How to Protect Against Credit Card Fraud: Complete 2026 Guide

# How to Protect Against Credit Card Fraud: Complete 2026 Guide

Last Updated: February 25, 2026

Credit card fraud costs Americans $12 billion annually. Learn the exact strategies to protect your cards, spot fraud early, and respond quickly if compromised.

---

Table of Contents

1. Understanding Credit Card Fraud
2. Prevention Strategies
3. Early Detection Systems
4. What to Do If Your Card is Compromised
5. Advanced Protection Tactics
6. Common Scams to Avoid
7. Recovery and Cleanup
8. Action Plan

---

Understanding Credit Card Fraud

Types of Credit Card Fraud

1. Card-Present Fraud (Physical Card Stolen)

• Pickpocketing / theft
• Lost card used by finder
• Skimming devices at ATMs/gas pumps
• Shimming (chip card skimming)

Prevalence: 30% of fraud cases

2. Card-Not-Present Fraud (Online)

• Data breaches exposing card numbers
• Phishing emails stealing info
• Fake websites (spoofing)
• Public WiFi interception

Prevalence: 70% of fraud cases (growing rapidly)

3. Account Takeover

• Hacker gains access to your online account
• Changes contact info
• Requests new card sent to their address

Prevalence: 15% of fraud cases

4. New Account Fraud (Identity Theft)

• Criminal opens card in your name
• Uses your SSN and personal info
• You don't know until damage is done

Prevalence: 10% of fraud cases (most damaging)

How Fraudsters Get Your Information

Data Breaches (Most Common):

```

Company database hacked → Millions of card numbers stolen

Examples: Target (2013), Home Depot (2014), Equifax (2017)

Your card number sold on dark web for $5-50

```

Phishing/Social Engineering:

```

Fake email: "Your account is locked, verify here"

You click link → Enter card info on fake site

Fraudster has your card number + CVV + address

```

Skimming Devices:

```

ATM or gas pump → Hidden device reads card data

You swipe/insert card → Device copies card number

Fraudster retrieves device → Creates clone card

```

Data Interception:

```

You shop on public WiFi → No encryption

Hacker on same network → Intercepts transaction

Gets card number + CVV + personal info

```

Your Legal Protections

Zero Liability (Federal Law):

• $0 liability for fraudulent charges
• Applies to all major card networks (Visa, Mastercard, Amex, Discover)
• Works if you report promptly

Fair Credit Billing Act (FCBA):

• Max $50 liability for unauthorized charges
• In practice, most issuers waive even that $50
• 60 days to dispute from statement date

Key Takeaway: You won't lose money from fraud IF you report it quickly.

---

Prevention Strategies

Level 1: Basic Protection (Everyone Should Do)

#### 1. Use Credit Cards Over Debit Cards

Why Credit is Safer:

✅ Fraud protection is stronger (FCBA applies)

✅ Fraudster doesn't access your bank account

✅ Provisional credit during disputes (money returned immediately)

✅ Better fraud monitoring by issuers

Debit Card Risk:

❌ Money directly removed from bank account

❌ Fewer protections (Regulation E, not FCBA)

❌ Longer to get money back (10+ days)

❌ Overdraft risk if account drained

Strategy: Use credit cards for all purchases, pay off monthly.

#### 2. Enable Transaction Alerts

Set up instant notifications for:

• [ ] Any purchase over $1
• [ ] All online transactions
• [ ] All international transactions
• [ ] Card-not-present purchases
• [ ] ATM withdrawals

How to Enable:

```

Chase: Account → Alerts → Transaction Alerts → Set to $1 threshold

Amex: Settings → Notifications → Transaction Alerts → All Purchases

Capital One: Settings → Notifications → Purchase Alerts

```

Benefit: Know within seconds if someone uses your card fraudulently.

