A Look at How Credit Card Details Get Stolen and How to Keep Yours Safe

Featured Credit Cards

Each time a major credit card fraud strikes a business, our response is to ignore the episode as long as it doesn’t affect us personally. Not all breaches make the news cycle, though; there are several smaller incidents that are occurring on a more regular basis.

While many of us, by now, would have wised up to social engineering attacks, the crooks have found newer modes of credit card theft. Here is a rundown of the most common ways you can have your credit card numbers stolen in 2019.

1. Card Cloning

Creating a cloned credit card is the easiest way for a thief to spend someone else’s money. All they have to do is access your credit card temporarily (often a fraction of a minute) and program them on another prepaid card. The cloned cards can then be sold on the dark web, usually through cryptocurrency. Many of these stolen cards resemble actual cards, and the attention to detail is mind-boggling.

Warning: buying cloned credit cards online is a serious cyber-crime. These screenshots are for informational purpose only. The onion addresses and names have been hidden.

Credit Cards For Sale Dark Web

Card cloning is mostly the domain of organized criminals, as it doesn’t make logistical sense to go through the paces for just one person’s credit card. The cloning operation only acquires scale when a sufficient number of victims are available, and the card details can be sold for a steep discount. Most thieves amass a number of cards from such “stores” so that they don’t have to bother if some get blocked.

Credit Cards Steep Discounts Dark Web

How to Prevent? To prevent credit card cloning, try not to hand over your credit card to another person unless it’s an emergency. Many restaurants, clubs and bars nowadays have tabletop payment terminals. Change your pin number frequently, and keep a tab on small, unaccounted expenses on your credit card through alerts on your phone. Many thieves would first make a small expenditure on a cloned credit card to ensure that a big purchase is honored later. This gives you, at least, a brief window to address the problem.

2. Card Skimming

Close on the heels of credit card cloning, ATM skimming is one of the most common ways to acquire credit and debit card details. It generally involves swipe cards rather than chip and pin cards, but as this story suggests, thieves can also install a mini camera on the skimmer to capture the pin number.

Credit Card Skimming

Skimmers can also be placed in a shady point-of-sale terminal and are undetectable to the naked eye. The law enforcement usually keeps a tab on thieves using this method, but still, skimming remains a fairly popular way to lift someone’s credit card data. You’re more vulnerable if you travel to a country where the police turns a blind eye to such crimes.

How to Prevent? To prevent card skimming, you can try to detect the fraudulent devices with a mobile app. But no prevention is better than keeping track of unauthorized transactions and changing the pin number frequently.

3. Formjacking

The digital equivalent of ATM skimming, “formjacking” is a term by Symantec which refers to hackers stealing credit card information from the checkout pages of websites. They usually install a malicious software, usually a JavaScript code, to lift the credit card numbers. Cryptojacking is another similar term that refers to lifting crypto-currency details.

Formjacking Possibility

Formjacking has become a menace in 2019, with leading websites ā€“ such as British Airways, Ticketmaster, Home Depot, Target and Feedify ā€“ reporting breach incidents.

How to Prevent? Since most formjacking attacks use a malicious script, you must arrest them during checkout using script blockers. On Firefox, you can use NoScript.

In Summary

How many of us think twice before exposing our credit card numbers to random apps and websites? If you thought that bank encryption software and one-time passwords are protecting your financial information, you are partially correct. Indeed, it is safer to use a credit card online today than it was earlier, such as 2004. But, the threats haven’t entirely disappeared.

What precautions do you take to avoid credit card theft? Please let us know in the comments.

Sayak Boral Sayak Boral

Sayak Boral is a technology writer with over ten years of experience working in different industries including semiconductors, IoT, enterprise IT, telecommunications OSS/BSS, and network security. He has been writing for MakeTechEasier on a wide range of technical topics including Windows, Android, Internet, Hardware Guides, Browsers, Software Tools, and Product Reviews.


  1. How to protect your credit card from the crooks? Simple use a digital wallet and a touch ID. For this day and age it is quite foolish to carry plastic cards in a purse,don’t you think. Good tip about the script blocker for online transactions will keep that in mind.

  2. Script blocker ok, but what if those add-ons interfere during legal transactions and likely cause errors to a smooth procedure? Don’t legit companies use their own scripts during the process? Besides, why script blocker and not check the site info locker?! I’m curious about this one.

    1. I keep NoScript activated (Firefox browser) all the time. Never had any trouble with credit card payments. It does not block genuine scripts used by Visa, Master Card, Discover or American Express. But yes, that used to be a problem way back in 2008

      Most genuine Visa payment gateways use 3D Secure, an additional XML-based security protocol.

      “Besides, why script blocker and not check the site info locker?! Iā€™m curious about this one.’

      You mean the site info look up? Yes that’s a good thing to check but as many credit card breach episodes suggest, you can never be 100% sure.

  3. Not really a comment but a question — had a call from my credit union that an attempt had been made to use a credit card in my name in a town where I do not live. The weird thing — I have had this card a couple years; activated it with Visa when I got it but I have never used it at all. There are no records that could be hacked unless it came from the card vendor. Only the last four appear on the website of my credit union online info [a national ginormous credit union]. When I got the call about the attempted use I immediately called them and they referred me to the fraud section of the issuing card; my card number disappeared from my account within minutes. How did someone get the number — I do not keep any files on my computer with recognizable financial information. No one uses the computer but my husband and me. I keep an updated copy of Avast and I think I am doing all the right things to protect the computer. I do not do pay bills or do anything involving money except from the computer. I have an offsite encrypted backup for my files [carbonite, formerly mozy]. I am concerned that I am doing something incredibly stupid but cannot imagine what that is.

    1. It seems to be a rare mode of credit card fraud and based on the available information, no one can be sure how it happened. Nowadays, credit card company employees do not have access to anything beyond the last 4 digits of your card. You can send this case to the credit card fraud investigation division and there will be no liability for you till they resolve this transaction.

    2. We use an answering machine and caller ID on our landline to screen out calls from unrecognized numbers. Couple of days ago, there was a call from a number I did not recognize so I let the machine pick it up. The caller left a message for my daughter stating that there was unauthorized access to her credit card account, gave the last four digits of the account and a phone number to call to resolve this. Curiously? Interestingly? That afternoon there were two more calls from the same number but no message was left. Obviously, the message about the compromised credit card account was a scam.

      ” Only the last four appear on the website of my credit union online info ”
      I would say that is a strong hint of where the scammer got the info. Since you have not used the card for any transactions, the only place that the last four digits of the card and your name appear together is in the credit union database. Seems like they were hacked.

      ” I keep an updated copy of Avast”
      Avast is an anti-virus, it is neither a firewall nor will it encrypt your files. It will not stop a hacker from gaining access to your files.

      ” I do not do pay bills or do anything involving money except from the computer.”
      There are two ends to each transactions, yours and the receiving entity. Your end may be locked up tighter than a drum but if there is a leak or a breach on the other end, you might as well post your financial details on Facebook for all to see.

  4. Judith Knight

    Most actual card fraud incidents occur when an employee steals a piece of your personal data and assumes your identity. That is why only the last four digits are visible on your statement which is a good step but not enough to deter a crime. Some employees do have access to privileged information such as your date of birth, security questions and they know their own system quite well so it isn’t very difficult to “change” your PIN number. The funny thing is no credit card security advisory will mention a word about the crooks originating at their source.

    The circle is complete .

Comments are closed.