This article is reprinted by permission from NerdWallet.
Last year, one of my family’s credit cards was used to rack up hundreds of dollars in bogus charges at Apple.com AAPL,
We ultimately got our money back, but repeated credit card fraud can be frustrating and disheartening. Dealing with the aftermath taught me to prize security over convenience, and to change some bad habits that made me an easier target.
The clock is ticking on credit card fraud
Under the Fair Credit Billing Act, consumers have 60 days after bogus charges show up on a statement to report them to the credit card issuer to avoid most liability, says attorney Amy Loftsgordon, legal editor at Nolo, a self-help legal site. (The law limits a consumer’s liability to $50 per series of unauthorized uses, but most issuers waive that, Loftsgordon says.)
So my heart sank when I realized that the fraud on our Apple.com account had started at least six months earlier.
I’d noticed that the Apple.com charges had been ticking up, but assumed my husband was buying more audiobooks and my daughter was downloading more games. I’d grouse at them occasionally, they would proclaim innocence and the charges would continue.
Finally, the thief went too far and charged over $300 in a single month. I contacted Apple and discovered our card had been used to purchase dating apps and virtual phone numbers, which were likely being used to scam other people. The electronic receipts for these purchases were sent to an email address I didn’t recognize.
Also read: These new credit cards promise no credit checks, fees, deposits or even interest rates. What’s the catch?
A new card didn’t stop the fraud
The kicker: The thief was using a credit card number that had already been reported as compromised. Normally, credit card issuers will deny new charges on a compromised number. But according to the card issuer, the thief started their crime spree during the few days that my replacement card was in the mail. Since we already made regular purchases at Apple.com, the card issuer assumed the charges using the old card were legit and allowed them to go through “as a courtesy” — month after month. (I was assured that this sequence of events “is extremely rare and hardly ever happens.”)
An Apple customer service representative deleted the most recent month’s charges and the issuer removed the rest — even those well past the 60-day mark.
Read: These online scams to steal your money will shock you
My takeaways: Sites where you make multiple purchases each month need to be monitored carefully for bogus transactions. Compare what your credit card statement says you’ve charged with your purchase history on the site. You may have to search online for how to find that history; Apple certainly doesn’t make it easy or intuitive to find your charges. And if you find fraud, report it — even if it’s beyond the 60-day deadline.
Learn more: 6 things to do if you’re a victim of credit card fraud
Make fraudsters work harder
It’s still not clear why my other card was repeatedly compromised. I’d no sooner get a replacement card than I would receive a text from the issuer asking about another suspicious transaction.
I removed the card from the browsers and websites where it had been stored. We may like the convenience of not having to type in our credit card numbers, but every place we store our cards is another place where they can be stolen, says security expert Avivah Litan, a distinguished vice president analyst with research firm Gartner Inc.
The mobile app for this card allowed me to see many of the places where my card was saved. But the list wasn’t complete. After the fourth hack, a phone rep said my card was stored at Airbnb ABNB,
At the issuer’s suggestion, I ran antivirus and anti-malware software (my devices were clean) and changed the passwords on my email accounts as well as my financial accounts, in case a thief had broken into those. I already had two-factor authentication, which requires a code and a password to sign in, on my financial and email accounts. I added it to my most-used retail sites as well.
Also on MarketWatch: ‘I don’t use cash’: I’m 70 and my home is paid off. I live off Social Security, and I use a credit card for all my spending. Is that risky?
I’ve also started using a mobile payment system wherever possible. These systems — which include Apple Pay, Google Pay GOOGL,
I don’t imagine all this will make me fraud-proof, because that’s impossible. I’m just trying to make the thieves work a little harder next time.
More From NerdWallet
Liz Weston, CFP® writes for NerdWallet. Email: firstname.lastname@example.org. Twitter: @lizweston.