Consumers Fear Credit Card Fraud, Still Get Lazy About Security

By Janet Siroto. October 12, 2023 · 13 minute read

This content may include information about products, features, and/or services that SoFi does not provide and is intended to be educational in nature.

Consumers Fear Credit Card Fraud, Still Get Lazy About Security

Think for a moment about all the personal information floating around online: We chronicle our activities on Insta and TikTok, send payments to keep the lights and WiFi on, and order up a storm of gifts, groceries, and impulse buys with a few quick clicks.

Sure, our digital lives are fast and fun, but there’s a downside — you might say a dark side. Many of us have online habits that can leave us wide open to the growing ranks of hackers and scammers. Cybersecurity is becoming an increasingly common concern, and getting hacked — or just the fear of it — can be one more stressor in an already anxious world.

SoFi took on the topic with a survey of 1,000 U.S. adults who self-identified as credit card holders, conducted online in February 2023. It revealed some surprising statistics about who’s been hacked, how worried people are, and what steps they are (and aren’t) taking to avoid becoming a victim.

SoFi's survey result

Over Half of People Believe They’re Doomed to Be Hacked

With the average person spending more than 6.5 hours per day online, there’s a lot of sharing going on of ideas, feelings, funny memes… And highly personal data.

Perhaps you’ve made a flurry of purchases on social media or discussed embarrassing symptoms via text and then thought, Uh-oh, I hope that was secure.

You aren’t alone. According to SoFi’s survey, 59% of people believe their credit card information or personally identifiable information will be stolen at some point, if it hasn’t been already.

That means the majority of people who participated in our survey expect to be hacked or already have been. When you consider how the number of data breaches is rising, it makes sense. Cybercrime is projected to almost triple between 2022 and 2027. No wonder we’re worried!

Less Than Half of Respondents Say They Know How to Outsmart Hackers

Frankly, most of us don’t have a clue as to what is really involved when you fall victim to cyber crime. Less than half of respondents in SoFi’s study believe they understand the risks of credit card fraud and different types of identity theft very well. In fact, only 45% of respondents said they understand very well how to protect themselves from online crime.

Most Respondents Are Working Hard to Defend Their Data and Assets

No one wants their most personal info kicking around on the dark web. Nor does anyone relish checking their credit card bill and seeing that someone charged $600 worth of baby clothes to their account when they are most definitely not a parent.

Most popular online security measures

Here’s what SoFi’s research found about how people are playing defense. Check out how many people use these protective tactics to avoid becoming an identity theft or credit card fraud statistic:

•   82% of people check their credit reports regularly.

•   82% use multi-factor authentication, or MFA. (A good sign: Only 3% of people don’t have a clue what MFA is.)

•   63% avoid using public WiFi.

•   41% use a VPN, or virtual private network. That said, 8% don’t know what a VPN is.

•   61% use a password manager.

•   86% avoid sharing personal information online.

•   60% use a credit monitoring service.

More of Us Should Be Monitoring Our Credit

That last move, using a credit monitoring service, is an important one. It can make mobile banking safer and help protect other aspects of a person’s digital life.

Steve Tcherchian quote

“Credit monitoring and identity theft protection work. If you don’t have this in place, do it now. With the size of the last few mega breaches and the companies they have affected, assume your data is exposed and you’re at risk. Everyone is required to purchase insurance for their car and house. Why not have the same for your most critical asset: your identity?” —Steve Tcherchian, CISO and Chief Product Officer at XYPRO, a cybersecurity solutions company

In addition to using the tactics above, the SoFi survey respondents have also deployed these moves to protect themselves from credit card fraud and other cybercrimes:

•   Using strong passwords

•   Clearing browser cookies and cache frequently

•   Not sharing their location in browsers or apps

•   Checking their account activity frequently

Most people (90%) check their credit card statements at least once per month. 44% of people check their statements at least once a week.

More Than Half of Respondents Admit to Recycling Passwords

Most people have good intentions when it comes to protecting themselves from the bad guys trying to swipe their financial or personal data. But hello, we’re all human. And that can mean sometimes recycling passwords because it’s just too complicated to come up with a new one. Or logging onto WiFi at a cafe or in a hotel because those Taylor Swift tickets are about to go on sale and you cannot, cannot live without them.

