Credit card fraud—legally defined as someone else using your card without permission—is on the rise. In the first quarter of 2019 alone, the FTC received 45,139 reports of credit card fraud, which was already enough to make it the most common form of identity theft by far.
By Q1 2023, the number of reported cases rose to 115,879.
Security.org estimates that 65% of U.S. adults have already been victimized by credit card fraud, but somehow, I wasn’t one of them. And it wasn’t for lack of trying; in 2015 I dropped my Chase card on the sidewalk in Shanghai. Up until recently, I never used a VPN on public networks and I’ve purchased model cars on obscure, ill-protected collector websites.
Point is, I’ve been low-hanging fruit for fraudsters for years, and the day finally came when someone plucked me off the proverbial tree of financial safety.
Here’s what happened, what I learned, and some effortless ways you can protect yourself better than I did.
To give my naive past self a little credit, I may have dropped the ball protecting myself from fraud, but at least I did a solid job monitoring for it.
Ask anyone well-versed in credit card fraud (including TransUnion) and they’ll tell you that the best way to monitor for fraud is to simply scan your credit card statements on a regular basis. I like to call this “the flossing of financial health” because it’s tedious and often painful, but it also prevents disease.
The “gum disease” you’re trying to prevent, in this case, is your bank holding you responsible for a charge you never even made. By law (specifically the Fair Credit Billing Act), banks have to give you at least 60 days to dispute charges on your account. But once that window closes, it’s well within their rights to give you the ol’ ¯_(ツ)_/¯ and hold you accountable for the charge.
So even if you’re a hardcore death metal fan living in Des Moines—and someone uses your credit card to buy $1,700 Taylor Swift tickets in Tampa—you could be held 100% liable for every penny unless you dispute the charge within 60 days.
That’s why “financial flossing” is so important: to stop the fraud, you gotta spot the fraud.
So anyways, I was “flossing” one day in 2022 when I spotted some “plaque” in my recent transactions. Here’s exactly what I saw:
On Aug. 3, I had a charge with the same exact description—only this time, it was for $2.50.
While the charges were clearly fraudulent, they were also baffling in so many ways that I instantly became a meme upon seeing them:
There was literally something strange about these charges in all four columns:
-
Date: The $3.00 and $2.50 charges were days apart, meaning someone knew the card information was legitimate and they sat on it.
-
Description: A quick search found the source of the charge to be Twitch.tv, a live-streaming website mostly used to watch people play video games. So while most fraudsters would instantly rush to bestbuy.com or the dark web, my fraudster was content to kick back to watch some Fortnite.
-
Category: This has nothing to do with the fraud, but I found it funny that Chase registers a charge from Twitch as “Bills & utilities.” This is likely because Twitch registered with Visa using a Merchant Category Code (MCC) like 4899 for “Pay Television,” which someone down the line mistook for a cable bill.
-
Amount: The amounts are what really got me. Considering that the median amount lost to fraud in 2022 was $650 according to the FTC, I’d expected to see at least a new TV, a pile of $100 of gift cards or at least a big juicy steak on my statement. But no; my fraudster was content to drop just $5.50 in the span of 11 days.
Things got even weirder when I followed in my fraudster’s footsteps to see what they were buying. What could you possibly get for $3 and $2.50 on Twitch.tv?
Turns out: nothing. Subscription tiers start at $4.99.
According to my friends who use Twitch, the only possible way to spend less than $5 on the platform is to tip someone. As a result, their only working theory to this day is that my “Fortnite Fraudster” initially tipped someone $3 just to see if it would work, and once they had confirmation, they tipped someone even less.
In essence, I got defrauded by the world’s most pitiful Robin Hood: stealing from tax-paying freelance writers and giving 1980s lunch money to Minecraft players.
In stark contrast to discovering the fraud, reporting the fraud was a straightforward and uneventful process. As soon as I saw it, I clicked the arrow next to the charge, then “Report a problem,” then “I did not make this purchase.”
Here’s what the exact steps look like starting from your Chase credit card account activity. The steps involved with other banks may look similar, but not identical.
Oh, and don’t worry—this is just a sample to illustrate—I’m not reporting PayPal or our beloved USPS for fraud:
Chase then responded via email within minutes, saying they would close my account, issue another card and begin a fraud investigation.