Example:

```

2:15 PM: Fraudulent $500 charge in California

2:15 PM: Text alert: "Charge of $500 at Electronics Store"

2:16 PM: You (in Texas): Call to report fraud immediately

2:20 PM: Charge reversed, new card issued

Damage: $0, caught in 5 minutes

```

#### 3. Check Statements Weekly

Don't wait for alerts (they can fail):

• [ ] Log in to each card account weekly
• [ ] Scan all transactions from last 7 days
• [ ] Flag anything unfamiliar
• [ ] Report suspicious charges within 24 hours

Common Fraud Pattern:

```

Day 1: Fraudster tests with $1 charge (Netflix, Amazon)

No response from you → Card is active

Day 3: Fraudster makes $2,000 purchase

If you caught $1 test charge → Fraud stopped early

```

Pro Tip: Use apps like Mint or Personal Capital to aggregate all cards (easier monitoring).

#### 4. Never Share Card Info via Email/Phone

Legitimate Companies NEVER Ask For:

• Full card number via email
• CVV code over phone
• Online banking password
• PIN number

Phishing Examples:

```

❌ Email: "Your card expired, click here to update"

❌ Call: "We're from Visa fraud department, verify your CVV"

❌ Text: "Unusual activity, reply with card number to verify"

All fake. Real issuers don't request info this way.

```

If Unsure:

1. Hang up / don't click link
2. Call number on BACK of your card (not the one they gave you)
3. Ask: "Did you just contact me about fraud?"

#### 5. Use Strong, Unique Passwords

For online card accounts:

• [ ] 12+ characters
• [ ] Mix of letters, numbers, symbols
• [ ] Different password for each account
• [ ] Use password manager (1Password, Bitwarden)

Weak Password Example:

```

❌ Password123

❌ YourName2026

❌ Same password for Chase + Amex + email

Risk: One account hacked → All accounts compromised

```

Strong Password Example:

```

✅ Chase: k9$mP2@nQ5^zL8!x

✅ Amex: R4#vT7@wY1^sN9&j

✅ Capital One: F6!qZ3@eM8^pK2#

Stored in: 1Password (encrypted vault)

```

Level 2: Intermediate Protection (Recommended)

#### 6. Enable Two-Factor Authentication (2FA)

What it is: Second verification step after password

How it works:

```

Step 1: Enter password

Step 2: Enter code sent to phone / generated by app

Result: Even if password is stolen, hacker can't access account

```

How to Enable:

```

Chase: Profile → Security → Two-Step Verification → Enable

Amex: Account Services → Security Center → 2FA → Enable

Capital One: Settings → Security → 2-Factor → Enable

```

Use Authenticator App (Most Secure):

• Google Authenticator
• Authy
• 1Password (built-in)

Avoid SMS (can be intercepted via SIM swapping):

• SMS is better than nothing
• Authenticator app is more secure

#### 7. Freeze Your Credit

What it does: Prevents new accounts being opened in your name

Doesn't affect:

• ✅ Existing cards (work normally)
• ✅ Credit score
• ✅ Ability to use current cards

Does prevent:

• ❌ New credit card applications (even by you, until you unfreeze)
• ❌ Identity thieves opening cards in your name
• ❌ Some background checks (employment, rental)

How to Freeze:

```

Contact all three bureaus (free):

Equifax: equifax.com/personal/credit-report-services/credit-freeze

Experian: experian.com/freeze/center.html

TransUnion: transunion.com/credit-freeze

Takes 5 minutes per bureau (15 min total)

```

When to Unfreeze:

• Applying for new credit card
• Refinancing mortgage/loan
• Renting apartment (sometimes required)

Unfreeze Process:

```

Temporary unfreeze (for specific application):

1. Log in to credit bureau
2. Lift freeze for 7-30 days
3. Apply for card
4. Freeze automatically reinstates

```

#### 8. Use Virtual Card Numbers

What they are: Temporary card numbers for online purchases

How they work:

```

Real card: 4532-1234-5678-9012

Virtual card: 4532-9876-5432-1098 (expires after 1 use or 1 merchant)

Merchant gets hacked → Virtual number compromised

Your real card → Still safe

```

Providers:

Privacy.com (Standalone Service):

• Create unlimited virtual cards
• Set spending limits per card
• Pause/close cards anytime
• Free plan: 12 cards/month

[Capital One](/issuers/capital-one "Capital One - Issuer Profile") Eno (Built-in Feature):

