anyways. Even in your own home, those “smart devices” like lights, refrigerators, TVs, washers, locks, sprinkler systems, dryers -, heck, even your router – all run proprietary code and often send encrypted payloads (who knows what is in them) to their manufacturer. Be aware that HTTPS does not mean that the site is well-trusted and safe—it only means that your information is getting there through an encrypted channel. If you don’t trust a website with your credit card information, don’t think its use of HTTPS makes it any more trustworthy.
  5. Freeze your credit. Unfortunately, it is extremely likely that your credit card details, Social Security number, email, and phone number have been leaked somewhere at some point, so it is not unlikely that someone will eventually try to open new lines of credit in your name. A credit freeze will prevent you (and anyone else) from opening up new bank accounts, credit cards, or loans. Best of all, this process is free, reversible, and does not affect your credit score. You might also notice that you get less “You’re pre-approved” credit card offers in the mail, which is a nice plus.
  6. Enable credit fraud alerts. All three major credit bureaus (Equifax, Experian, and TransUnion) offer free one-year alerts. If you’ve been the victim of fraud in the past, you can get up to 7 years but must submit proof of this claim. Regardless, even one year of free credit fraud alerts is a great way to keep you informed.

After diligently following these steps, you can be fairly confident that you have made yourself a hardened target and prevent yourself from becoming a victim of fraud. Stay safe out there!

Resources:

Share This Post

Related Articles

Tech Stack Blog 707 x 400

Big changes are coming for critical infrastructure entities. The Cybersecurity and Infrastructure Security Agency (CISA)...

Hands of robot and human touching virtual AI brain data creative in light bulb. Innovation futuristic science and artificial intelligence digital technology global network connection.

AI is new, it’s shiny, and does cool things. But with every new technology comes...

iStock-994786432-preview

With its widespread usage, WordPress has become an attractive target for attackers, and privilege escalation...