What to do in the case of credit card fraud – and how can I protect myself against it?

At hotels, supermarkets, or online shopping from your couch at home: You can quickly pull out your credit card – and your trip, groceries, or new shoes are paid for. Credit cards are practical, no question about it. But unfortunately, they are never 100% safe and the more they are used, the higher the number of cases of credit card misuse. 

Katrin Sprenger from the start-up Silenccio and Isabelle Näf, an attorney at AXA-ARAG, have tips on how you can prevent credit card fraud. And they explain what you should do if you fall victim to credit card misuse.

What is credit card fraud or credit card misuse? 

Credit card fraud is when the card is stolen or falsified and used for illegal purchases. Online credit card misuse isn’t much different from physically stealing the card itself. There are three types of credit card fraud:

1. Card theft

If fraudsters steal your physical card, they can use it to pay right away – in stores and online shops.

2. Theft of electronic data

All cyber criminals need to make purchases in online shops or to make payments online is the card number, the name of the card holder and the security code.

3. Data theft from credit card providers and online shops

Time and again, Internet fraudsters and hackers pull off large-scale theft of the credit card data of customers from online shops or hotel chains. 

Are credit card payments even secure? What would be the alternative?

There will never be absolute security in credit card payments – regardless of whether they are made physically or online. There are several alternatives: Buying on account, paying in advance, or paying through a payment service like Twint or PayPal. At the same time, the convenience of credit card payments cannot be dismissed and so it is probably best to familiarize yourself with the potential risks.

Are there major differences in security when it comes to credit card payments?

Payment services such as PayPal or Twint have the advantage that these systems are exclusively geared to payments and the providers invest a lot of time and money to make their service as secure as possible. Thus the security standard is accordingly high. By contrast, if I make a payment in a small boutique which “also” offers credit card payments, I, as the customer, must trust that the shop operator maintains their system, thus guaranteeing security. Another advantage of payment services such as PayPal that should not be underestimated is the buyer protection they offer. In the event of misuse, this means the customer then has another authority besides the credit card provider that will intervene if problems occur.

For some online shops, I also have to enter a code I receive by text message. Does that increase security?

Absolutely. Whenever possible, “two-factor authentication” should be used. This applies equally to payments and to logins. The additional identification of the user with the second component improves security considerably yet again.

How often should I change the passwords I use for my favorite online shops?

The question shouldn’t be “How often should I change my password?” but rather “How strong is my password?”. The strength of a password is defined by the amount of time needed to hack it. If the password is strong enough, then it is sufficient to change it every six to eight weeks. Today, many devices recommend extremely secure passwords when you create a new account, thus increasing the security of your login data. 

My credit card was stolen. What do I have to do?

If you notice your credit card has been stolen or misused, you should remain calm and quickly take the following steps to prevent larger losses. It doesn’t matter if you were the victim of a “real” theft – for example, if your wallet was stolen – or if Internet fraudsters stole your credit card data.

• Block your credit card immediately. To do so, it is helpful to save or note the service hotline of your bank or credit card company – ideally in several places.
• Check your statement. If you discover any irregularities, you must report them immediately to your bank or credit card company. If you report losses too late, you may have to bear them yourself.
• File a report. Report the data theft or stolen card to the police. Your report can serve as proof for your bank so that your money is reimbursed to you.
• Document the loss of the card or credit card data. And write down when you had your card blocked.

Do I have to bear the financial loss incurred?

In general, there is a good chance that your bank or credit card company will pay for the loss in the event of misuse. But on the condition that you have fulfilled your duty of care. In short: Never save PIN codes near your card and always keep your PIN code well concealed when you type it in.

The duty of care also includes regularly checking your statements and reporting problems in good time. 

Should I immediately raise an objection if I discover irregularities on my credit card statement?

If you find suspicious or obviously fraudulent transactions on your statement, you should block the card immediately. With most providers, this can easily be done on your computer or cell phone, or via the relevant telephone hotline.

In a second step, you should contest the suspicious amounts or transactions and lodge a complaint. The corresponding forms can be found on the website of the provider, bank, or credit card company. The objection must be made in writing and signed. A call is not enough. As a rule, you have 30 days to do this. If you miss this deadline, you may in the end have to bear the loss yourself.

As a final step, you should report the Internet fraudsters to the police – in many cases, a report is required as proof for the bank or credit card company.