• Virtual cards for online shopping
• Auto-generates when shopping
• Manage in browser extension

[Citi](/issuers/citi "Citi - Issuer Profile") Virtual Account Numbers:

• Available on most Citi cards
• Generate at citcards.com
• Set expiration date and limit

Apple Pay / Google Pay:

• Tokenized card numbers (similar concept)
• Merchant never sees real card number

Example Use Case:

```

Shopping on sketchy website:

Real card: 4532-1234-5678-9012 (risky)

Virtual card: 4532-9876-5432-1098 (safe)

Site gets hacked → Virtual card leaked

You: Close virtual card (2 clicks)

Real card: Still secure

```

#### 9. Avoid Public WiFi for Financial Transactions

Risk:

```

Public WiFi (Starbucks, Airport, Hotel):

→ Unencrypted network

→ Hacker on same network

→ Intercepts traffic (man-in-the-middle attack)

→ Gets card number, passwords, etc.

```

Safe Alternatives:

✅ Use cellular data (4G/5G) for banking

✅ Use VPN on public WiFi (NordVPN, ExpressVPN)

✅ Wait until home to make purchases

VPN Protection:

```

Without VPN: Your traffic → Public WiFi → Bank (visible)

With VPN: Your traffic → Encrypted tunnel → Bank (hidden)

Hacker sees: Gibberish (can't read your data)

```

Recommended VPNs:

• NordVPN ($5/month)
• ExpressVPN ($8/month)
• Mullvad ($5/month)

#### 10. Shred Documents with Card Info

What to shred:

• [ ] Old credit card statements
• [ ] Pre-approved credit offers
• [ ] Receipts with full card number
• [ ] Expired cards (after cutting up)
• [ ] Anything with last 4 digits + other personal info

Why: Dumpster diving is still a thing (identity thieves search trash).

How: Cross-cut shredder ($30-50 at Amazon).

Level 3: Advanced Protection (For High-Risk Individuals)

#### 11. Use Separate Card for Online Shopping

Strategy: Dedicate one card for online purchases only

Setup:

```

Card A (Physical locations): Everyday spending, restaurants, gas

Card B (Online only): All internet purchases

Card C (Subscriptions): Recurring charges only

```

Benefits:

• If online card is compromised → Only affects one card
• Easier to track online fraud
• Can set lower credit limit on online card ($2,000 vs. $20,000)

Example:

```

Your cards:

Chase Sapphire: $15,000 limit (in-person only)

Chase Freedom: $3,000 limit (online only)

Freedom compromised in data breach:

→ Cancel Freedom, get new one

→ Sapphire still works (no disruption)

```

#### 12. Set Up Account Monitoring

Credit Monitoring Services:

• Credit Karma (free): Checks TransUnion + Equifax weekly
• Experian (free basic): Checks Experian monthly
• IdentityGuard ($10/mo): Daily monitoring + $1M insurance
• LifeLock ($15/mo): Comprehensive identity theft protection

What They Alert On:

• New accounts opened in your name
• Credit inquiries (new card applications)
• Address changes
• Public records (bankruptcies, liens)
• Data breaches affecting your info

Free vs. Paid:

```

Free (Credit Karma):

• Weekly credit checks
• New account alerts
• Basic monitoring

Paid (LifeLock $15/mo):

• Daily credit checks
• Dark web monitoring (is your info for sale?)
• Social Security monitoring
• Up to $1M insurance coverage
• Identity restoration assistance

```

#### 13. Regularly Update Card Info on Subscriptions

Why: Old card on file = security risk

Scenario:

```

2020: Sign up for Netflix with Card A

2023: Cancel Card A (compromised)

2026: Netflix still has old Card A on file in database

2026: Netflix breach → Old card number leaked

Even though card is canceled, number + your email leaked

Risk: Identity thieves now have partial info

```

Best Practice:

• [ ] Audit all subscriptions annually
• [ ] Update to current card number
• [ ] Remove old cards from merchant accounts
• [ ] Cancel unused subscriptions

How to Find All Subscriptions:

```

Method 1: Review 3 months of statements

Method 2: Use app like Truebill or Rocket Money

Method 3: Search email for "subscription" or "recurring"

