Debit card fraud is when someone uses your debit card without your permission to make purchases or withdraw money from your account.
A fraudster does not need to physically have your debit card to steal from you.
In this article, you will learn the different ways someone can use your debit card without having it.
Let’s get into it.
A fraudster can use your debit card even though they don’t physically have it in their possession. As long as they have the information on the card, they can use it to pay for things online.
Checkout pages only require that you enter the card details. If you enter these details correctly, it is assumed that you are the card owner and are physically holding it.
A debit card draws money from your bank account when you use it to pay for goods in-person or online, or withdraw money from an ATM.
Which means:
Your debit card is as good as cash. It debits or lets you spend the money you have in your bank account.
The only difference between your debit card and the bank notes you withdraw from your bank is that a debit card identifies you and has security features that help ensure that only you can use it.
These features are:
The CVV number is particularly crucial. It adds a second piece of information besides the card number one must enter to make a payment online using a debit card. This is known as two-factor authentication.
While a few websites do not require entering a CVV number, an overwhelming majority do.
CVV stands for Card Verification Value, but this terminology is not universal. That’s what Visa calls it.
Mastercard calls it CVC (card verification code), while Discover calls it CID (card identification code).
You will find the CVV number on the back of the debit card written in small print, which is intentional. It makes it harder for fraudsters to obtain the number without holding the card close to their eyes.
However, a few card networks have the CVV number on the front of the debit card.
It is essential to keep your CVV number confidential to protect your funds. Without it, a fraudster will find it hard to use your debit card without permission.
When you notice an unauthorised charge on your debit card, the question you ask is, how did someone use my debit card without the card?
They don’t need your physical debit card to fraudulently use it. This is called card-not-present fraud, which happens after the criminal steals your debit card’s details and use them to make purchases online.
With your debit card information, a criminal literally has a virtual version of your debit card. They can steal that card information in a number of ways:
If you lose your wallet, as well as the cash you may have been carrying, you must also worry about the debit cards you store there.
Those debit cards are as good as cash as long as the bank account they are connected to have positive balances.
The thief may be unable to withdraw money from the ATM with the stolen debit card as they would need your PIN. But they can easily use it to pay for goods online.
So, it is crucial that you keep your debit card safe and immediately notify your bank if you ever lose it. They can freeze it before the thief has had time to use it.
More sophisticated fraudsters can clone your card without your knowledge and use that copy to make unauthorised payments online. They use small machines that can read and collect data stored on a card’s magnetic strip.
The stolen data is then used to create a counterfeit copy of your debit card.
Pay attention to what the cashier does when you present your debit card at a store. Make sure they don’t swipe it through any other device that’s not the store’s POS machine.
Card skimmers are keeping up with technology too. They now use a technique called shimming to steal card data stored on chip cards. They can manipulate card readers to steal card information when a chip card is dipped into the reader.
This is a common and straightforward way of stealing debit card information.
When you enter your PIN at an ATM or POS terminal, the thief will watch over your shoulder from behind you and memorize your PIN as you enter it into the machine.
If they can successfully skim and clone the card, they can then make a copy of your card and use your PIN to make in-person payments or make ATM withdrawals from your account.
Phishing is when you receive an email or text message that looks like it's from your bank or credit card company but, its aim is to trick you into divulging confidential information.
The message will dangle an enticing limited-time offer and try to get you to click a link that leads you to a website where you can complete the purchase.
The link will take you to a fake website. If you enter your debit card information on a fake website, scammers will steal it and use it to make unauthorised payments online.
Malware is software designed to damage, disrupt, or enable unauthorised access to a computer system.
If you download a malicious app or visit a malicious website, your computer or phone may be infected with malware. This malware can steal your personal information, including your debit card information.
Some malware can install software on your computer that records what you type into your computer, including the payment information that you enter when paying for things online.
Known as a keylogger, this malware allows hackers to remotely monitor your computer activity and gain access to your confidential information.
Criminals can also use a technique called formjacking to steal debit card information. This is when they install malware on checkout forms on popular websites to steal payment information when unsuspecting customers pay on those sites.
Probably the hardest debit card fraud to prevent, friendly fraud is when a family member or someone you trust uses your debit card without your permission.
It is hard to prevent this type of fraud as this person may have easy access to your wallet, usually because you trust and are attached to them.
Besides manually reviewing your account statement, you may discover that someone has been using your debit card too late. Here are other ways you can tell your card number and CVV is being used without your knowledge:
If you notice that another Netflix account is being charged to your debit card, it could be a sign someone else has been using your card.
