At home

Credit card fraud: How can I protect myself?

Share on Facebook Share on Twitter Share on LinkedIn Share on Xing Share by email

Skimming, phishing, card trapping: Cyber criminals are becoming increasingly sophisticated – and anyone can fall victim to credit card fraud. Find out in this blog where the greatest dangers lurk, in which cases banks or credit institutes do not cover the financial damage, and what you should do if you fall victim to fraud.

  • Teaser Image
    Katrin Sprenger & Isabelle Näf

    Katrin Sprenger from the start-up Silenccio and Isabelle Näf, an attorney at AXA-ARAG, have tips on how you can prevent credit card fraud.

What is credit card fraud?

Credit card fraud refers to the illegal activities of criminals or fraudsters to gain unauthorized access to money in your bank or credit card account. These include:

  • the theft of credit or debit card data
  • and the fraudulent use of this data to make unauthorized purchases, to withdraw money illegally, or to sell the information.

The fraud can occur online if information is stolen, but also offline if the criminals stand at transaction sites and get physical copies of the card.

Are credit card payments even secure? What would be the alternative?

There will never be absolute security in credit card payments – regardless of whether they are made physically or online. There are several alternatives: Buying on account, paying in advance, or paying through a payment service like Twint or PayPal. At the same time, the convenience of credit card payments cannot be dismissed and so it is probably best to familiarize yourself with the potential risks.

Are there major differences in security when it comes to credit card payments?

Payment services such as PayPal or Twint have the advantage that these systems are exclusively geared to payments and the providers invest a lot of time and money to make their service as secure as possible. Thus the security standard is accordingly high. By contrast, if I make a payment in a small boutique which “also” offers credit card payments, I, as the customer, must trust that the shop operator maintains their system, thus guaranteeing security. Another advantage of payment services such as PayPal that should not be underestimated is the buyer protection they offer. In the event of misuse, this means the customer then has another authority besides the credit card provider that will intervene if problems occur.

For some online shops, I also have to enter a code I receive by text message. Does that increase security?

Absolutely. Whenever possible, “two-factor authentication” should be used. This applies equally to payments and to logins. The additional identification of the user with the second component improves security considerably yet again.

  • Teaser Image
    Secure passwords

    Whether for e-banking or online shopping: Nothing works in our digital lives without passwords. We have tips on how to create a strong password and on which tools there are for storing passwords.


Does multi-factor authentication protect me against credit card fraud?

Absolutely. Whenever possible, “two-factor authentication” should be used. This applies equally to payments and to logins, as besides your mere login data, which consists of your user name and password, a second device is generally also needed – your cell phone.

Only if the fraudsters have the login data and the cell phone in their possession can they gain access to the corresponding user account. However, the theft of hardware is much less likely than that of login data. The additional identification of the user with the second component thus improves security considerably yet again.

Can cyber criminals steal my data when I am making a payment on a website?

Yes. Unfortunately, that is possible. It can happen if the website is not https encrypted. You can see if the website has this encryption in the address line. If it is encrypted, the address will begin with https:// and there will be a little lock icon displayed on the left. If there is no encryption, the data is transferred in unencrypted form from server to server during the payment process and is thus easy to intercept and pick out.

However, even with https encryption, it is always important to keep in the back of your mind that data can also be stolen after the payment process – namely, in the form of a data leak. In this case, hackers steal entire user databases which may also have stored payment data.

For this reason, we recommend the following:

  1. Choose the option “Order as a guest” instead of setting up a user account.
  2. Payment by invoice is the most secure option, as no payment information is stored in potentially unsecure databases. 

Important: If there are indications of fraud, you should report them immediately to the customer service of the corresponding bank or card issuer.

«If there are any signs of fraud, you should report them immediately to the customer service of the respective bank or card-issuing company.»

Katrin Sprenger, CEO Silenccio

My credit card was stolen. What do I have to do?

  • Block your credit card immediately. To do so, it is helpful to save or note the service hotline of your bank or credit card company – ideally in several places.
  • Check your statement. If you discover any irregularities, you must report them immediately to your bank or credit card company. If you report losses too late, you may have to bear them yourself.
  • File a report. Report the data theft or stolen card to the police. Your report can serve as proof for your bank so that your money is reimbursed to you.
  • Document the loss of the card or credit card data. And write down when you had your card blocked.

Will the bank pay if my credit card is hacked?

That depends on the individual situation. The bank or credit institution is generally liable only for damage that occurs as the result of a culpably caused breach of contract. This is the case if, for example, obvious security issues were not remedied.

However, if the bank complied with the contract and its security mechanisms meet prevailing market standards, there is generally no obligation for it to cover the damage. In addition, financial institutions have the option of restricting their liability as part of their GTC and stipulating duties of care for customers.