```

---

Early Detection Systems

Set Up Fraud Alerts

[Fraud Alert](/glossary#fraud-alert "Fraud Alert - Glossary Definition") (Free):

• Contact one credit bureau (they notify the other two)
• Lasts 1 year (renewable)
• Creditors must verify identity before issuing new credit

How to Set:

```

Call Equifax: 1-800-525-6285

OR Experian: 1-888-397-3742

OR TransUnion: 1-800-680-7289

Request: "Initial fraud alert on my credit file"

Duration: 1 year (automatic notification to other bureaus)

```

When to Use:

• After data breach affecting your info
• Lost wallet/purse
• Suspect identity theft
• Extra caution (applying for mortgages, etc.)

Difference from [Credit Freeze](/glossary#credit-freeze "Credit Freeze - Glossary Definition"):

```

Fraud Alert:

• Creditors must verify identity (phone call)
• Can still open new accounts (with extra verification)
• Free, lasts 1 year

Credit Freeze:

• Blocks all new credit applications
• Must unfreeze to apply for credit
• Free, lasts until you lift it

```

Monitor Dark Web for Your Info

What is Dark Web Monitoring:

• Services scan illegal marketplaces for your data
• Alerts if your card number, SSN, email is for sale
• Helps you respond before fraud occurs

Services:

Free Options:

• Have I Been Pwned (haveibeenpwned.com): Email breach checks
• Firefox Monitor (monitor.firefox.com): Email + password breach alerts
• Google Password Checkup: Checks if passwords compromised

Paid Options:

• Experian IdentityWorks ($10/mo): Dark web + credit monitoring
• IdentityGuard ($10/mo): Dark web + SSN + credit monitoring
• LifeLock ($15/mo): Comprehensive (dark web + credit + alerts)

Example Alert:

```

Have I Been Pwned email:

"Your email (you@email.com) appeared in a breach at

MegaCorp on January 15, 2026.

Compromised data: Email, password, card last 4 digits

Action: Change password, monitor card for fraud"

```

Use Issuer Fraud Protection Tools

[Chase](/issuers/chase "Chase - Issuer Profile"):

• Account Alerts: Text/email for all transactions
• Fraud Early Warning: AI detects unusual spending
• Travel Notifications: (Optional, not required in 2026)

[American Express](/issuers/american-express "American Express - Issuer Profile"):

• Amex Send & Split: Virtual card numbers
• Purchase Alerts: Real-time notifications
• SafeKey: 3D Secure for online shopping (2FA at checkout)

Capital One:

• Eno Browser Extension: Virtual card numbers
• CreditWise: Free credit monitoring
• Purchase Alerts: Customizable notifications

Discover:

• Freeze It: Instantly freeze card via app (prevent new charges)
• Free [FICO Score](/glossary#fico-score "FICO Score - Glossary Definition"): Monitor credit score impact
• $0 Fraud Liability: Best-in-class protection

Citi:

• Virtual Account Numbers: For online shopping
• Citi Identity Theft Solutions: 24/7 fraud assistance
• Account Alerts: Customizable notifications

---

What to Do If Your Card is Compromised

Immediate Actions (First 24 Hours)

#### Step 1: Call Issuer to Report Fraud (Do This First)

Within 5 minutes of discovering fraud:

Emergency Numbers (24/7):

• Chase: 1-800-935-9935
• American Express: 1-800-528-4800
• Capital One: 1-800-227-4825
• Discover: 1-800-347-2683
• Citi: 1-800-950-5114
• Bank of America: 1-800-732-9194

What to Say:

```

"I have fraudulent charges on my card. I need to report fraud."

They'll ask:

• Which charges are fraudulent?
• When did you last use the card?
• Do you still have physical card?

You respond:

• List each fraud charge
• Last legitimate use date/merchant
• Yes/no (if stolen, say no)

```

What Happens:

• Card is canceled immediately (prevents more fraud)
• New card issued (arrives in 5-7 days)
• Fraudulent charges removed
• You get provisional credit

#### Step 2: Review All Recent Transactions

Go back 60-90 days:

