Freely subscribe to our NEWSLETTER

The prevalence of credit card fraud has surged, marking credit card fraud as the focus of 83% of the 1.9 million US consumer reports on credit card-related issues since 2020. This staggering figure amounts to over 1.5 million instances, signifying an escalating concern for individuals and financial institutions alike.

Notably, credit card fraud remains the primary form of identity theft, accounting for nearly one-third of all reported cases during this period. The demographic data is particularly unsettling, with individuals in their 30s and 40s proving to be the most susceptible, representing over half of the reports in this category.

Nationally, the average stands at 434 reports of credit card fraud per 100,000 people since 2020; however, Georgia and Florida outstrip this average with 916 and 882 reports per 100,000 people, respectively. Additionally, credit card fraud reports have seen a marked increase in the first quarters of both 2022 and 2023, likely linked to elevated spending during the holiday season. This trend may predict a further rise in fraud incidents in the first quarter of 2024 as credit card utilization continues.

In response to this alarming trend, Aleksandr Valentij, Cyber Security Lead at Surfshark, has shared his insights. "We’re seeing that credit card fraudsters not only employ digital tactics but also gravitate towards physical devices to skim and steal credit card information," warns A. Valentij.

"A common pitfall is the exposure to online skimming and phishing attacks where seemingly legitimate payment forms or compromised websites become the conduits for information theft. To combat this, consumers are encouraged to adopt safer practices such as the use of virtual credit cards, which limit exposure, and to remain vigilant for secure connections, ensuring encrypted HTTPS communication protocols are consistently present during online transactions. The loss of the security padlock symbol at any stage should be a clear signal to abort the transaction to prevent data compromise."

A. Valentij warns consumers about the often-underestimated yet significant risks of physical threats, explaining that skimming devices can be discreetly attached to payment terminals, even by store owners. "Contactless theft is a particularly insidious method, where thieves carry portable readers to intercept NFC (Near Field Communication) transactions by simply being in close proximity to a victim’s card, such as on a crowded bus. However, this risk is somewhat mitigated for contactless payment cards since cloning them requires more than just an NFC scan. That said, there are certain card types vulnerable to cloning with just a rogue NFC/RFID scan—for instance, low-end access cards, inadequately protected transit cards, discount cards, and so forth. It is concerning how easily devices designed for legitimate functions like analyzing and surveying sub-GHz radio frequencies can be repurposed to capture various contactless card details surreptitiously."

The cybersecurity expert recommends proactive measures, "To shield against such vulnerabilities, employing RFID-blocking wallets is essential as they provide a barrier against unwanted card reads. These wallets have metalized mesh woven into fabric, preventing NFC/RFID signals from being transmitted. Fortunately, in many cases, the data captured is encrypted, making it challenging to replicate the card details successfully. Consumers should always remain alert for physical encounters that seem invasive, as hackers might be lurking with a device, waiting for an opportunity to surreptitiously capture credit card information."

A. Valentij further warns about the prevalent market of these hacking devices, "These tools are in high demand right now and often overpriced in the underground market, which for a time being underscores the likelihood of the issue and the necessity for consumers to take physical credit card security seriously. However, this scarcity is temporary, and demand for this tech will be met by suppliers quite soon. So, not just about online threats; physical attacks are a real and present danger."