Discovering that your credit card information has been stolen is alarming, but acting quickly can limit the damage. Credit card fraud is one of the most common forms of identity theft, and the steps you take in the first 24 hours make a significant difference in your financial recovery. Here is exactly what to do — and in what order.
Step 1: Contact Your Card Issuer Immediately
The moment you notice unauthorized charges or suspect your card information has been compromised, call your card issuer. Use the phone number on the back of your card or on your most recent statement — do not use a number from a text or email, as it could be part of the scam.
When you call:
- Report the fraudulent charges — Identify every transaction you did not authorize.
- Request the card be frozen or canceled — The issuer will block the current card number and issue a new one.
- Ask about provisional credits — Most issuers will temporarily credit your account for disputed charges while they investigate.
- Note the case number — Document the reference number for your fraud report.
Your Liability Is Limited by Law
Under the Fair Credit Billing Act, your liability for unauthorized credit card charges is capped at $50 — and most major card issuers (Visa, Mastercard, American Express, Discover) offer zero liability policies, meaning you will not owe anything for fraudulent charges. The key is to report the fraud promptly. For debit cards, liability rules are less favorable — report within 2 business days for $50 max liability, or within 60 days for up to $500.
Step 2: Review Recent Statements and Transactions
After reporting the obvious fraudulent charges, carefully review your last 60–90 days of statements. Thieves often start with small test transactions before making larger purchases. Look for:
- Small charges under $5 (test transactions)
- Purchases from unfamiliar merchants or in locations you have not visited
- Recurring subscriptions or charges you did not sign up for
- Cash advances you did not request
Report any additional unauthorized charges to your card issuer as you find them.
Step 3: Change Your Passwords
If your credit card information was stolen through a data breach or a compromised online account, the attackers may also have your login credentials. Immediately change passwords for:
- Your online banking and credit card account portals
- Email accounts (especially the one linked to your financial accounts)
- Shopping sites where your card was stored (Amazon, Target, Walmart, etc.)
- Payment services (PayPal, Venmo, Apple Pay, Google Pay)
Use strong, unique passwords for each account and enable two-factor authentication everywhere it is available.
Step 4: Place a Fraud Alert on Your Credit Reports
A fraud alert tells creditors to take extra steps to verify your identity before opening new accounts in your name. Contact any one of the three major credit bureaus — they are required to notify the other two:
- Equifax: equifax.com/personal/credit-report-services/credit-fraud-alerts
- Experian: experian.com/fraud
- TransUnion: transunion.com/fraud-alerts
An initial fraud alert lasts one year and is free. If you file an identity theft report at IdentityTheft.gov, you can place an extended fraud alert that lasts seven years.
Step 5: Consider a Credit Freeze
A credit freeze is stronger than a fraud alert. It blocks creditors from accessing your credit report entirely, making it nearly impossible for someone to open new accounts in your name. Freezes are free to place and lift at all three bureaus.
The downside: you will need to temporarily lift the freeze when you legitimately apply for credit, a new apartment, or certain services. But for most people, the protection is worth the minor inconvenience.
Freeze vs. Fraud Alert: Which Should You Choose?
If your credit card number was stolen but no new accounts have been opened, a fraud alert is usually sufficient. If your Social Security number, date of birth, or other identity documents were also compromised, freeze your credit immediately — this is a sign of broader identity theft that requires stronger protection.
Step 6: File a Report at IdentityTheft.gov
The FTC's IdentityTheft.gov is the federal government's central resource for identity theft victims. Filing a report creates a personalized recovery plan and generates an official identity theft report that you can use to:
- Place extended fraud alerts (7 years)
- Dispute fraudulent accounts with creditors
- Request that fraudulent information be removed from your credit reports
- Support a police report
Step 7: File a Police Report
While law enforcement may not investigate every case of credit card fraud, a police report creates an official record that can be useful for disputing fraudulent charges, dealing with creditors, and supporting insurance claims. Bring your IdentityTheft.gov report and documentation of the fraudulent charges to your local police department.
Step 8: Monitor Your Accounts Going Forward
Credit card fraud can be a sign of a larger breach. In the weeks and months after the incident:
- Review credit reports: You are entitled to free weekly credit reports from all three bureaus at AnnualCreditReport.com. Check for new accounts, inquiries, or changes you did not authorize.
- Watch bank statements: Continue reviewing all financial statements carefully for at least 6–12 months.
- Monitor your email: Look for password reset notifications, account confirmation emails, or messages from unfamiliar services that might indicate new accounts being opened in your name.
- Set up transaction alerts: Most banks and credit card issuers let you set up real-time notifications for every transaction. Enable these so you catch unauthorized charges immediately.
How Credit Card Information Gets Stolen
Understanding how thieves get your information can help you prevent future incidents:
- Data breaches: Companies you do business with get hacked, and your card data is exposed. This is the most common source.
- Skimmers: Physical devices attached to ATMs, gas pumps, or point-of-sale terminals that capture your card data when you swipe or insert.
- Phishing: Fraudulent emails, texts, or websites that trick you into entering your card information.
- Dark web markets: Stolen card data is bought and sold in bulk on underground marketplaces.
- Malware: Software that records your keystrokes or captures payment information from your browser.
- Unsecured websites: Entering card information on websites that do not use HTTPS encryption.
Preventing Future Credit Card Fraud
- Use virtual card numbers: Many card issuers and services like Privacy.com generate disposable card numbers for online purchases.
- Enable transaction alerts: Get notified of every charge in real time.
- Use mobile wallets: Apple Pay, Google Pay, and Samsung Pay use tokenized card numbers, so your actual card number is never shared with merchants.
- Avoid storing cards on websites: Enter your card information manually rather than saving it in online accounts.
- Use tap-to-pay: Contactless payments are more secure than swiping or inserting because they use one-time transaction codes.
- Monitor the dark web: Stolen credit card data often surfaces on dark web markets before it is used. Dark web monitoring services can alert you when your information appears.
Remove Your Data From the Source
Credit card fraud often starts with data brokers. Scammers use data broker sites to find your full name, address, phone number, and email — then use this information to socially engineer access to your accounts or craft targeted phishing attacks. Removing your data from broker sites reduces the information available to criminals.
How PrivacyOn Helps
PrivacyOn attacks the root cause of many fraud schemes by removing your personal information from over 100 data broker sites. When your name, address, phone number, and email are not easily searchable online, it becomes much harder for criminals to target you. Our dark web monitoring continuously scans underground marketplaces and breach databases for your personal and financial information, alerting you the moment your data appears.
Plans start at $8.33/month with coverage for up to 5 family members, giving your entire household proactive protection against identity theft and credit card fraud.