Privacy Virtual Cards
Spending Limits

Set a spending limit and Privacy will decline any transactions that go over the limit

Merchant-Locked Cards

Lock Privacy Cards to the first merchant they’re used at to prevent misuse if stolen

Single-Use Cards

Create Privacy Cards that close automatically after the first purchase is made on them

Pause/Close Cards

Pause or close your Privacy Cards at any time to block future transaction attempts

Sign Up For Privacy Now

How To Protect My Credit Card From Being Scanned—A Guide to Credit Card Safety

Ashley Ferraro, Product
May 9, 2024
 Min Read
Protect Your Payments With Virtual Cards

With about 82% of U.S. adults owning credit cards in 2022, credit card fraud has drawn the attention of many cybercriminals. According to the 2023 Credit Card Fraud Report, 65% of credit card holdersabout 151 million Americans—have been fraud victims at some point. Among the methods the fraudsters commonly use are credit card scanning, skimming, and shimming.

In this article, we’ll explore how fraudsters can scan your credit cards, access your logins, and complete unauthorized purchases. We'll also answer the following questions:

  • What is credit card scanning? 
  • What is the difference between credit card scanning, skimming, and shimming?
  • What happens when my credit card gets scanned or skimmed?
  • How to protect my credit card from being scanned?

What Is Credit Card Scanning?

To understand how credit card scanning works, you should know the structure of a typical credit card. At the most basic level, a credit card is a piece of plastic that contains the card's information and a way of transmitting it. 

Some information is printed on the card so that you can read it. Not long ago, most payment cards had a magnetic stripe that held your sensitive data, which could be decoded by a card reader. While some cards still have the stripe, most cards today have chips that also hold the information but transmit it in a safer way—they tokenize the data for each transaction, so your credentials aren't transmitted directly. 

An image of a VISA credit card on a white background
Source: Towfiqu barbhuiya

Some cards can also use Radio Frequency Identification (RFID) technology to communicate with the reader. This technology allows you to pay without swiping your card or inserting it into a reader. For this to work, the card must be extremely close to the reader because it relies on the reader's electromagnetic field for power. 

While banks often encrypt the data on their credit cards' chips and deploy several measures to prevent breaches, hackers keep devising new ways to access cardholders' data, such as scanning, skimming, and shimming.

Credit Card Scanning vs. Skimming and Shimming

An image of a person inserting a credit card into an ATM booth
Source: Peggy_Marco

Credit card scanning, skimming, and shimming are often used interchangeably, but the three techniques have some notable differences: 

Credit Card Scanning Credit Card Skimming  Credit Card Shimming
  • It exploits vulnerabilities in RFID chips using hacker-owned card readers.

  • Cybercriminals can attempt to steal victims' card details by getting close enough to activate the RFID chips.

  • It leverages weaknesses in legitimate payment terminals.

  • Cybercriminals install illicit card readers—known as skimmers—on valid payment devices like ATMs, cash registers, or gas pumps to record victims' credentials from the card's magnetic stripe as they swipe.

  • Like skimming, this method relies on flaws in payment terminals.

  • Cybercriminals install shimming devices on or in ATMs, POS terminals, or other card-reading payment devices to record the victim's information from the card's chip.

  • It's not uncommon for attackers to also try to get their victims' PINs by installing a camera or a keypad overlay. 

While all three illegal activities involve stealing card credentials to complete fraudulent transactions, credit card skimming and shimming are more sophisticated than scanning. They require finding locations with gaps in surveillance coverage and involve complicated methods of device installation. 

The Rise of E-Skimming

While you may not be using magnetic stripes and chips for online shopping, hackers have found ways to "scan" your card details even online, and it's called e-skimming. 

E-skimming involves inserting a credential-stealing code into a popular e-commerce website. If the fraudsters succeed at doing so, they will gain access to all the information you provide to the store at checkout.

What Happens When My Credit Card Gets Scanned?

An illustration of a person holding a large credit card towards another person holding a webpage
Source: Mohamed_hassan

Once a fraudster has accessed your credit card details, they can use this information to:

  • Commit card-not-present frauds—This type of fraud involves using stolen credit card information to complete fraudulent online or in-store purchases.
  • Steal your identity—Cybercriminals can also use your credit card details to create false accounts or apply for online loans.
  • Create duplicate cards—Sometimes, hackers can copy your account details onto counterfeit credit cards for in-store purchases.
  • Sell it—There are markets for illicit goods and services on the Dark Web, and many of them sell stolen credit card information. 

There are some consumer protections designed to make it easier for victims to recover—the Fair Credit Billing Act (FCBA) being the most notable. The Act limits your liability in case of credit card fraud to $50. Many card issuers have $0 liability policies, too, meaning that you're not liable at all if your card details get stolen. However, you will likely suffer from some disruption in your daily life, especially if the fraudster's activities damage your credit score and you don't catch it on time. 