• [ ] Log in to online account
• [ ] Review every transaction
• [ ] Flag ALL suspicious charges (even small ones)
• [ ] Report all fraud to issuer at once

Common Fraud Pattern:

```

Fraudster tests with small charges first:

Day 1: $1.50 Google Play

Day 2: $3.99 Netflix

Day 5: $12.99 Spotify

Day 10: $2,500 electronics purchase

If you only report $2,500 charge:

→ Small charges remain (you still owe them)

Report all 4 charges → Full resolution

```

#### Step 3: Dispute Each Fraudulent Charge

Even if issuer removes them:

• Verbal report = temporary
• Written dispute = permanent

How to Dispute:

```

Online:

Log in → Transaction → Dispute → Fraud → Submit

Phone:

"I'd like to formally dispute these charges as fraud"

Mail (backup):

Send dispute letter to address on statement

```

Follow-Up:

• Get confirmation number for each disputed charge
• Request written confirmation
• Save all documentation

#### Step 4: Update All Autopay

Before new card arrives:

• [ ] List all subscriptions on old card
• [ ] Update with new card number (when it arrives)
• [ ] Monitor for failed payment attempts

Common Autopay:

• Streaming (Netflix, Hulu, Spotify)
• Utilities (phone, internet)
• Insurance (auto, health)
• Memberships (gym, Amazon Prime)
• Software (Microsoft, Adobe)

Follow-Up Actions (Week 1)

#### Step 5: File Police Report (For Identity Theft)

When to File:

• Multiple cards compromised
• New accounts opened in your name
• Large fraud amounts ($5,000+)
• Issuer requests it (for investigation)

Where to File:

• Local police department
• Online: IdentityTheft.gov (FTC)

What You Need:

• List of fraudulent charges
• Timeline of when you noticed
• Any evidence (phishing emails, etc.)

Why It Matters:

• Creates official record
• Required for identity theft affidavit
• Helps with credit bureau disputes
• May be needed for insurance claims

#### Step 6: Check Other Accounts

If one card is compromised, check:

• [ ] Other credit cards (same issuer and different issuers)
• [ ] Bank accounts (checking, savings)
• [ ] PayPal, Venmo, Cash App
• [ ] Store accounts (Amazon, Target, etc.)
• [ ] Investment accounts

Why: Fraudsters often try multiple accounts once they have your info.

#### Step 7: Change Passwords

For any account that stored the compromised card:

• [ ] Credit card online account
• [ ] Email (if used for card notifications)
• [ ] Merchants where card was saved (Amazon, etc.)
• [ ] Any account using same password

Use this opportunity to:

• Create strong, unique passwords
• Enable 2FA on all accounts
• Update security questions

Long-Term Actions (Month 1-6)

#### Step 8: Monitor Credit Report

Check for new accounts opened fraudulently:

• AnnualCreditReport.com (free, official)
• Credit Karma (free, weekly monitoring)
• Experian (free basic monitoring)

Look for:

• New credit cards you didn't open
• Hard inquiries you didn't authorize
• Address changes
• Incorrect personal info

Timeline:

```

Week 1 after fraud: Check all 3 bureaus

Month 1: Check again

Month 3: Check again

Month 6: Check again

Month 12: Annual check

```

#### Step 9: Place Fraud Alert or Credit Freeze

Fraud Alert (if you suspect ongoing risk):

• Lasts 1 year
• Requires creditors to verify identity
• Free

Credit Freeze (if you want maximum protection):

• Blocks all new credit applications
• Lasts until you lift it
• Free

How to Decide:

```

One card compromised, no other issues:

→ Fraud alert (1 year)

Multiple cards + identity theft:

→ Credit freeze (until resolved)

```

#### Step 10: Consider Identity Theft Protection

If fraud was severe, sign up for monitoring:

• LifeLock ($15/mo): Comprehensive monitoring + $1M insurance
• IdentityGuard ($10/mo): Credit + dark web + alerts
• Experian IdentityWorks ($10/mo): Credit + dark web

Free Alternative:

• Credit Karma (free credit monitoring)
• Have I Been Pwned (free email breach checks)
• Set up fraud alerts (free at credit bureaus)

