Financial Fraud Protection: Simple Tips to Secure Your Money

Many of us have heard horror stories about the consequences of identity theft and various types of fraud. You may have even experienced it or watched a loved one go through it. And we’ve also heard about how criminals are exploiting new technologies. But even though the technology is fancier, most of the ways they try to snare you haven’t changed. Which means that just a few small steps can go a long way towards protecting you from identity theft and financial fraud.

See 5 Alerts to Prevent Identity Theft with Paige Hanson for a complete transcript of the Easy Prey podcast episode.

Paige Hanson is a cyber safety expert who has spent nearly twenty years educating consumers, law enforcement, and victim advocates on identity theft and digital safety issues. She is a Certified Identity Theft Risk Management Specialist and co-founder and Head of Communications and Partnerships at SecureLabs, a company helping businesses with HIPAA and regulatory compliance. In addition, she is an advisory board member for Resources and Outreach to Safeguard the Elderly (ROSE).

Paige’s career in identity theft and financial fraud protection started with an internship at the identity theft company that became LifeLock. Paige always had an interest in both public speaking and helping people. And LifeLock needed someone who could do communications and marketing. When Paige started, identity theft was happening, but nobody was talking about it. At the beginning, the messaging was awareness-focused. From there, it became helping people become less vulnerable. Even with technology evolving over the past twenty years, scams and vulnerabilities are mostly the same. There are so many simple things you can do to stay safer.

Just with simple tips, there are so many little things you can do [to protect yourself].

Paige Hanson

Dealing with Identity Theft and Financial Fraud

One of the most challenging parts of being the victim of identity theft or financial fraud is that the systems assume you are “guilty” and you are responsible for proving yourself innocent. Have you ever noticed that when you pay your credit card bill online, there’s often a box you have to check saying you confirm these purchases are yours? Many people don’t think about it. If a criminal put some fraudulent charges on your credit card and you check that box to pay your bill, you’re essentially claiming that those fraudulent charges are yours. That makes it harder to dispute.

As an identity theft victim, you’re guilty and you have to prove yourself innocent.

Paige Hanson

If you are a victim of financial fraud, you’re often damned if you do and damned if you don’t. Not paying debts that are in your name, even if they are fraudulent, will damage your credit score. (Your score can be fixed after the fraud is dealt with, but it’s even more work.) But if you pay for those debts, in the eyes of the system you are claiming that they are definitely your debts and they are valid. It makes it so much harder to get fraudulent debts removed.

Important Steps for Victims to Take

If your identity has been stolen, the FTC has a great program that provides identity theft affidavits. You explain exactly what happened, and you get an official legal document (the affidavit) that establishes that you were a victim of identity theft. In some larger metropolitan areas, law enforcement also has the option to file an identity theft police report and get official police documentation that you were a victim.

Having one of these forms of official legal documentation is extremely helpful in dealing with identity theft and financial fraud. A lot of lenders and institutions need some sort of official documentation of your claim in order to investigate and remove fraudulent charges. By getting either the affidavit or the police report, the process will be much easier.

Another best practice is to avoid paying for things that aren’t yours. Get that affidavit or police report. Then contact the lender or institution and tell them that wasn’t you. You may not like the answer you get. Often the answer is, “We’ll look into it,” and you just have to wait while your credit score takes the hit. There are forms you can file with the credit bureaus to fix that later. But in most cases, it will take some time.

Steps to Protect Yourself From Financial Fraud

Even though technology is changing rapidly, fraudsters’ goals are always the same. They just want your money, however they can get it. Whether it’s a scam, identity theft, or some other type of financial fraud, their methods haven’t changed much because their goal hasn’t changed at all.

The positive side of that is that you don’t need a ton of high-tech tools or to spend thousands of dollars on safety products to protect yourself from these criminals. A few simple precautions will help protect you from the vast majority of fraud attempts. And none of them are unreasonably complicated. In fact, many of these actions can be done without getting online at all.

Always Check Your Credit Card Statements

If you have your accounts set up to automatically pay your credit card bill, that’s great. Automatic payments can be extremely useful, especially with everything else you have to deal with. But don’t just set it and forget it. At some point before the payment automatically comes out of your account, set a reminder to go check your statement. Paige does this a week before her automatic payment goes through. You want to make sure every single charge is actually yours.

Financial institutions give you up to sixty days to report financial fraud. But if you’ve already paid the bill, it’s much trickier. It might take longer for them to investigate and longer for you to get your money back.

Checking your credit card bills is a great way to catch fraud. And don’t ignore small charges, either. A lot of credit card scammers start with a small test charge, between $6 and $25. Many people wouldn’t see a $12 charge at Amazon and think it was suspicious. They might assume that their spouse did it, or maybe it was their auto-ship refill. But by assuming it was a legitimate charge and not investigating and disputing, the scammer now knows they have a card that works. Then they start charging more expensive items. By verifying every single transaction on your statement and disputing any you don’t recognize, even small ones, you can save yourself a huge headache later.

