How you can save yourself from this happening to you
Reports are surfacing that even after a person cancels their credit card, cybercrooks can still steal from their accountifthecard issuer uses a security feature called "automatic updates" --a featuremost all major credit card issuersuse in some form.
If you get a replacement card because of a fraudulent charge, the feature allows any recurring charges to the old card to be transferred to the new card so that there is no interruption in service.
But, thieves can get their hot little hands on these card numbers. How?The same way they always do: mostly through the Dark Web -- card numbers that have been previously acquired throughphishing, skimming devices, or breaches.
It's a game that's even caught payment processing pros flatfooted. "As a consumer I have never heard [of] this previously. I'm even in the payment space for the last 10 years and never knew about this," saidRay Zak, CEO ofSimplepay.
If someone in the credit card space wasn't aware, you can bet most consumers aren't, either.
You're asking, 'but how?'
You're asking -- how cana thief reuse an old card that has been replaced? It's true thatwhen a credit card is canceled and replaced, the old card is deactivated and cannot be used for new transactions. However, the danger lies in that automatic update feature, which transfers the new card information to merchants where the old card details were stored.
All they're doing is runningthese credentials through various merchants, hoping that a charge will be approved.
The thief gets away Scot-free
Benzingas Alison Plaut says that consumers have found extra charges on their credit card statements from names they know and trust like Hulu, Xbox, or Uber.
But because people tend to quickly look over their credit card statements, they might miss those charges orthink that someone in the family is using the service and charging it to their card (e.g., a child with an Xbox subscription). And if not detected and reported,those seemingly innocent charges can keep rolling in.
You're correct in thinking that if your credit card statement shows a charge from "Hulu," the money would indeed go to Hulu. But, that's where the thief outsmarts everyone.
The thief doesn't directly receive the money from such a transaction. Instead, they benefit indirectly through various schemes like reselling access to the consumer's Hulu account on the Dark Web, using the service themselves, or providing it to others in exchange for money which they turn around and buy things legitimately.
How to get out of this mess
Plaut says that the biggest issue with this game is that the consumer has no easy way out.She noted that there was one consumer who thought they could outwit these thieves by askingBank of America to send them a new credit card every few months for years to prevent fraudulent Uber charges. But the automatic updates meant that the fraud continued.
There are two things you can do if this happens. One is to dispute the charge and block that company from ever charging your credit card.However, that can be a hassle. If you have several credit cards, you can always switch the billing to another one, but that will last only until another thief comes along and tries to pull off the same trick.
The other way is to opt-out of the automatic update feature. If you want to do that, hereare the general steps:
Identify the service: Determine whether your card issuer participates in Visa Account Updater (VAU) or Mastercard Automatic Billing Updater (ABU). You can usually find this information on your issuer's website or by contacting their customer service.
Contact your issuer: Turn over your credit card and find the customer service number. Then, either call them or go to their website to find out how to opt out of the specific service. Some issuers make life easy with online forms, but youll have to search for those.
Do everything they tell you to do: At this juncture, you need to pay close attention. Follow the instructions your card issuer suggests. They know where the potholes are and bypassing one might be the one a scammer can still crawl through.
Verify, verify, verify: After opting out, call your card issuer again and just confirm that the automatic updates have been disabled for your card.
But, remember this one little thing
Opting out of automatic updates may screw things up a little if there are recurring charges in the pipeline, resulting in declined transactions.
To avoid that hassle, make sure you update your card information manually (not over the phone) with any company you have recurring payments with. And get a screenshot of that, too, because you might need proof if something goes wrong.
Photo Credit: Consumer Affairs News Department Images
Posted: 2024-07-16 19:20:29