Risky online behaviors

More Than 1/3 of Respondents Use Public WiFi Without a VPN

Here, the SoFi survey respondents admit to risky online behavior:

•   53% have used the same passwords for multiple accounts.

•   34% have used public WiFi without a VPN.

•   29% have stored credit card information in their browser.

•   27% have provided credit card info over the phone.

•   26% have stored confidential information on a cloud server, such as Google Drive or Dropbox.

•   20% have shared credit card information with others (either in person or not secured online).

•   18% have downloaded software from unsecure websites.

•   13% have left their phone or computer unattended in a public space.

•   11% have responded to emails from unknown senders that asked for personal information.

“When logging onto public WiFi that doesn’t require a password for access, know that hackers can track your internet activity and intercept passwords and other sensitive data that is exchanged. If you must use an unprotected public WiFi network, avoid entering your social media, email, or bank credentials while connected.” —Brandon King, founder of Home Security Heroes, an identity-security advisory service

Not everyone realizes the very real risks of playing fast and loose with their personal data. More warnings about the consequences of getting hacked or scammed could be a huge help.

“Education and awareness campaigns need to be implemented at all levels, including schools, workplaces, and public forums. Financial institutions can play a significant role in providing customer education on safeguarding personal information. And social media platforms can spread awareness and provide tips on preventing fraud and identity theft.” —Andrew Lokenauth, founder of Fluent in Finance, a financial education platform

With the right information, many people might avoid becoming an identity theft statistic.

14% of Respondents Are Using Their Birthday or Their Pet’s Name as Their Password

You don’t need to confess, but many people are guilty of using shockingly simple passwords. One like your first name plus the digits of your birthday. Or your phone number. Or even the dreaded password1234.

And, making matters even worse, lots of busy people reuse their passwords with abandon. It’s easy to understand why: You might be prompted to create an account when shopping online so you can unlock a discount or free shipping, so you fall back on your old favorite. Or perhaps you need to create a password to access info on your vet’s website, so of course your doggo’s name is an easy to remember password, right?

Dumb password moves

Whatever the reason, there’s no doubt that there are plenty of people who aren’t following password security best practices. Here are some of the missteps the SoFi survey revealed:

•   14% use passwords that include their pets’ names or birthdays

•   13% use passwords that include their childrens’ names or birthdays

•   11% use passwords that include their significant other’s name or birthday

•   10% use use passwords that relate to a band or song they like

•   7% use something easy to remember like “12345” or “password”

•   7% use something easy to type like “QWERTY”

On the flip side, 16% use auto-generated, secure passwords provided by a password manager. High-five to those folks!

No More Lame Passwords: Pro Advice

Brandon King quote

Some advice from experts on this super-important subject:

•   Buckle down and “use different passwords for each login or account. If you reuse passwords, hackers can access your accounts more easily” in the event of a security breach. “By using separate passwords for each account, you can rest easy knowing that even if one of your accounts is compromised, the rest will remain secure.” —Brandon King, Home Security Heroes

•   “Keep a close eye on credit card balances, and immediately report any discrepancies to the bank or credit card company” to minimize your liability. —Andrew Lokenauth, Fluent in Finance

•   “Don’t write down passwords!” —Monica Eaton, founder of Chargebacks911, a chargeback management company

And need we mention that writing your PIN on the back of your debit card is a real no-no?

44% experienced fraudulent

44% of Respondents Have Had Bogus Credit Card Charges

Sometimes, you get lucky, and your bank or credit card company pings you asking whether that’s really you trying to pay for a lavish dinner in SoHo, NYC, when you are actually sitting on your couch in Santa Cruz. Fraud protection can be a wonderful thing, but it doesn’t catch every scammer. Learn more about threats to credit card security:

Older Respondents Are More Than 2x As Likely to Endure Credit-Card Fraud

Here’s what SoFi survey participants told us about experiencing examples of credit card fraud in the form of unauthorized charges:

•   44% of people have experienced fraudulent charges on their credit cards.

◦   Nearly two-thirds of this group (63%) have experienced fraudulent charges more than once.

◦   For most people (84%), the unauthorized charges were less than $500.

◦   6% of people said their most recent fraudulent charge was $1,000 or more.

•   4% of respondents have experienced fraudulent charges five or more times.

•   53% of respondents ages 55 and older have experienced fraudulent charges on their credit cards, showing that older age seems to correlate with being scammed more often.

