The term cloning might bring to mind biological experiments or science fiction, but credit card cloning is a problem that affects consumers in everyday life. Credit card cloning refers to creating a fraudulent copy of a credit card. It happens when a crook steals your credit card information, then uses the information to create a fake card.
“Cloning is bad news, both in science fiction and in credit cards,” says Howard Dvorkin, chairman of Debt.com and a personal finance author.
How Does Credit Card Cloning Work?
There are two major steps in credit card cloning: obtaining credit card information, then creating a fake card that can be used for purchases.
Stealing credit card information. Thieves steal your credit card data: your name, along with the credit card number and expiration date. Often, thieves use skimming or shimming to obtain this information.
Skimming frequently happens at gas pumps or ATMs. But it also can occur when you hand your card over for payment, especially if it leaves your sight. For instance, a shady waiter skims your credit card data with a handheld device.
In a typical skimming scam, a crook attaches a device to a card reader and electronically copies, or skims, data from the magnetic strip on the back of a credit card.
Similarly, shimming steals information from chip-enabled credit cards. According to credit bureau Experian, shimming works by inserting a thin device known as a shim into a slot on a card reader that accepts chip-enabled cards. The shim, equipped with a microchip and flash storage, then copies data from your credit card. Although that information can’t be used to clone another chip-enabled card, it can create a magnetic-strip version of the card, Experian says.
Creating a cloned credit card. Crooks use stolen data to clone credit cards and make fraudulent purchases with the counterfeit version. Armed with data from your credit card, they use credit card cloning machines to make new cards, with some thieves making hundreds of cards at a time.
Not to be stopped when asked for identification, some credit card thieves put their own names (or names from a fake ID) on the new, fake cards so their ID and the name on the card will match.
Any cards that don’t work are typically discarded as thieves move on to try the next one. Cloned cards may not work for very long. Card issuer fraud departments or cardholders may quickly catch on to the fraudulent activity and deactivate the card.
[Read: Cash Back Credit Cards.]
How Big of a Problem Is Credit Card Cloning?
No matter how cards are cloned, the production and use of cloned credit cards remains a concern for U.S. consumers — but it’s a problem that’s on the decline.
In 2018, Visa reported that financial losses related to counterfeit fraud (referring to the use of cloned cards) had dropped 46 percent at all U.S. merchants in March 2018 compared with September 2015, and by 75 percent at U.S. merchants using chip-enabled payment technology. Chip-enabled card readers are designed to combat the use of cloned cards for in-person, point-of-sale transactions.
These losses occur when counterfeit cards are “cashed out.” Cashing out involves, for instance, using a bogus card to buy merchandise — which then is normally sold to someone else — or to withdraw cash from an ATM.
[Read: Travel Rewards Credit Cards.]
How to Reduce Your Risk of Credit Card Cloning
To head off the risk and hassle of dealing with a cloned credit card, you should be aware of ways to protect yourself from skimming and shimming.
Look out for skimmers and shimmers. Before inserting your card into a gas pump, ATM or card reader, keep your eyes peeled for visible damage, loose equipment or other possible signs that a skimmer or shimmer may have been installed, says Trevor Buxton, certified fraud manager and fraud awareness manager at PNC Bank.
If you’re paying with a card at a gas pump, the Federal Trade Commission suggests looking for security seals that have been broken. This could signal that a skimmer or shimmer has been installed. Also, you should pull on the card reader to see whether it’s loose, which can indicate the pump has been tampered with.
Use a chip-enabled card. Chip cards also are known as EMV (Europay, Mastercard and Visa) cards. With chip cards, you insert the chip into a reader rather than swiping the card’s magnetic strip.
The chip — a small, metallic square on the front of the card — stores the same basic data as the magnetic strip on the back of the card. Each time a chip card is used, the chip generates a one-of-a-kind transaction code that can be used only one time. Every chip card contains a magnetic strip so that you can still make purchases at merchants that haven’t yet installed chip-reading equipment.
Buxton suggests paying by swiping a card only when no other options are available.
Purchase with a mobile payment app. Mobile payment apps enable you to pay electronically with a mobile device, rather than with a physical card.
Why are mobile payment apps safer than physical cards? Because the data transmitted in a digital transaction is “tokenized,” meaning it’s heavily encrypted and less prone to fraud.
Pay with cash. Making purchases with cold, hard cash avoids hassles that might arise when you pay with a credit card.
“Cash can’t be cloned,” Debt.com’s Dvorkin says.
[Read: Balance Transfer Credit Cards.]
Monitor your credit card activity. When checking your credit card activity online or on paper, see whether you find any suspicious transactions. For instance, if your statement shows you made a $400 purchase at an IKEA store that’s 600 miles away, in an unfamiliar place, you should notify the card issuer right away so it can deactivate your credit card.
“I’ve had dozens of clients who spotted fraudulent charges without breaking a sweat, because they were rung up in cities they’ve never even visited,” Dvorkin says.
Aside from regularly scanning your credit card statements, you should set up text or email alerts to notify you about certain kinds of transactions — such as every time a purchase over an established amount pops up in your account.
If it turns out your credit card number was stolen and a cloned card was created with it, you’re not financially liable for any unauthorized activity under the federal Fair Credit Billing Act.
More from U.S. News