According to Experian, fraud investigations can take up to 90 days but you won’t be responsible for the disputed charge in the interim. During the investigation, your card issuer may contact the merchant, track down IP addresses and even compare signatures on the physical receipt to ensure this isn’t “friendly fraud.”
Friendly fraud, also known as chargeback fraud, is when a consumer disputes a charge as fraudulent when in reality they or someone in their household made the purchase. And despite the proliferation of actual credit card fraud, friendly fraud still accounts for around 70% of all fraud reports according to Mastercard.
Anyways, Chase didn’t need much convincing that I wasn’t the one who dropped $5.50 on Twitch. Perhaps they contacted Twitch and saw someone else’s name and IP address on the transaction record. Or perhaps they looked at my plethora of restaurant transactions and saw that I’m a better tipper than Twitch’s Ebenezer Scrooge.
Either way, the bank refunded my money, overnighted a new card to me and sent a nice e-flyer on how to protect myself a little better moving forward. Here are some of those tips, along with a few others for good measure.
To preface, no form of credit card fraud protection is 100% foolproof. The mere act of using your card—online or in-person—can put your information at risk since fraudsters cast a wide net these days.
Even still, there are ways you can make yourself harder to “catch” and therefore much less likely to join a growing pool of victims.
-
Treat public Wi-Fi as “read only.” It’s OK to check the news or the score, but you should never enter credit card information or login credentials while you’re on public Wi-Fi. Reason being, it’s extremely easy for bad guys to record everything you do.
“Unfortunately, all unsecured public WiFi networks are unsafe.” writes Katherine Barnett in Cyber Defense Magazine. “The very thing that makes them convenient – their easy accessibility and no-cost – is what makes them an easy target for those looking to steal personal information or distribute malware.
-
Never offer credit card info to an incoming caller. It’s not hard for bad guys to see which merchants you’re currently paying (or simply guess), and then call you with a simple request to “update your billing information.”
As a general best practice, if someone calls claiming to represent a company you do business with, ask for the individual’s name and then tell them you’ll call them back. Then, hang up and dial the merchant directly.
-
Use tap to pay whenever possible. One of the most common ways to steal credit card data is via “skimming,” where criminals fit small card-reading devices inside payment terminals at gas stations, ATMs and more. FICO data shows that debit card skimming is up 77% in 2023 compared to last year, meaning the next time you “swipe” you could be inadvertently sending your info to our terrible Twitch tipper.
So whenever possible, use tap to pay to bypass any skimming device that may be hiding in plain sight.
-
If your card issuer offers fraud prevention tools, use ‘em. Since fraud is an even bigger pain for them, most banks these days offer a litany of fraud-prevention tools to help you figuratively stack sandbags in front of your account.
Chase, for example, offers the Stored Cards tool which shows you which merchants from the last nine months held onto your card information. If you give them permission, Chase, Citi, Wells Fargo and others will use your cell phone number to text you if they spot a shady charge. Find out what your bank offers and fortify the ramparts. In a similar vein, you can use a virtual credit card for your online purchases.
Looking back, I’m not exactly sure how the Fortnite Fraudster got the keys to my Chase Freedom Unlimited® account. Perhaps I made the all-too-common mistake of buying something online while tethered to the airport Wi-Fi.
Despite my best efforts to prevent more fraud, I was victimized again in 2023 when a crook used my Chase Freedom Flex℠ card to spend $4,023.87 at Lowe’s. This time I was angry for an entirely different reason (because I’m team Home Depot).
But once again, since I caught it within 60 days (and it decidedly wasn’t “friendly fraud”), Chase took me seriously and reversed the charge on my account.
The key takeaway from all this is: monitor your accounts. If you aren’t already, start “financial flossing.” Fraud may be way more common these days, but the evidence it leaves behind on your statements has never been easier to spot.
You just have to look.
And in stressful times like these, if your favorite Twitch streamer brings you levity, comfort and solace, tip them better than $2.50.
Please note that card details are accurate as of the publish date, but are subject to change at any time at the discretion of the issuer. Please contact the card issuer to verify rates, fees, and benefits before applying.
This story was originally featured on Fortune.com
EMEA Tribune is not involved in this news article, it is taken from our partners and or from the News Agencies. Copyright and Credit go to the News Agencies, email news@emeatribune.com Follow our WhatsApp verified Channel