For these reasons, you should notify your card issuer as soon as you notice something wrong with your card. Waiting for too long can make resolving the issue a lot more difficult and time-consuming.  

How To Protect Credit Cards From Being Scanned

The first step in protecting your credit card from being scanned is to know there's a possibility of such fraud. You can employ several strategies to make scanning your card less likely to happen:

  • Buying an RFID wallet or a card sleeve to block RFID transmissions from cybercriminals' card readers
  • Using payment terminals with adequate security monitoring, preferably those in public view or close to cashiers and bank tellers
  • Paying inside or in the view of a cashier if you're unsure about the security of a payment terminal
  • Leaving your card at home and carrying cash when visiting crowded areas or tourist attraction sites
  • Activating transaction alerts to spot and flag unauthorized account activity as early as possible
An illustration of a man in a black jumpsuit emerging out of a laptop monitor, holding a cash bag on his back with one hand and pointing at credit cards with the other
Source: Mohamed_hassan

How To Protect Your Credit Cards From Skimming and Shimming

A great way to protect your credit card from skimmers and shimmers is to look for signs of tampering. Credit card skimmers and shimmers are generally difficult to spot. However, with a bit of extra caution, you can notice the following five signs:

  1. Convex card readers—When hackers place skimmers over readers, they often create a convex shape (curve outwards).
  2. Damaged card readers—Check if the device is loose or damaged or if any part is misaligned or out of place.
  3. ATM keypads with moving edges—Try to wiggle the machine's keypad to check if it has moving parts or if the numbers feel thick and hard to press.
  4. Different terminal shape or look—Does it feel different from the terminals you regularly use? If anything feels odd, do not insert your credit card.
  5. Damaged gas pump security seals—Gas pumps often have stickers on the dispensers to show they've not been opened or compromised. If the sticker is torn or missing, it may not be a good idea to use that pump.

Regarding e-skimming, you can protect your sensitive information by using virtual cards to mask your account information during online purchases. If you opt for independent card providers such as Privacy, you'll also benefit from additional security and convenience features.

Introducing Privacy Virtual Cards—Shop Online With Confidence

While the general perception may be that credit cards offer better protection against fraud due to their liability rules, debit cards also have consumer protection rules. A perfect example is the Electronic Funds Transfer Act (EFTA), which limits consumer liability to $50 for unauthorized payments reported within 48 hours. 

Using debit cards also allows you to take your protection a step higher by connecting them to Privacy Cards. Privacy Virtual Cards mask your actual account details at checkout by replacing your card details with randomly generated card numbers, reducing the chances of hackers obtaining your payment card information.

Privacy is BBB®-accredited and uses multiple security measures to safeguard user data, such as:

  • Complying with Payment Card Industry Data Security Standard (PCI-DSS)
  • Integrating with 1Password to enable users to manage strong, unique passwords
  • Using private single-tenant data storage networks to eliminate the risk of shared databases
  • Placing data storage networks in three separate locations to prevent a possible attack on all of them at once

Types of Privacy Virtual Cards

Privacy users can create either Single-Use or Merchant-Locked Cards:

Card Type How it Works Potential Use Cases
Single-Use Cards It closes shortly after used on the first transaction. If cyber attackers hack it, they can't make any purchases with it.
  • One-time payments

  • When you're uncertain about a merchant's security

Merchant-Locked Cards It's "locked" to the first merchant where you use it. Scammers can't use it to fund purchases elsewhere.
  • Merchants you frequently shop with

  • Online subscriptions

Both card types allow users to set spending limits and pause and close cards at any time to reduce the risk of unauthorized payments—all without affecting the funding source. 

You can also manage your cards on the go via Android and iOS apps and install the Privacy Browser Extension, which is available for Safari, Chrome, Safari for iOS, Firefox, and Edge. The extension allows you to autofill card info at checkout, so you don't have to memorize card details when shopping online. 

How To Apply for Your Privacy Cards

Privacy allows its users to create virtual cards in four simple steps:

  1. Sign up
  2. Enter the details needed to verify your identity
  3. Add a funding source (bank account or debit card)
  4. Request Privacy Virtual Cards

Privacy offers three plans with access to different features:

Plan Features
Personal—free for domestic purchases
  • 12 free virtual cards per month

  • Both card types

  • Pausing and closing card features

  • The ability to set spending limits

Pro—$10 Per Month
  • 36 new virtual cards per month

  • 1% cashback on specific purchases (totaling up to $4,500/month)

  • Priority support

  • No foreign transaction fees

  • Ability to mask transaction information on your bank statement

  • All the features in the Personal plan

Premium—$25 Per Month
  • 60 new virtual cards per month

  • All the features in the Pro plan

Privacy Virtual Cards are accessible to U.S. residents over 18 years old with checking accounts at a U.S. bank or credit union. You can use it at most merchants and websites that accept U.S. Visa® and Mastercard®.

Privacy — Seamless & Secure Online Card Payments
Sign Up