As you should know by now, credit cards have evolved the past few years with the addition of embedded microchips on the cards themselves.
With this upgrade, these new cards are supposed to be safer since instead of swiping a magnetic strip encoded with your information, they generate unique codes for each transaction.
With retail outlets gradually converting their point-of-sale systems to accommodate these more secure chip-based cards, criminals have started to change their tactics and move away from physical skimmers.
Thieves are now turning to a technique called “account takeover,” where they pose as a customer to steal personal and financial information from user accounts online. With this shift, cases of account takeovers have reportedly increased by nearly 40 percent in 2016 (compared to 2015).
By using this technique, criminals contact banks and gain access to the victims’ accounts by using personal details stolen from other data breaches.
For example, just last week, CBS News reported the case of Marc Alfinez, a New Jersey resident who had his bank accounts taken over in minutes using said technique. The thieves apparently used his stolen personal information including his social security number, driver’s license information, and wife’s maiden name to change his online banking password.
“They had all my pedigree information: social security card, driver’s license, wife’s maiden name, all that stuff,” Alfinez told CBS News. “But they couldn’t pass the phone password. But since they had all that other information, they still let them in.”
The online thieves reportedly drained his bank accounts, including his children’s savings accounts, in less than 45 minutes. To prevent further damage, Alfinez was forced to change his phone number, passwords and he put a freeze on his credit card.
This illustrates that although chip-based credit cards are more secure in physical locations like retail point-of-sale registers, they still have the same security issues when used online.
In fact, research from the firm Javelin found that people who often shop electronically are two times more likely to be victims of fraud.
According to the firm, unless banks institute stronger authentication methods and get rid of the old password system altogether, the public will just continue having these problems.
Since criminals are now shifting to online methods, credit card companies are now looking to create more secure technologies like tokenization, a system that uses unique secret codes for each transaction. This system is already being used by smartphone-based payments like Apple Pay, Samsung Pay, Android Pay and Mastercard’s MasterPass.
Furthermore, biometric systems such as fingerprints, retina, and facial scans may eventually replace the old password system for accessing banking accounts.
What can you do now?
To protect yourself from “account takeovers,” there are some crucial steps you can take:
• Use two-factor verification – When available, use two-factor verification. This will send a security code SMS to your smartphone whenever someone tries to log into one of your accounts from an unknown device. This code, together with your password, will add extra layers of security to your account. Click here to learn more about two-factor verification.
• Check your credit – You should check your credit report on a regular basis. This can tip you off if you are a victim of identity fraud. Make sure there are no credit accounts under your name that you did not open. Click here to learn how to get a free credit report.
• Keep track of your bank accounts – If you believe there is a chance you are a victim of fraud, it’s a good idea to check your bank statements. Look for any suspicious activity and if you do find it, report it to your financial institution immediately. Click here to learn 3 critical steps for secure online banking.
• Be mindful of what you share on social media – Be extra careful and vigilant with what personal details you share online. As much as possible, don’t post pertinent details like your birthday, family members, address and phone number publicly on social media sites. Here are 7 things you should never do online.