---

Advanced Protection Tactics

For Frequent Travelers

1. Notify Issuer of Travel (Optional in 2026):

• Most issuers no longer require this (AI detects legitimate travel)
• But can prevent false declines in foreign countries
• Do it: Chase, Citi (recommended)
• Skip it: Amex, Capital One (good fraud detection)

2. Carry Backup Cards:

```

Primary card: Chase Sapphire Reserve (Visa)

Backup card: Amex Gold (Amex network)

Emergency card: Capital One Venture (Mastercard)

Why: If one is declined/compromised, you have alternatives

Also: Different networks accepted in different countries

```

3. Use RFID-Blocking Wallet:

• Prevents "contactless skimming"
• Protects tap-to-pay cards
• $15-30 on Amazon

4. Avoid Using Card at Sketchy Locations:

• Use cash at tiny/unknown merchants abroad
• Avoid ATMs in dark alleys (skimming risk)
• Prefer bank ATMs over standalone machines

For Online Shoppers

1. Only Shop on HTTPS Sites:

```

Check URL: https:// (not http://)

Look for padlock icon in browser

Avoid: Sites without SSL encryption

Why: HTTP = unencrypted (anyone can intercept data)

HTTPS = encrypted (data protected in transit)

```

2. Use PayPal or Apple Pay When Possible:

• Merchant never sees your card number
• Extra layer of protection
• Easier disputes (can file with PayPal + card issuer)

3. Verify Site is Legitimate:

```

Real site: amazon.com

Fake site: amaz0n.com (zero instead of O)

Fake site: amazon-deals.com (subdomain trick)

How to verify:

• Check URL carefully (every letter)
• Look for trust badges (but can be faked)
• Google "[site name] scam" to check reviews

```

4. Never Save Card on Merchant Sites:

• Exception: Major sites (Amazon, Target, etc.)
• Avoid: Small/unknown merchants
• Why: If they get hacked, your card is exposed

5. Use Virtual Card Numbers:

• Privacy.com: Unlimited virtual cards
• Capital One Eno: Virtual cards for online shopping
• Citi Virtual Numbers: One-time use numbers

For High-Net-Worth Individuals

1. Get Premium Cards with Best Fraud Protection:

```

Tier 1 (Excellent Protection):

• Amex Platinum: Best in class fraud detection
• Chase Sapphire Reserve: 24/7 concierge help
• Citi Prestige: Identity theft solutions

Tier 2 (Good Protection):

• Most premium cards ($95+ annual fee)

Tier 3 (Basic Protection):

• No-fee cards (still zero liability, but less proactive monitoring)

```

2. Hire Identity Theft Protection:

• LifeLock Ultimate Plus ($30/mo): Up to $1M insurance
• IdentityForce UltraSecure ($25/mo): White glove service
• Includes: Credit monitoring, dark web, lost wallet assistance, resolution services

3. Use Separate Cards for Different Purposes:

```

Card 1: Daily spending (groceries, gas, dining)

Card 2: Online shopping only

Card 3: Subscriptions/recurring charges

Card 4: International travel

Card 5: Business expenses (if applicable)

Why: Compartmentalization limits damage if one is compromised

```

---

Common Scams to Avoid

Scam 1: Phishing Emails

What it looks like:

```

From: Chase Security <security@chase-secure.com> [FAKE]

Subject: Urgent: Verify Your Account

"We detected unusual activity on your account.

Click here to verify your identity within 24 hours

or your account will be locked."

[Button: Verify Now]

```

Red Flags:

• Sense of urgency ("24 hours or account locked")
• Suspicious sender email (look closely at domain)
• Asks you to click link
• Requests sensitive info (card number, CVV, password)

How to Spot:

```

Real Chase email: @chase.com

Fake: @chase-secure.com, @chase-banking.com, @chaseverify.com

Hover over link before clicking:

Shows: http://fake-site.ru/chase (NOT chase.com)

```

What to Do:

1. Don't click any links
2. Delete email
3. Go directly to chase.com (type it yourself)
4. Log in and check for real alerts
5. Report phishing to issuer

Scam 2: Vishing (Voice Phishing)