You should also note: Such a breach of contract must be proven on an individual basis, which is not that easy.

When am I liable if my credit card is hacked?

Here, too, the liability depends on the individual situation. If you violate elementary duties of care while using your credit card – for example, proven use of a login on insufficiently secure devices or saving codes in a wallet – then you must bear the cost of the damage yourself.  

If such inappropriate behavior cannot be proven and there is no contractual basis for a limitation of liability, then the bank is obligated to cover the damage incurred.

Since each case must be looked at individually, we recommend obtaining legal advice.

What is the duty of care in connection with a credit card agreement?

The duty of care in credit card contracts and also for the use of e-banking is defined as the behavior required when using the card and what must be avoided. Banks can decide for themselves when there has been a violation of the duty of care and when not.

This fact is decisive since the bank can in this way transfer a large part of the risks to customers, and thus limit its own liability at the same time.  

Furthermore, practice shows that customers either do not know what duties of care have been placed upon them, or they are unaware that certain behaviors entail risks that could result in a breach of the duty of care. Cyber insurance (subsidiary coverage) offers reliable protection in such cases.

«For disputes, there is the bank ombudsman. For example, the ombudsman advises credit card holders regarding whether it is worthwhile in the situation in question to fight for a lost amount of money.»

Isabelle Näf, attorney at AXA-ARAG

In which cases am I deemed to have violated this duty of care – and who decides what these are?

As mentioned above, banks determine themselves which duties of care apply to their customers. When a duty of care has been violated and when not thus depends on the contractual agreement in question.

Which information can be “hidden” in the small print of the GTC of credit card institutions?

A lot is possible in this regard. GTC often include more details and definitions of the abovementioned duties of care. Moreover, it is worth getting more information on your bank’s limitations of liability.

  • Teaser Image
    Personal legal protection

    AXA-ARAG Legal Protection supports you in legal matters and disputes, and also protects you against financial risks if your case ends up in court.

    Find out more

Should I immediately raise an objection if I discover irregularities on my credit card statement?

If you find suspicious or obviously fraudulent transactions on your statement, you should block the card immediately. With most providers, this can easily be done on your computer or cell phone, or via the relevant telephone hotline.

In a second step, you should contest the suspicious amounts or transactions and lodge a complaint. The corresponding forms can be found on the website of the provider, bank, or credit card company. The objection must be made in writing and signed. A call is not enough. As a rule, you have 30 days to do this. If you miss this deadline, you may in the end have to bear the loss yourself.

As a final step, you should report the Internet fraudsters to the police – in many cases, a report is required as proof for the bank or credit card company.

Is there a deadline within which I must report the damage?

Card holders often realize their data has been stolen months after the fact because they do not regularly check their statements. In many cases, it is then already too late to make a complaint about the credit card misuse. Banks and credit card providers only have to reimburse the lost money if the complaint is raised within a time period defined by the card provider.  


Cyber criminals continually find new ways to access your sensitive data. That’s why you should regularly get informed about the latest security measures and technologies for protecting your data.

The exclusive prevention services of AXA’s cyber insurance give you early warning about potential dangers and can therefore prevent the worst case scenario from happening. You also receive push notifications on the current risk situation regarding cyber crime and tips and information on correct behavior on the Internet.

If you become the victim of credit card fraud because you authorized the payment – i.e. you violate your duty of care – you are protected through cyber insurance.

Credit card fraud – tips on prevention

With these easy steps, you can use your credit card securely and protect your money against credit card fraud.

  • Regularly check your statements. It’s best not to wait for your monthly credit card statements, but if possible, use the online access of your credit card provider.
  • Never send your credit card data unsecured by email or text message. With this data, anyone can shop online on your account.
  • Leave your credit card at home – if you don’t need it. Most stores also accept EC cards.
  • Don’t keep your credit card together with your PIN code.
  • Memorize your PIN code – and definitely do not write down your PIN code on a note and keep it in your wallet.
  • Shred your card receipts and credit card statements if you no longer need them.
  • Never make purchases in online shops without a secure payment system: When you shop online, look for an SSL-secured connection, for example. 
  • Destroy your old credit cards as soon as you receive a new one. Because even if your card is no longer valid, the number stays the same.
  • Never let your credit card out of your hand when you pay – the number and security code can quickly be photographed.
  • Use the digital payment function to pay with your card: Another way to protect yourself against fraud is to use the digital payment function of your card through services like Apple Pay or Google Pay. This way, you avoid disclosing sensitive information with every transaction.

Associated articles

AXA & You

Contact Report a claim Broker Job vacancies myAXA Login Customer reviews Garage portal myAXA FAQ

AXA worldwide

AXA worldwide

Stay in touch

DE FR IT EN Terms of use Data protection / Cookie Policy © {YEAR} AXA Insurance Ltd