When you notice subscription charges for accounts you did not sign up for or purchases you did not make, notify your bank immediately.
The most devious fraudsters will take loans against your name if they obtain enough of your personal information.
They will set your debit card number up for automatic deductions to pay off the loan.
If a repayment instalment fails because the account is overdrawn, the lender may follow up with you directly, which alerts you to the fraud.
Thieves aren’t the most judicious spenders. If they can access to your debit card information, they will want to spend as much as they can from it while they can, knowing you will freeze the card if you notice the unauthorised payments.
You should regularly check your account balance to stop any unauthorised use of your debit card before it’s wiped clean.
If your bank allows it, set your account up for phone text notifications whenever a transaction is made on your card.
The best way to prevent debit card fraud is to secure your cards. If one cannot access the card or its data, they can’t steal from you.
Of course, with the number of online payments we make, this is easier said than done. Here’s what you can do to protect yourself from debit card fraud:
Always hide your PIN from view. Check behind you to ensure no one can see and memorize your card number, CVV, and PIN.
Never let the cashier take your card to the back office to swipe. They must swipe the card where you can see them.
It only takes a few seconds for a cunning scammer to swipe your card on a card skimming machine, so watch what cashiers do with your debit card.
If you are unsure whether an email or text message is legitimate, contact your bank or credit card company directly to verify.
Most computers and operating systems will tell you when an update is available. But if you usually use your device offline, it’s possible your software may get outdated and make your device vulnerable to malware attacks.
Always take the opportunity when prompted to update your operating system, web browser, and security software.
If you have not used your device for a while, check if updates are available before logging onto websites where you will need to enter confidential personal information.
A criminal will not need your card PIN to carry out card-not-present scams. But they will need it to pay for goods in person. So never disclose your PIN to anyone.
Most banks now have internet banking platforms where you can reset your PIN anytime. This lets you change your PIN when you suspect someone may have obtained your debit card.
Speaking of that:
It can be hard to tell that your debit card credentials have fallen into the wrong hands without manually checking your bank account statement.
Do this regularly to stop fraudulent card use before the account is drained out.
If you see any unauthorized transactions, report them to your bank or digital wallet provider immediately.
Before that, if you can, change your PIN or freeze the card itself. You should also file a police report.
Public Wifi networks are vulnerable to hackers who plant themselves on the network and intercept the information users share.
To be safe, avoid using public Wifi networks to access shopping and any other sites where you must enter confidential information.
Develop the habit of carrying only the debit cards you intend to use and leave the rest at home.
Make sure the cards you don’t carry on you are safely stored away, as people in your household can use them without your knowledge.
When you shop in person, use dip instead of swiping your card. Most debit cards now have a chip and magnetic strip that you can both use.
Chip cards are harder to clone than swipe cards at fuel stations, supermarkets, and other public spaces.
Hackers use malware surreptitiously installed on your computer and on websites you use to collect your card information. This software records your card information as you type it on your input device.
You can’t track the person who used your debit card. Your bank can’t help either, as shoppers aren’t required to present any identification before using a card online.
In Kenya, banks do not refund unauthorised transactions. Liability lies with the cardholder. That’s why they urge account holders to keep their cards safe and PINs confidential.
A fraudster can steal money from you with just your debit card number and CVV. In many cases, that’s all the information they need to enter at checkout to make payments online.
Any deduction from your bank account, whether a purchase or cash withdrawal, is money you lose.
In some cases, fraudsters use your card information to buy expensive items to resell for cash, while in others, they will buy gift cards that they also sell for cash, which are virtually impossible to track.
Yes, you can use a card without a PIN. You can make card-not-present payments online. There are also POS machines where you only need to tap your card to pay with it; you don’t need to enter a PIN.
You can lose your entire savings if your debit card falls into the wrong hands. With just your card number and CVV number, someone can use your card without permission to make online payments.
It’s, therefore, essential to safeguard your physical debit card at all times and ensure no one can access its information. However, with the rise in digital fraud, traditional debit cards may expose you to risks.
While IntaSend does not yet offer virtual debit cards, we provide secure payment options through our digital wallet. Our wallet allows you to make secure online payments, track your transactions, and fund your account via multiple channels, including M-Pesa.
Sign up for an IntaSend account to experience secure and reliable online payments that protect your funds while providing a convenient way to manage your transactions.