Financial details have become a prized commodity to parts of the criminal underworld.  Despite ever more elaborate attempts to protect this data by banks there are still occasions when they can be stolen and used to take away money from bank accounts.

Debit card details are a valuable target for hackers and cybercriminals who can use them to make fraudulent purchases online or over the phone. This type of debit card fraud is known as card-not-present fraud, and it accounts for 91% of all fraud on Australian cards. In 2020-2021, card-not-present fraud increased by 7%, costing Australians $421.8 million. (Source: AusPayNet)

How your data gets hacked

Hackers can obtain your debit card details in many ways, including:

Database breach
A hacker may infiltrate a website or database that stores card information and steal millions of records at once. For example, in 2022, a stolen credit card marketplace on the dark web called BidenCash released a dataset containing the information of more than 1.2 million credit and debit cards. (Source: Cyble)

Skimming
A hacker attaches a device to an ATM or a point-of-sale terminal that reads and copies the card’s magnetic stripe data. The hacker can then create a counterfeit card or use the data online.

Phishing
A hacker send an email or a text message that looks like it comes from a legitimate source, such as a bank or a retailer, and then ask the recipient to provide their card details or click on a malicious link that installs malware on their device. The malware can then capture the card details when the user enters them on a website or an app.

Social engineering
A hacker or scammer will call or message a cardholder and pretend to be someone they trust, such as a bank employee or a friend, and then trick them into revealing their card details or personal information that can be used to access their account.

If you start to notice suspicious activity on your account, then you should put a block on your card straight away, and call your bank. Depending on the circumstances, you may be able to get your money back if you act quickly and follow your bank’s procedures.

One of the measures that banks have invested in is an alert for when the data is hacked.  These alerts are often triggered and so the bank quickly knows when the data has been compromised.

Another method for alerting banks to the risk of card details being leaked is transaction monitoring.  This is looking for when a transaction is either wildly out of character or is suspicious in its own terms (for example when there are a number of transactions for high value easily transferable items).  These use a number of systems of fuzzy logic to set an alert to the bank.

The bank will then call the card user to check certain transactions.  If the transactions are legitimate then no further action will be taken.  If the transactions are not legitimate then the transactions will be cancelled out and the card replaced.

Replacement cards are one of the weapons that debit card issuers use in the fight against card fraud.  It may seem to be a rather puzzling weapon, but it is one of the most effective.  By replacing a card it means that the old card details have been voided.  It also means that if the card is used in the future then it is far more likely to be by the fraudster and so the transactions can be more easily traced.

Frequent card replacements are another thing that has been done more commonly recently.  By replacing cards frequently, card issuers in effect take cloned and stolen cards out of the hands of people who have been using them fraudulently.

If these cards are replaced then a number of things need to be done.  The first is to activate the new card.  The old card needs to be destroyed (it has already been cancelled).  Any regular payments that were made on the old debit card need to be transferred to the new debit card.

If there are unauthorised transactions that are carried out on a debit card, most card processors operate a zero liability guarantee.  This means that these transactions are not debited from a card holders account if the card holder did not contribute to the transaction and tells the card issuer in sufficient time.

Tips to avoid being hacked

Here are some tips to help you protect your debit card details from being hacked.

1. Keep your card and PIN safe at all times.
2. Be careful when shopping online. Look for the padlock symbol and “https” in the address bar
3. Don’t use banking apps over public Wi-Fi, such as libraries or shopping centres.
4. Don’t click emails asking for payment. Always go directly to the site.
5. Activate your banks security features such as SMS notifications or 2 factor authentication.

By following these tips, you can minimise the chances of your debit card details being hacked and enjoy a safer shopping experience.