Navigating Card Fraud: My Recent Experience and Lessons Learned

In the past couple of weeks, I experienced a frustrating issue that many might find all too familiar—unauthorized charges on my credit cards. This isn’t just a simple case of oversight; it’s raised some significant concerns about online security and data theft. Here’s my story, and I hope it provides some insights for anyone who might find themselves in a similar situation.

The First Incident: A Surprising Charge

Approximately two weeks ago, I noticed an unauthorized charge of $2 from Amazon on my card. Leading up to this charge, I had made several legitimate purchases: filling up my gas tank, shopping at Walmart, and ordering items online from reputable platforms. Initially, I assumed this was the result of a card skimmer at the gas station, so I took swift action by canceling my card and requesting a new one, thinking it was a minor inconvenience.

A New Card, Another Unauthorized Purchase

Fast forward to last Friday—I received my new card in the mail. I used it sparingly, making only four transactions: two online purchases from respected websites, a visit to my hairstylist, and filling up at a gas station that was noticeably farther away from my previous one.

However, this morning, I woke up to discover another unauthorized transaction—a $15 charge on my new card from Amazon. What struck me was that the only common factor between both incidents was my account with Steam, the popular digital distribution platform for video games. Given that I utilize tap-to-pay for my in-person transactions, I began to question the possibility of card skimming and lean towards the idea that my data had been compromised online.

The Theory of Keylogging

Understanding how my information was stolen posed quite the conundrum. My preliminary suspicion is keylogging. I trust the Steam platform; it’s a well-established company and I use their app directly for purchases, mitigating the risks of using untrustworthy websites.

Additionally, my Steam account is fortified with a robust two-factor authentication system, requiring a code from an authentication app and a verification through the mobile Steam app for every login attempt. Given this triple-layer of security, it’s perplexing that someone could bypass it. I received no alerts of unauthorized access on any of my accounts, which raises even more questions.

Another comforting fact is that I do not store my card information in apps or wallets like Microsoft Wallet, making it difficult for data to be extracted without direct entry.