If their actions weren’t so darn harmful, we’d admire credit card hackers for their tenacity, cunning and creativity. It must take no small amount of talent (and more than a smidge of psychopathy) to constantly be thinking up ways to cheat and steal from honest everyday folks like you and me.
Truth be told, cyber criminals are rarely the nefarious super-villains they are hyped up to be. Sometimes, they are just foolish people making bad decisions, preying upon our carelessness more often than not.
But that doesn’t mean we should make things easy for them. Here’s a list of 10 things you should know to prevent yourself from being a victim, or what to do should it unfortunately happen.
1. Look out for unauthorised charges or unfamiliar merchants
It goes without saying that you should scrutinise your credit card statements for any anomalies. In practice, few people pay this level of care and attention to their bills. This is how criminals slip unauthorised transactions under our noses, such as in the infamous $9.84 scam, where hackers profit when victims neither noticed nor questioned the relatively minor charge of US$9.84 on their statements.
If you spot an unfamiliar merchant or can’t seem to place a charge, contact your bank. They can provide further details which can help you verify the authenticity of the transaction.
2. Sign up for bank transaction notifications
If you haven’t already, sign up for alerts whenever charges are made to your credit card. You should set the alert for an amount which you don’t normally spend; doing so will help you spot unauthorised activity on your card.
However, all the alerts in the world won’t help if you can’t view them. Therefore, choose a channel via which your bank transaction alerts are sure to reach you (such as SMSes), and not, say, get buried under tons of unopened spam mail in your junk folder.
3. Only shop at reputable websites
By default, most of the latest versions of web browsers today block connections to unsecured websites, so if you get a warning not to proceed to your intended website, you should heed the warning.
To be doubly sure, make sure the website you are surfing to has https:// in the beginning of their URL. This indicates an encrypted connection between your browser and the website, which stops hackers from reading sensitive information.
4. Never connect to untrusted WiFi networks
Another easily overlooked safety measure is to make sure you only shop or bank online when you are connected to a WiFi network you know and trust, such as the one in your home.
Open WiFi (ie, those not locked by a password) for public use is the worst culprit, as hackers can connect to the network and literally pluck your data out of the air. Connecting to secure (https://) sites over open WiFi is theoretically safe, but can still expose you to phishing attempts where criminals redirect you to a bogus website that steals your data. If you really need to use an open WiFi, be sure to use a VPN (virtual private network) to hide your data.
What about office WiFi networks? Again theoretically, office WiFi networks should be secure, but it really depends on a number of factors. For one, if your company’s IT department is not on their game, they may be running outdated software that could be exploited.
For another, remember that anything that happens on the office network can be viewed by people with the right level of access, such as that creepy mouth-breather whom none of his IT colleagues want to have lunch with. Think about that the next time you decide to indulge in some lunchtime shopping on your work computer.
5. Public USB sockets are not safe either
Since the only thing worse than not having WiFi is running out of battery power, it can be tempting to jack your charging cable into any old USB socket you see just so you can finish your Insta-story.
Well, doing so could expose you to nasty malware that will let a hacker take control of your phone or tablet.
What dark sorcery is this? Well, remember that USB sockets pass both power and data, which means a hacker can modify a socket to install spyware and viruses on your device, and you’d be none the wiser. Once they have control of your phone, they can easily uncover your passwords and other critical information.
6. Update your computer, phone and tablet, and install anti-virus software
Paying attention to where and how we connect to other websites is one side of the coin. The other is rendering the devices we own attack-proof. How? Simply by 1) updating your devices to the latest operating systems (such as iOS, Android, Windows, etc) and drivers and 2) installing up-to-date anti-virus software.
Yes, even for your phone. Especially for your phone.
Just remember, when updating your devices, always be sure to follow instructions. Particularly the ones about backing up your data lest something goes wrong.
7. Sign up for credit monitoring and expense tracking apps
Sometimes, it pays to have another set of eyes to help you keep track of things. Thankfully there are easy ways you can obtain an extra layer of surveillance.
Try signing up for a credit monitoring service, which will alert you if any major financial activity is detected — such as applications for loans and new credit facilities. These services usually come with free credit reports, which will also signal fraud if unexpected changes in your credit rating are detected.
Another option is to sign up for a finances tracking app, such as Seedly (iOS, Android), which will provide real-time monitoring of your bank and credit accounts and alert you to any suspicious activity.
8. Hide everything behind 2FA
In keeping with the ‘extra layer’ premise, make sure to switch on second-factor authentication (or 2FA as the cool kids call it) for as many services as possible. This includes not just your mobile banking and SingPass, but also your email accounts, gaming sites, favourite online stores and more.
2FA works by requiring an additional, separate verification step before logging you in, to make sure it’s really you. Whenever possible, opt for a physical token for 2FA — it’s safer than receiving one-time passwords (OTPs) over SMS.
9. Notify your bank immediately
The very first thing you should do when you discover (or even suspect) your credit card has been hacked is to tell your bank. Doing so as early as possible is important for two reasons. 1) Your bank can start taking steps to investigate and protect your account and 2) it will limit your liability for fraudulent charges.
Yes, we know — you’re the victim here, and it seems unfair to be liable for the actions of fraudsters. But because it can sometimes be difficult to prove that a transaction really was a result of theft (and not say, an impulse purchase that you can’t return), banks have to do their due diligence when investigating such cases.
Generally speaking, your personal liability in such cases rarely exceeds $100. But it’s a good idea to check with your bank what their exact policies are.
10. Check your recurring payments
Here’s an extra step you can take to help prove the fraudulent charges on your card. Check with vendors whom you’ve set up automatic recurring payments whether anyone had called up to verify the card details on your account recently.
You see, with a bit of personal data on hand, criminals can easily impersonate you on the phone. They can call up your utilities company or telecoms provider and pretend to have forgotten which credit card was used with your account. “Is it the Mastercard or the Visa? Could you verify the card number on file please?”
If you have set up such payment instructions and the companies did receive such a call, let your bank know so they can verify if that was how the hack happened.