this post was submitted on 22 Jul 2023

4 points (100.0% liked)

Technology

59201 readers

2913 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS

How do I prevent hackers from stealing my debit card information? (lemmy.world)

submitted 1 year ago by Snowman44@lemmy.world to c/technology@lemmy.world

26 comments fedilink hide all child comments

My wife and I keep getting our debit cards stolen online. We notice the charges and are able to dispute them and cancel our cards, but it sure is annoying.

We don't put our card information on suspicious websites. They're on well known websites like amazon and Facebook.

We ran out emails through a data breach checker and it found nothing.

I don't think there's any malware on our devices.

Any idea what could be happening and how to prevent it?

all 27 comments

sorted by: hot top controversial new old

[–] LedgeDrop@lemm.ee 3 points 1 year ago (1 children)

As others have mentioned use a credit card instead of debit.

But if you need/want to use a debit card, then take a look at services like Revolut or Wise (non-referal links included).

Both provide you with debit cards that you can enable/disable instantly within their app. Revolut gives you "virtual cards" which can be used for online subscription, so you can create a dedicated virtual card for each subscription (minimizing the impact if/when one of your cards is leaked). Revolut also has "one time use cards", so a new debit card number for a single purchase. In practice, more and more vendors are disallowing "one time use cards", but you can create a similar effect with the virtual cards.

Both platforms also allow you to set up dedicated (monthly) spending limits on either the physical or virtual cards. So you can limit your exposure that way too.

[–] JakenVeina@lemm.ee 1 points 1 year ago

On top of just being a good idea in general, this could help OP figure out how their cards are getting stolen. Use a unique card number for each different service, and you can tell which service is compromised, either in your use of it, or in the service itself.

[–] CriticalMiss@lemmy.world 1 points 1 year ago (2 children)

Something tells me you’re keylogged if you keep cancelling, ordering new ones and getting pwned within days of the new card arriving. Format your computers. Use more open source tools whose code you can audit. Firefox instead of Chrome, no sketchy extensions like Honey and cash back stuff. If you pirate stuff, try to do it from verified sources.

[–] Snowman44@lemmy.world 1 points 1 year ago (1 children)

It happens within months, not days. I don't use honey and I don't pirate. I use both chrome and Firefox, but maybe I should stick to Firefox.

[–] _wintermute@lemmy.world 2 points 1 year ago (1 children)

Don't save your cards in browsers anywhere.

[–] generalEdo@lemmy.world 1 points 1 year ago

I cannot agree with this more. It maybe a PITA to have to enter each time but the peace of mind is worth it. Also, if you use a password Manger, which you you should be, do not keep the cars stored in there either.

[–] db2@lemmy.one 1 points 1 year ago (1 children)

whose code you can audit

More like whose code is audited by someone or someones you choose to trust. Let's be honest here, average Joe isn't auditing shit.

[–] gendulf@lemmy.world 1 points 1 year ago

You mean you don't read the billions of lines of code contained in all of the open source apps that you use? Shame, shame... :)

[–] RedditWanderer@lemmy.world 1 points 1 year ago

A shop you both go to has a machine with a fake overlay swiping your info. You can find online how to spot those. I doubt it's happening online.

[–] OpenStars@kbin.social 1 points 1 year ago

For one thing, stop using debit cards on the internet. Credit cards do not take the money out of your account first, thus offering you an additional layer of protection, and many like Discover in the USA are known for offering $0 liability for unauthorized purchases. They can be more of a hassle to use like they may call your mobile number to check on a suspicious purchase, but at this point it seems you want that level of paranoia. Don't miss a rent (or any important) payment bc you have nothing left in your debit account to work with! (Even if it is added back quickly, will it be handled quickly enough?)

[–] MdRuckus@lemmy.world 1 points 1 year ago

You said you use your credit card on Facebook and you're not sure why it's getting stolen .....🙄🤔

[–] randomguy2323@lemmy.kevitprojects.com 1 points 1 year ago (1 children)

Most likely a device that you own is infected. Have you completely delete and reset all your devices?

[–] Snowman44@lemmy.world 0 points 1 year ago (2 children)

Running a virus scan wouldn't be enough? I'd rather not factory reset everything.

[–] EdibleFriend@lemmy.world 2 points 1 year ago (1 children)

how do I fix this?

probably like this.

No :(

[–] RagingNerdoholic@lemmy.ca 0 points 1 year ago (1 children)

To be fair, factory resets are a huge pain in the ass. Might as well try other things before busting out the nuclear option.

[–] nous@programming.dev 1 points 1 year ago (1 children)

Once you suspect a device is infected the only good option is the nuclear option. Anything else will not be guaranteed to 100% remove it, or really, anywhere near close to that, or even detect everything wrong in the first place or after attempted removal. And with a month long period between attacks that is a long time to wait and see to see if any other option might work.

[–] Saikopat@sh.itjust.works 0 points 1 year ago* (last edited 1 year ago)

No, it won't. If you value that situation enough to post here, you should also listen to the advices you're given.

If you have an antivirus running and you're still being pwnd, a scan won't change anything.

Format everything, computers, phones, everything with an Internet connection really. Yes, it's a pain, but also yes, it's necessary.

Do it

[–] digger@latte.isnot.coffee 0 points 1 year ago (1 children)

Have you used these cards in public? Your information could have been picked up by card skimmer.

At least where I live, it's very common to hand payment cards over to wait staff at restaurants. I had my card information compromised during a visit to Boston several years ago.

[–] Snowman44@lemmy.world 0 points 1 year ago (2 children)

Our last card was stolen by someone in great Britain. We're in the USA. I don't think they're being stolen by someone locally unless our information is being sold on the dark web.

[–] topinambour_rex@lemmy.world 1 points 1 year ago

The card thief won't use it, they will sell them to someone else. Which will certainly sell it to another person.

[–] brygphilomena@lemmy.world 1 points 1 year ago

Credit card numbers go for something as low as a few bucks a number. I think last time I was rolling around the dark net markets they were $4.

It's quick and easy to steal. They collect a bunch and sell them and the other people take the risk of using them.

[–] demesisx@infosec.pub -1 points 1 year ago (1 children)

A lot of other good comments here but I would also recommend not swiping your card at ANY machine. I had my debit card # lifted several times before I finally decided to only use something secure like ApplePay (at the gas pump particularly). Apple Pay changes the card number every single time it’s used. So, it can at least pinpoint the exact moment it was stolen if it somehow did give up your info. I’ve never had to worry about my card number getting stolen since I made that change.

[–] Snowman44@lemmy.world 0 points 1 year ago (1 children)

I don't have apple pay, but I do use Google pay whenever I can.

[–] MeatSweat@sh.itjust.works 0 points 1 year ago (1 children)

Google Pay will do the same thing so you should be good there. It's called credit card tokenization.

[–] orca@orcas.enjoying.yachts -1 points 1 year ago

I use Privacy for everything. I can easily cancel and dispute cards and not have to go through the new card song and dance.