My wife and I keep getting our debit cards stolen online. We notice the charges and are able to dispute them and cancel our cards, but it sure is annoying.
We don’t put our card information on suspicious websites. They’re on well known websites like amazon and Facebook.
We ran out emails through a data breach checker and it found nothing.
I don’t think there’s any malware on our devices.
Any idea what could be happening and how to prevent it?
A shop you both go to has a machine with a fake overlay swiping your info. You can find online how to spot those. I doubt it’s happening online.
For one thing, stop using debit cards on the internet. Credit cards do not take the money out of your account first, thus offering you an additional layer of protection, and many like Discover in the USA are known for offering $0 liability for unauthorized purchases. They can be more of a hassle to use like they may call your mobile number to check on a suspicious purchase, but at this point it seems you want that level of paranoia. Don’t miss a rent (or any important) payment bc you have nothing left in your debit account to work with! (Even if it is added back quickly, will it be handled quickly enough?)
As others have mentioned use a credit card instead of debit.
But if you need/want to use a debit card, then take a look at services like Revolut or Wise (non-referal links included).
Both provide you with debit cards that you can enable/disable instantly within their app. Revolut gives you “virtual cards” which can be used for online subscription, so you can create a dedicated virtual card for each subscription (minimizing the impact if/when one of your cards is leaked). Revolut also has “one time use cards”, so a new debit card number for a single purchase. In practice, more and more vendors are disallowing “one time use cards”, but you can create a similar effect with the virtual cards.
Both platforms also allow you to set up dedicated (monthly) spending limits on either the physical or virtual cards. So you can limit your exposure that way too.
You said you use your credit card on Facebook and you’re not sure why it’s getting stolen …🙄🤔
Something tells me you’re keylogged if you keep cancelling, ordering new ones and getting pwned within days of the new card arriving. Format your computers. Use more open source tools whose code you can audit. Firefox instead of Chrome, no sketchy extensions like Honey and cash back stuff. If you pirate stuff, try to do it from verified sources.
It happens within months, not days. I don’t use honey and I don’t pirate. I use both chrome and Firefox, but maybe I should stick to Firefox.
Don’t save your cards in browsers anywhere.
I cannot agree with this more. It maybe a PITA to have to enter each time but the peace of mind is worth it. Also, if you use a password Manger, which you you should be, do not keep the cars stored in there either.
A lot of other good comments here but I would also recommend not swiping your card at ANY machine. I had my debit card # lifted several times before I finally decided to only use something secure like ApplePay (at the gas pump particularly). Apple Pay changes the card number every single time it’s used. So, it can at least pinpoint the exact moment it was stolen if it somehow did give up your info. I’ve never had to worry about my card number getting stolen since I made that change.
I don’t have apple pay, but I do use Google pay whenever I can.
Google Pay will do the same thing so you should be good there. It’s called credit card tokenization.
And it’s even better than you described. The one time token isn’t a new card number, it’s not a card number at all. It’s basically Apple saying “yep this is legit” to the other computer, and then the two banking systems do their money transfer on the back end.
Even if someone could intercept it and decrypt it, it would be completely useless because that’s just not a thing.
Pretty sure Google does basically the same thing. Never used it though.