◦   Perhaps that’s why confidence in one’s credit card security seems to wane with age: 26% of those aged 55 or older said they had been or expected to be hacked, versus 10% of those aged 18 to 24.

•   Almost three-quarters (74%) of those who experienced fraudulent charges said their credit card company notified them of suspicious activity.

Who Knew? Where Scammers Shop

Curious about where credit card scammers go shopping? People who experienced fraudulent charges and knew where their stolen credit card numbers were used said the purchases were made in these types of environments:

•   Big box retailers and grocery stores like Walmart, Target, Sam’s Club, Costco, Whole

•   Foods

•   Online retailers like Amazon and eBay

•   Smaller ecommerce sites

•   Gas stations and convenience stores

Monica Eaton quote

How can you better protect yourself?

“Opt for the latest payment innovations. Contactless payments, for example, can protect you against credit card ‘shimming’ [in which scammers insert a thin device into the slot of card readers to steal your data], as can digital wallets like Apple Pay, which deploy tokenization technology just like an EMV [which stands for Europay, Mastercard, and Visa] chip card does.” —Monica Eaton, Chargebacks911

Ouch: 15% of Respondents Have Been Victims of Identity Theft

It’s a scary fact that identity theft is on the rise. It can be deeply upsetting to have someone steal your personal information and credentials and use them for nefarious purposes, opening accounts and making purchases that you would never dream of. It can be similarly troubling to have to unravel the damage done and reclaim what is rightfully yours.

34% of Victims Lost Money Due to Identity Theft

Personal impact of identity theft

Unfortunately, the SoFi survey revealed the following identify theft statistics:

•   15% of respondents have been victims of identity theft.

•   Most often, this group found out about identity theft because they noticed fraudulent charges on their bank statements (21%).

•   Other common ways people found out:

◦   12% said they were getting suspicious emails, calls, and text messages.

◦   12% said their tax return was incorrect or filed by someone else.

◦   12% said there were inaccuracies on their credit report.

◦   10% said they were unexpectedly denied credit.

•   The most common impacts that people described as a result of identity theft were:

◦   52% said it made them angry or frightened.

◦   36% had to set up new online accounts.

◦   34% lost money that was never recovered.

◦   26% said their social media accounts were hacked.

◦   25% reported that their credit scores were hurt.

•   More than half of all respondents (51%) said they know someone who has been a victim of identity theft.

Those who are concerned about the possibility of identity theft can subscribe to services designed to help protect one’s information and send alerts about any evidence of this kind of activity. It can help provide peace of mind as this kind of crime increases.

92% of Respondents Are Confident Companies Can Protect Their Data

Learning about all the risks of credit card and identity theft out there can be troubling and make a person feel as if they have a big bullseye on their back, tempting hackers to target them.

But of course, that’s not the case. Steps are being taken to protect consumers from identity and money scams and new techniques are emerging. Most people recognize that it’s not all doom and gloom out there.

Consumer confidence in corporate data protections

In general, people are cautiously optimistic about how well their information is and can be safeguarded.

•   92% of people are somewhat confident or very confident in companies’ abilities to protect their personal information.

•   8% of respondents said they’re not confident at all in companies’ abilities to protect their information

◦   However, people realize there is only so much that can be done to protect information. 69% of this group believe all systems are vulnerable to hacking, regardless of the security measures that are implemented.

◦   On the flip side, 25% of this group believe companies don’t spend enough resources on cybersecurity.

Yes, we all may be at risk, but by adopting smart strategies and partnering with top-notch, security-focused financial institutions and other businesses, we can minimize the odds of falling prey to cybercriminals.

The Takeaway

As SoFi’s survey reveals, credit card fraud and identity theft are growing concerns for Americans. But there are proven and emerging ways to stay ahead of the scammers. By doubling down on smart tactics and taking steps to safeguard your personal information, you can protect yourself from serious damage.

To learn more about options for protecting your credit cards and tips for managing your accounts, explore our credit card guide.


Third-Party Brand Mentions: No brands, products, or companies mentioned are affiliated with SoFi, nor do they endorse or sponsor this article. Third-party trademarks referenced herein are property of their respective owners.

Financial Tips & Strategies: The tips provided on this website are of a general nature and do not take into account your specific objectives, financial situation, and needs. You should always consider their appropriateness given your own circumstances.

TLS 1.2 Encrypted
Equal Housing Lender