Finder is committed to editorial independence. While we receive compensation when you click links to partners, they do not influence our opinions or reviews. Learn how we make money.

How can hackers steal your credit card information?

Watch out for phishing and keybloggers.

Updated

Young woman reading

After your card number and personal information, a CVV is one of your last lines of defense against fraud. Given that credit card fraud in the US is currently on the rise, it’s important to understand how hackers can get this number and the tips you can follow to keep your finances intact.

How did someone get my credit card number?

There are two main ways hackers can get your card info, including your CVV number: phishing and using a web-based keylogger.

Phishing

Phishing is a form of online security theft where sensitive information is stolen, such as your credit card details. Phishing usually works through tricking a user into giving up their details.

How does phishing work?

Phishing tactics can range from simplistic scam attempts to more sophisticated website tampering. Examples include tricky links —URLs that look legitimate but direct you to the phisher’s website — DNS cache poisoning —which involves a phisher changing the DNS server information so that everyone who accesses the site is redirected to another site — and screen capture malware, which is used to record and report information to the phisher.

Have you ever received an email that looked like it might have been sent by your bank but had a few suspicious details or errors? Maybe the return email address wasn’t the official address you usually receive correspondence from or maybe there was a link to an unfamiliar website? It’s likely this was a phishing email sent to fool you into downloading malware or giving up your card information.

Keyloggers

A keylogger can be illegally installed on an online website so all of the data customers submit to the site is duplicated and forwarded to the attacker’s server. They do this by form grabbing: taking form data submitted by users, such as your name, address, credit card number and, of course, your CVV. The keylogger is designed to capture this data entered in the form field before it’s encrypted when you submit it to the site. Hackers often employ keyloggers in tandem alongside phishing attempts.

Did you know?

Most fraudsters don’t collate this information themselves. Instead, they purchase packages of cardholder data, including account names, full card numbers, expiration, CVV2 numbers and addresses.

How can I protect my CVV and personal information?

Even though online transactions are becoming more secure as technology develops, there are some simple steps and tips you should consider to reduce your chances of becoming a victim of online credit card fraud.

  • Use anti-virus software. Install anti-virus software and firewalls to protect your finances and other personal information when shopping or just browsing online.
  • Look for the signs. Whenever you receive an email, especially if it’s requesting any type of personal or financial information, look out for telltale signs such as generic greetings, threats to your account that call for immediate action, suspicious links and email addresses, and misspelling and poor grammar.
  • Check the site’s SSL certificate. SSL certificates are small data files that, when installed on a web browser, activate a padlock symbol and the https protocol which ensures secure connections from a web server to a browser. So, typically, if you see that padlock symbol, the site is safe.
  • Use services such as PayPal. If you don’t want to enter your credit card details, use secure services such as PayPal which don’t require you to enter your details when you’re making a purchase. Instead, you create a PayPal account, enter your details there and then all payments are made through your secure PayPal account.

Compare fraud protection credit cards

Name Product Filter values Rewards Purchase APR Annual fee
Chase Sapphire Preferred® Card
5x points on Lyft, 2x points on travel and dining and 1x points on all other purchases
15.99% to 22.99% variable
$95
Earn a huge signup bonus worth $$1,000 with this popular travel card. Combine with other Chase Ultimate Rewards cards for even greater value.
Chase Freedom Flex℠
5% back in rotating categories up to $1,500 combined each activated quarter (then 1%), 5% on travel purchased through Chase, 3% on dining and drugstores, and 1% on all other purchases
0% intro for the first 15 months (then 14.99% to 23.74% variable)
$0
Get up to 5% cashback in rotating and newly added everyday categories. The refreshed Freedom Flex card has lots of earning potential.
Chase Freedom Unlimited®
5% cash back on travel purchased through Chase, 5% on Lyft, 3% on dining and drugstores and 1.5% on all other purchases
0% intro for the first 15 months (then 14.99% to 23.74% variable)
$0
This solid 1.5% cashback card gets even better with the addition of up to 5% back in categories like travel, drug stores and dining.
American Express® Gold Card
3x points on directly-booked flights; 4x at restaurants; 4x at US supermarkets on up to $25,000 annually (then 1x points)
$250
Earn up to 4x points on select purchases, a bevy of travel perks, and a welcome offer worth up to $350 with this upper-mid tier travel card. Rates & fees
Chase Sapphire Reserve®
10x points on Lyft rides, 3x points on dining and travel after earning your $300 travel credit and 1x points on all other purchases
16.99% to 23.99% variable
$550
Get a generous $300 in annual travel credits, 3x points on travel and dining, and a 50% bonus on point redemptions with Chase's premier card.
loading

Compare up to 4 providers

Bottom line

Unfortunately, credit card scams are becoming more common in the US. Thankfully, credit card security is also improving alongside these thieves to help keep your information safe. Stay vigilant and follow these tips when online to avoid falling prey to a scam.

If you suspect that you’ve been the victim of a credit card scam or if you’ve identified fraudulent transactions on your account, contact your bank immediately. If you’d like to report a scam, you can inform the FTC (Federal Trade Commission) via its website.

Back to top

Frequently asked questions

Ask an Expert

You are about to post a question on finder.com:

  • Do not enter personal information (eg. surname, phone number, bank details) as your question will be made public
  • finder.com is a financial comparison and information service, not a bank or product provider
  • We cannot provide you with personal advice or recommendations
  • Your answer might already be waiting – check previous questions below to see if yours has already been asked

Finder.com provides guides and information on a range of products and services. Because our content is not financial advice, we suggest talking with a professional before you make any decision.

By submitting your comment or question, you agree to our Privacy and Cookies Policy and finder.com Terms of Use.

Questions and responses on finder.com are not provided, paid for or otherwise endorsed by any bank or brand. These banks and brands are not responsible for ensuring that comments are answered or accurate.
Go to site