My wife and I keep getting our debit cards stolen online. We notice the charges and are able to dispute them and cancel our cards, but it sure is annoying.

We don’t put our card information on suspicious websites. They’re on well known websites like amazon and Facebook.

We ran out emails through a data breach checker and it found nothing.

I don’t think there’s any malware on our devices.

Any idea what could be happening and how to prevent it?

  • demesisx@infosec.pub
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    A lot of other good comments here but I would also recommend not swiping your card at ANY machine. I had my debit card # lifted several times before I finally decided to only use something secure like ApplePay (at the gas pump particularly). Apple Pay changes the card number every single time it’s used. So, it can at least pinpoint the exact moment it was stolen if it somehow did give up your info. I’ve never had to worry about my card number getting stolen since I made that change.

        • AbstractLinguist@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          And it’s even better than you described. The one time token isn’t a new card number, it’s not a card number at all. It’s basically Apple saying “yep this is legit” to the other computer, and then the two banking systems do their money transfer on the back end.

          Even if someone could intercept it and decrypt it, it would be completely useless because that’s just not a thing.

          Pretty sure Google does basically the same thing. Never used it though.