Turn On Credit Card Alerts

Almost all cards these days offer some kind of alerts. They’re there for your convenience – use them! You can set your own notification frequency, what kind of notifications you want, and whatever threshold you feel most comfortable with. Paige has a threshold notification where she gets a text any time more than $100 is charged to any of her cards. But you can set that limit to $1, $10, $1,000, or whatever you feel most comfortable with.

Paige’s notifications have caught financial fraud before – including fraud that her bank didn’t pick up on because it was close enough to her usual activity. These alerts are an extremely valuable free safety feature, and everyone should use them. Log onto your institution’s website, and the option is usually in the security settings, but sometimes in the notification settings. Explore how you can be notified and use it.

Don’t Click Links

Every time you get one of those credit card alerts, there’s a handy link to check the account. This also happens in emails and other messaging formats – if you just click the link, they say, you can go directly to your account and review it easily. We naturally assume that the link is good and we can safely click it to check on whatever the text or email is about.

But scammers know this too, and they frequently send scam texts and emails that look like they’re from a bank, credit card, store, or other legitimate institution. These fake emails also include a link to “your account.” But the link goes to a fake website that steals your login information. If you log in through the fake link, the scammer can now access your account.

Never click the link in a message. Instead, close the message or email, open the app on your phone or website in your browser, and check it that way. It is slightly more inconvenient, but it’s much safer. Get out of the habit of clicking links and into the habit of opening apps or browsers and getting there yourself.

Keep Your Accounts Secure

Paige would call herself a very secure-minded person. She’s aware of security and prefers security to convenience. But financial fraud can happen to anyone. A while ago she got a threshold notification from her credit card – she had been charged a few hundred dollars from Groupon. Then she got a notification from Groupon confirming the purchase.

She logged into Groupon and found that someone had purchased a PlayStation bundle. Since it was such a new order, she was able to cancel it. But in this case, it wasn’t actually financial fraud. Instead, it was account fraud. Someone had gotten into her account, and since her payment information was saved, they were able to charge her card.

Saving your payment information just makes it easier for fraudsters if they get into that account.

Paige Hanson

Securing accounts that can access your money or payment information is an important step to protect yourself from financial fraud. Paige recommends these four ways to keep your accounts secure:

1. Never reuse passwords. There are so many data breaches that if you reuse passwords, they’ll eventually be exposed. That’s likely how this scammer got into her Groupon account.
2. Set up two-factor authentication. Whether you get the additional code from an app or texted to your phone, it will protect your account even if someone does get your password.
3. Consider not saving payment information. It’s convenient to save your payment information, and Paige does it on some accounts. But saved payment info also makes it easier for any criminals who get in.
4. Communicate with anyone else who uses the account. Paige knew the Groupon charge wasn’t from her husband because they discuss big purchases first. Make sure all account users are communicating about charges so you can quickly identify fraud.

Be Safe About ATMs

Most fraudsters aren’t technological geniuses. In fact, many of them are committing low-level crimes with technology they just bought off the internet. One of those pieces of technology is skimmers; small devices that can go on top of or inside a card reader to steal the card’s information. ATMs are a common target for financial fraud through card skimming. So if you’re going to use an ATM, take steps to be safe.

Fraudsters [may] not be as technical as maybe they used to, but they’re still able to commit this … low-level crime.

Paige Hanson

The safest way to do it is to avoid the ATM altogether and talk to someone at a branch location. But that’s not always possible. Your second-best choice is an ATM located inside a bank branch. Banks have cameras to spot anything weird, and they are checked often. Active ATMs are always better because that means someone is going to have to come by frequently to put more money in it, which means they’ll spot a skimmer much faster.

Avoid standalone ATMs that don’t have any bank affiliation. Not a lot of people realize that there are third-party ATM companies. ATMs at festivals, in hotels, and in gas stations are likely to be these third-party ATMs. They are supposed to follow certain security standards, but sometimes they don’t. They are also not checked very frequently, so are less likely to find a skimmer before it steals your information. (And in addition, it’s a business, and they make money with extreme transaction fees, so it’s probably smarter to avoid them from a financial standpoint as well as a fraud standpoint.)

Credit Cards are Better than Debit Cards

You can protect yourself from some of the damaging consequences of financial fraud by using credit cards instead of debit cards. You have sixty days to report fraud on either type of card. But if fraud happens, consider the difference between the two scenarios.

If someone commits fraud on your credit card, you report it to the company, they investigate, and they reverse the charge. You aren’t liable for anything and you haven’t paid anything out of pocket. It may damage your credit score if the investigation takes a long time, but that can be managed by reporting it to the credit bureaus.