What it looks like:

```

Phone call: "This is Chase fraud department. We detected

$2,000 fraudulent charge. To stop it, verify your

card number and CVV."

You panic → Give info → Scammer now has your card

```

Red Flags:

• Unsolicited call claiming to be bank
• Asks for full card number or CVV
• Pressures you to act immediately
• Threatens account closure

What to Do:

1. Hang up (don't engage)
2. Call number on BACK of your card (not the one they provided)
3. Ask: "Did you just call me about fraud?"
4. Real issuer will have notes if they called

Real vs. Fake:

```

Real fraud call:

• May ask to verify recent transactions (yes/no)
• Will NOT ask for CVV or full card number
• Can verify they called by you calling back official number

Fake call:

• Asks for sensitive info
• Threatens immediate action required
• Can't be verified when you call back real number

```

Scam 3: Fake Websites (Spoofing)

What it looks like:

```

Google search: "Chase credit card login"

Top result (ad): chase-online.com [FAKE]

You click → Looks exactly like real Chase site

You enter username + password → Scammer captures it

```

How to Avoid:

1. Never click ads for banking sites
2. Bookmark real site (chase.com) and only use that
3. Type URL manually (not from Google results)
4. Check URL carefully (every character)
5. Look for HTTPS and padlock icon

Example:

```

Real: https://www.chase.com

Fake: https://www.chase-secure.com (extra word)

Fake: https://www.chaseonline.com (compound word)

Fake: https://www.chase.com.loginverify.com (subdomain trick)

```

Scam 4: Skimming at ATMs/Gas Pumps

What it is:

• Device attached to ATM/gas pump card reader
• Reads your card data when you swipe/insert
• Criminal returns later to retrieve device + data

How to Spot:

```

Look for:

• Card reader looks loose or different from others
• Unusual colors/materials on reader
• Pinhole camera near PIN pad
• ATM in isolated area (easier to install device)

```

How to Avoid:

1. Use ATMs inside banks (safer, monitored)
2. Wiggle card reader before inserting (loose = potential skimmer)
3. Cover PIN pad when entering PIN (block cameras)
4. Use tap-to-pay when possible (harder to skim)
5. Prefer bank ATMs over standalone machines

Scam 5: Fake Charity Calls

What it looks like:

```

Call: "We're collecting for [recent disaster] victims.

Can we take your credit card info for a donation?"

You want to help → Give card number → No charity, just scam

```

How to Avoid:

1. Never give card info over unsolicited call
2. Say: "Send me info by mail"
3. Research charity online (CharityNavigator.org)
4. Donate directly on charity's official website
5. Use credit card (better protection than debit/wire)

Scam 6: "Free Trial" Scams

What it looks like:

```

Ad: "Free 30-day trial, just pay $1 shipping!"

You enter card info → Receive product

Day 31: $89.99 charge for "monthly subscription"

You: "I didn't authorize this!"

Fine print: "Trial converts to $89.99/mo unless canceled"

```

How to Avoid:

1. Read all terms before entering card info
2. Set calendar reminder to cancel before trial ends
3. Use virtual card number (set $1 limit, auto-declines future charges)
4. Avoid "free trials" from unknown companies
5. If charged: Dispute immediately (see fraud guide)

---

Recovery and Cleanup

If You're a Victim of Identity Theft

Step 1: Report to FTC:

• Visit: IdentityTheft.gov
• Create recovery plan
• Get identity theft affidavit

Step 2: File Police Report:

• Local police department or online
• Bring: List of fraud accounts, timeline, evidence
• Get: Police report number (needed for disputes)

Step 3: Contact Credit Bureaus:

```

Equifax: 1-800-525-6285

Experian: 1-888-397-3742

TransUnion: 1-800-680-7289

Request:

1. Extended fraud alert (7 years)
2. Free credit report
3. Block fraudulent accounts from appearing on report

```

Step 4: Close Fraudulent Accounts:

• Contact each fraud account issuer
• Provide: Police report, identity theft affidavit
• Request: Account closed, removed from credit report

Step 5: Dispute with Credit Bureaus:

