I am positive that I had a puzzled expression on my face as I looked at my online credit card statement. I was relatively certain that I hadn't bought Farmville credits for Facebook or registered for an online genealogy website. And I was positive that I hadn't recently purchased a pre-designed website. But what had me even more perplexed than the thief's odd choices of items to purchase was the fact that my credit card was still in my wallet and had not been physically lost or stolen.

I immediately called my credit card company and the friendly representative assured me that I would not be liable for purchases that I didn't make. She assured me that the theft of both a credit card number and security code was very common and most likely didn't happen because I was careless with my card or number, but she couldn't explain exactly how my number was stolen.

Key takeaways

  • Your physical card doesn't have to disappear for it to be compromised
  • Data breaches, keyloggers and skimmers can compromise your credit card while it's still in your wallet
  • Learn the steps to take to protect your credit cards

How did the thief get my credit card number and security code?

Being a journalist, I took matters into my own hands and investigated in hopes of better understanding what happened so that I could avoid being a victim in the future. After talking with several experts, I learned that most card numbers are stolen through three methods:

  • Data breaches - According to the Privacy Rights Clearinghouse, over 600 million records have been stolen since 2005. If a company or website that has your credit card information has a data breach, then it is likely that your credit card number can fall into the wrong hands. Neal O'Farrell, founder of the Identity Theft Council, said that data breaches are the most common way for a hacker to get your credit card number. While some data breaches make national news, some are actually never discovered by the company or the consumers. "In data breaches, it has nothing to do with what the credit card user did, but that another organization or business with access to their credit card number did not protect it properly," O'Farrell says.
  • Keyloggers - Another common way that a thief can get your credit card number is by installing a key logger on your computer without your knowledge and record every keystroke you make, including credit card numbers and security codes. George Waller, executive vice president and co-founder of StrikeForce Technologies, says that phishing, where you click on a link sent you in an email or visiting a website that has been infected with a key logger are the most common ways to get a keylogger installed.
  • Card skimmers - Your number can also be stolen by an illegal device that copies your credit card number, which thieves then either use for their own purposes or sell the number to others. Card skimmers can be implanted in readers, such as at gas stations and ATMs, or an employee can run your card through a skimmer when you hand it for payment.

How can you prevent this from happening to you?

Unfortunately, I learned that there is no fail-safe way to prevent your card number from being stolen, especially since hackers are becoming more creative each day. "It's a very easy crime to commit, but it's very difficult to retrace and identify exactly where it happened. Because of that it is very hard to prevent this type of theft," says O'Farrell. However, there are three things you can do to reduce your chances of being a victim:

  1. Check your credit card usage online between billing cycles. Make a habit of logging onto your account once a week to verify that you have made all of your charges. Thieves will often charge very small items, such as the Farmville credits in my case, to test the card. Contact your bank immediately if you notice any suspicious activity.
  2. Protect against keyloggers. While most people think that antivirus software will protect against keyloggers, most antivirus software is defenseless against malware. "Since it is almost impossible to stop keyloggers from being installed, we have found that the best strategy is protecting your data by installing keystroke encryption technology," Waller says.
  3. Check for card skimmers. While it can be hard to spot a compromised card reader, get in the habit of checking for anything that looks unusual before inserting your card. "Examine any insertion points to make sure that anything is sticking out further," says Sherry. Familiarize yourself with photos of compromised card readers to help you be on the lookout.

Hopefully by using the common sense strategies that the experts recommend, I won't find myself in the position again. But I have to say that I am still amused by my thieves' choices of purchases. I guess he or she must really like Farmville.

Featured Partner Cards