If someone commits fraud on your debit card, you report it to your bank, they investigate, and they refund the charge. But that money has come directly out of your account. If the fraudster had enough time, they could completely clean out your account, and even any accounts linked to it. You now have no money available while the bank investigates. If it takes a while, you may start falling behind on your bills or your rent.

Ideally, you could put everything on a credit card. But some people manage money better with a debit card, not a credit card. In that case, you do have the option to run the card as credit instead of debit. In the fraud scenario, the money is still coming out of your account. But you don’t risk exposing your PIN.

Payment Methods and Financial Fraud

Paige has heard some people say that financial fraud isn’t as much of a risk anymore because chip cards are more secure. And that is true. Chip cards are an encrypted transaction, and that has cut down on fraud. But chip cards still have that magnetic stripe (magstripe) on the back, and that contains all the card’s static information, like the number and expiration date. Magstripes can easily be duplicated with a skimmer. And a scammer wouldn’t necessarily have to duplicate the card, either. Online transactions can be done with just the card’s numbers.

In the United States, both the chip and the magstripe can be used for purchases. This is not true in some other countries, which only accept the chip. Paige has seen people cut or punch out the chip because they don’t want to use it. She has also seen people cut the magstripe so the card can’t be swiped.

Skimmers get data from the magstripe alone. Whether they clone the card or just use the information, that’s enough to use it in most cases. Chips can be skimmed too, but it’s much harder to unencrypt the chip data and then re-encrypt it on a new card. It does occasionally happen, but much more often skimmers want to swipe your magstripe.

RFID Skimming

Chip cards are a technological development that has in some ways made it harder for criminals to commit financial fraud. But RFID is a development that’s made it easier. Cards with RFID are called “proximity cards” or “prox cards,” and they have a little wifi logo on them. If your card has a tap-to-pay feature where you can just wave or tap it in front of the machine instead of inserting the chip or swiping the magstripe, your card has RFID.

In busier areas, there’s a form of skimming called RFID bumping. Scammers put a skimmer-like device with an amplifier in their backpack or pocket, then walk around bumping into people. If you have a card with RFID, this will automatically skim your information from your card.

This is why Paige recommends that any card with RFID be put in a foil-lined sleeve. A lot of licenses and passports have RFID, so you’ll see a lot of travel-related RFID shields. You can buy big packs of RFID-blocking shields online for very cheap. But you can also just make your own sleeve out of tin foil. It doesn’t have to be fancy. This will both make you more secure, and it’s not very inconvenient. It’s easy to slip your card out of a sleeve to use it and then put it right back without disrupting your entire routine.

Prevent Financial Fraud with Mobile Payment

Using a mobile device or smartwatch for payment is going to be the safest, most secure way to pay. If the merchant is breached, it’s not going to expose your card number or information because the merchant never had it in the first place. And wherever you can use a credit card, you can generally use mobile payments through your phone or watch. Paige frequently uses her watch to pay, and she feels so futuristic every time.

As a bonus, watches and phones are typically not at risk of RFID bumping. Activating the RFID for payment usually requires some interaction with the device. For Paige, her watch has to be unlocked, and then she has to double-tap the screen and put it against the reader. On her phone, she has to unlock it with her face, fingerprint, or password, activate it, then put it against the reader. It’s really hard to get a stranger in public to go through all those steps to skim their RFID information.

If you are going to rely on mobile payments, though, it’s important to keep your operating system up to date. Most risks to mobile payments come through vulnerabilities in the software itself. By installing updates, you’ll make sure that those vulnerabilities are fixed and scammers don’t have a way in.

You Don’t Have to Learn It the Hard Way

There is something to be said for the value of experiencing things firsthand. But when it comes to experiences with potentially devastating consequences, like identity theft and financial fraud, it’s much better to learn our lessons before we have to have those experiences. When Paige first started educating people about these issues, people kept telling her, “Oh, that will never happen to me.” But if it doesn’t, you’re incredibly lucky. And chances are good that it will happen (or already has happened) to someone you know.

A lot of protection from financial fraud is about the choices you’re making – how you’re using your phone, the security settings on your device, what form of payment you’re using, etc. Part of staying safe is assessing your risk and your family’s risk. Many people miss that step of understanding where they’re vulnerable. When it comes to the choice of convenience versus security, it’s important to know where your vulnerabilities are so you can make the best choice for your situation.

Most of the steps you can take to protect yourself from financial fraud are “low-hanging fruit.” They’re not expensive, they’re not complicated, and they’re not time-consuming. They don’t require setting up proxy servers, hiring a personal cyber-bodyguard, or swearing off all technology forever. Just small, easy tweaks in what you do every day can make you that much safer. In the end, it’s about simple actions and awareness. If you know to be on the lookout, you’ll be able to spot anything tricky or weird much faster.

You can connect with Paige Hanson on LinkedIn. She would love to talk tech with anyone interested. You can also learn more about her current company, SecureLabs, at securelabs.ai.