• File dispute for each fraudulent account
• Attach: Police report, affidavit, proof of identity
• Bureaus must investigate within 30 days

Step 6: Monitor for 12+ Months:

• Check credit reports monthly
• Watch for new fraudulent accounts
• Maintain fraud alert or freeze

Timeline for Recovery

Week 1:

• Report to FTC, police
• Contact credit bureaus
• Place fraud alert
• Review all credit reports

Week 2-4:

• Dispute fraudulent accounts
• Close fraud credit cards
• File disputes with issuers

Month 2-3:

• Follow up on disputes
• Verify fraudulent accounts removed
• Update passwords, security questions

Month 6:

• Check credit reports again
• Verify all fraud resolved
• Consider credit freeze

Month 12:

• Final credit report check
• Renew fraud alert if needed
• Continue monitoring

---

Action Plan: Secure Your Cards in 7 Days

Day 1: Enable Alerts

• [ ] Log in to each credit card account
• [ ] Go to Settings → Alerts/Notifications
• [ ] Enable transaction alerts for all purchases over $1
• [ ] Enable alerts for online, international, card-not-present purchases
• [ ] Choose SMS + email (redundancy)

Day 2: Set Up 2FA

• [ ] Download authenticator app (Google Authenticator or Authy)
• [ ] Enable 2FA on all credit card accounts
• [ ] Enable 2FA on email (used for card notifications)
• [ ] Test login with 2FA to ensure it works

Day 3: Freeze Your Credit

• [ ] Visit Equifax, Experian, TransUnion websites
• [ ] Create account at each bureau
• [ ] Request credit freeze at each (free)
• [ ] Save freeze PIN/password (needed to unfreeze)
• [ ] Confirm freeze is active

Day 4: Use Virtual Cards

• [ ] Sign up for Privacy.com (or use issuer's virtual cards)
• [ ] Create virtual card for online shopping
• [ ] Replace real card with virtual card on 2-3 online merchants
• [ ] Set spending limits on virtual cards

Day 5: Audit Subscriptions

• [ ] Review last 3 months of statements
• [ ] List all recurring charges
• [ ] Update old card numbers to current cards
• [ ] Cancel unused subscriptions
• [ ] Remove saved cards from merchant accounts you don't use

Day 6: Strengthen Passwords

• [ ] Change passwords on all credit card accounts
• [ ] Use 12+ character unique passwords
• [ ] Save in password manager (1Password, Bitwarden)
• [ ] Change password on email (used for card notifications)

Day 7: Set Monitoring

• [ ] Sign up for Credit Karma (free monitoring)
• [ ] Check Have I Been Pwned (email breach check)
• [ ] Set calendar reminder to check statements weekly
• [ ] Set calendar reminder to check credit report quarterly

---

Bottom Line

Essential Protection (Everyone):

• Use credit cards over debit (better fraud protection)
• Enable transaction alerts for all purchases
• Check statements weekly for fraud
• Never share card info via email/phone
• Use strong, unique passwords + 2FA

Recommended Protection (Most People):

• Freeze your credit (blocks new account fraud)
• Use virtual card numbers for online shopping
• Avoid public WiFi for financial transactions
• Shred documents with card info
• Sign up for free credit monitoring

Advanced Protection (High-Risk):

• Separate cards for different purposes (online, in-person, travel)
• Paid identity theft protection ($10-30/mo)
• RFID-blocking wallet
• Dark web monitoring
• Regular credit report checks (monthly)

If Compromised:

• Call issuer within 5 minutes (1-800 number on back of card)
• Dispute all fraudulent charges
• Update autopay before new card arrives
• File police report (if identity theft)
• Place fraud alert or credit freeze
• Monitor credit for 12+ months

Key Takeaway: Credit card fraud is common but preventable. Use credit over debit, enable alerts, check statements weekly, and you'll catch fraud early. If compromised, report immediately—you have $0 liability if you act fast.

---

Protect your rewards too: See our guides on Best Travel Cards with Fraud Protection and How to Dispute Credit Card Charges.

---

*Disclaimer: While credit card issuers provide $0 fraud liability, you must report fraud promptly to qualify for protection. Security practices should be tailored to your individual risk level.*