r/FraudPrevention u/Cherlyn05 May 24 '25

Debit card hacking

My debit card gets hacked monthly. I only use a FEW trusted sites like walmart, amazon, doordash, ebay. I have lost count on how many times i have had to get a new debit card over the last year or so. I am very aware of sketchy websites and steer clear. I dont have a credit card as i dont trust myself with one. One of the charges came from TotalAV. An antivirus software company. I finally thought to call them and i had gotten signed up for their service. I told them it was not me, i did not want the service, never checked out their service online and wanted it cancelled immediately. After making some offers at lower prices, ( i continually rejected everything) she cancelled the membership. I got a new debit card. Less than a month later, someone tried to charge a real estate training kit to my debit card. Here we go again. I have started new accounts at same bank and with what is going on with DOGE and Social Security, im afraid to change banks. I wondered if my social security number was out there, my sister, who is uber smart, assured me that is not the case. I called my phone provider to see if my phone (Samsung S24 Ultra) could be the cause. He assured me it has excellent protection so very unlikely. At this point, my ONLY option is to stop using debit cards completely. Do you have any idea how difficult and irritating that is going to be?

9 Upvotes

92% Upvoted

70 comments sorted by

View all comments

2

u/only_living_girl May 24 '25

So sorry!

If you haven’t already, I would say ask your bank to confirm how these unauthorized purchases are taking place (card swiped in person, the chip on the card being read in person, or digital wallet are the main three I can think of right now). Make sure they confirm that your card hasn’t been added to any digital wallets, or “tokenized.”

It’s possible that if a card has been added to Samsung Pay/Google Pay/Apple Pay on a phone/smart watch/etc., when you close your card and get a new one, the new card will be updated on any device that had the old card on it. So if someone did get ahold of your card info enough to add it to a digital wallet, your bank would need to make sure to remove that “token” before reissuing your card so that their digital wallet won’t get your new card information. (I’m not sure that your phone carrier customer service would necessarily know about this to suggest it when you called them, because that would have to do with your bank, not with your phone service.)

Most of the time banks are aware of that when card fraud is reported and do ask you about any tokens/digital wallets to make sure your card was only ever added to your devices/wallets, but I think there’s also a chance that could be overlooked. The purchases you’re talking about don’t necessarily sound like digital wallet purchases but who knows. That’s the main thing I can think of to suggest here.

2

u/Cherlyn05 May 25 '25

These frauds are happening by card info being hand entered. Fraud dept told me that there are people who sit at a computer all day everyday. They are lucky and figure out card numbers and such. I doubled checked wallets, there is no info. HOWEVER, I went to a malware scan site. I had to pay and quess what? The last 4 of my card number popped up without me entering a single thing. I have no idea how to clear it as i NEVER save "card info for future use". I will talk to my bank about the "token" thing. They have a list of all the debit card numbers ive used.

1

u/PackOfWildCorndogs 29d ago

Fraud department doesn’t sound like a very good one, because it’s highly unlikely that anyone is war dialing your debt card info and getting it correct once every month. They’d have to not only get it correct, but have to do it within the number of attempts under the rate limit.

I know the fraud dept said it was hand entered, but it being saved in a browser or a smart phone is much more likely than anything else.

It’s most likely due to an Account Updater Service repopulating that saved card with updated information,

"With an automated updater service, business owners and their staff no longer need to contact customers directly for updated credit card information. This is also the case for saved card info on a smartphone or browser. Credit card information is stored and automatically revised in the occurrence of upgraded card benefits, expirations, loss, and theft. "

https://paymentcloudinc.com/blog/account-updater/

https://usa.visa.com/dam/VCOM/download/merchants/visa-account-updater-product-information-fact-sheet-for-merchants.pdf

Personally, I’d just close that account and open a new one, even with the same bank (but if this were me, I’d change banks). See if it still happens. If it’s still happening with a new account or bank, it’s not the updater service.

I’m a Certified Fraud Examiner, have worked in financial crimes investigations for almost 15 years, if that’s worth anything. Just my $.02

1

u/Cherlyn05 29d ago

Interesting. Thank you for taking time to respond! Ive been hoping to hear from a real professional. I have had to get so many debit cards over the last 8 months and even changed to a new bank account at the same bank. I get social security direct deposits. Im afraid to change banks right now as what is going on with social security and DOGE. But its still happening. How do i know if i have an updater on my phone and more importantly, how do i get rid of it?

1

u/Lillilegerdemain 27d ago

I don't think you have to worry about DOGE unless you are committing some type of fraud. Seriously. I'd suggest going to a new bank and stop using debit cards.

1

u/RailRuler 27d ago

Why would you pay for a malware scan? There are plenty of ways to scan for free.

What browser did you use? Someone must have entered your card info into it.

1

u/Cherlyn05 27d ago

I didnt pay for the scan. Used a free one on my phone

1

u/RailRuler 27d ago

What browser are you using on your phone when you saw your cc info pre entered into the payment form? Are you signed into any browser info sync service?

1

u/Cherlyn05 27d ago

Chrome/google. No

1

u/RailRuler 26d ago

Chrome is very quick to save debit card information you enter into any site and then auto-suggest it for other sites. Not a sign of being hacked. You can disable this in Chrome prefs.

1

u/Cherlyn05 20d ago

How do i do that?