Money Observer contributor Fiona Hamilton reveals the unnerving events that ensued after her credit card details were stolen, and how you can ensure this does not happen to you.

Discovering that someone has charged thousands of pounds worth of cash and goods to your credit card is scary. Apart from the fear that you will be held responsible for the debt, there is the nasty feeling that your privacy has been invaded and your identity could be used for other neferious purposes, such as securing a loan or claiming benefits.

In mid-January I made such a discovery. My Barclaycard was being used to draw up to £900 per day in cash and to purchase expensive items from Apple, HMV and Argos. I only discovered this because I wanted to inform Barclaycard that I was going to be using the credit card during my holidays in the Canary Islands.

Having had my card suspended a couple of times last year because Barclaycard was wrongly concerned that it was being used by an unauthorised person, I did not want the provider to jump to erroneous conclusions again.

Before being put through to an adviser I was informed by an automatically generated voice of the balance due on my account, which was several thousand pounds more than I expected. I was also told I could check ‘how and where’ I had been spending my money by registering online at barclaycard.co.uk. When I tried to do so I was persistently blocked and eventually told that my card was already registered and I must use a password, which I did not have.

Alarm bells began to ring so I contacted customer services, waited ages to be put through to an adviser in a call centre in India, and then had to prove my identity by answering questions about the recent expenditure on the card. This was difficult since someone else had been making most of the transactions, but I eventually ‘passed’ by identifying the veterinary practice where I had recently taken our spaniels.

The conversation that ensued was unnerving. The adviser told me there had been a string of £300 withdrawals from cashpoints hundreds of miles away from my home, plus purchases from stores in the same area. When I asked why Barclaycard had not queried these withdrawals because I never use credit cards to withdraw cash, he countered that I must have been responsible as my Pin had been used.

Matters got worse when he asked me to confirm my address so he could send me a copy of the transactions. It emerged that my card had been registered to a new address and telephone number. As a result my December statement had been sent to the fraudster, and had Barclaycard telephoned to query the unusual changes in my spending pattern, which it may well have done, whoever answered would have assured them that all was well.

At this point my adviser conceded that fraud might be involved, so I was transferred first to his supervisor and then to Barclaycard’s specialist fraud team. They agreed to stop my old card immediately, send me a new one with a new number, and also freeze any outstanding liabilities until it was clear which ones I had genuinely incurred. Reassuringly, they said I would not have to pay for money that was shown to have been stolen from my account. Less comfortingly, they said my experiences were increasingly common.

CIFAS, the UK’s fraud protection service, which has more than 265 member organisations spread across banking, credit cards, asset finance, retail credit, mail order, insurance, investment management, telecommunications, factoring and share dealing, recorded a 32 per cent increase in identity fraud in 2009. The internet was involved in more than 70 per cent of cases; the sharpest upturn was seen in the prevalence of bank account, mobile phone and mail order fraud.

The story that emerged in my case was that someone had secured my card number, my name and address, and presumably date of birth, and used it to register my Barclaycard online on 9 December. The fraudster then conducted some electronic communications. First ‘my’ address and telephone number were changed, a Pin reminder was requested to be sent to that new address and on 30 December the fraudster claimed the card had been damaged and requested a replacement. When it arrived the fraudster began running through my credit limit as quickly as possible.

Some of the details needed to commit this type of crime are available from electoral rolls, parish registers, and even the phone book, all of which are hard to block. But there are many other sources of information that you should do everything in your power to protect.

A lot of your personal documents, such as passports, driving licences, birth and marriage certificates, carry valuable information about you – including your date of birth and, in some cases, your mother’s maiden name. So keep them locked away where casual visitors, tradesmen or, worse still, burglars, cannot see them. If utility bills, bank statements, credit card statements and wage slips are not filed away discreetly they should be shredded or burned, as should any credit and debit card receipts.

If you move house make sure all mail is redirected until you are confident that all correspondents have updated your new address. If regular bills and statements do not reach you by post when you expect them to, you should be worried, not relieved.

CIFAS warns that criminals may have stolen them and can use the information they include to steal from you. They may even have arranged for some or all of your mail to be diverted.

Even more alarmingly, in some respects, CIFAS adds that friends and family may try to use information about you fraudulently on the assumption that you will not be held responsible.

Apparently benign internet sites, including fashion retailers and family tree searches, may pose questions that should be answered with considerable care. More obviously, phishing is used by criminals to obtain personal details so never respond to an online request from anyone for personal details and Pins. Recent scams have included bogus appeals for Haiti earthquake relief, which requested personal account details. Just as importantly, if you bank online or are sent financial documents be careful about where you store them.

Richard Hurley, communications manager at CIFAS, sums up the protective steps: ‘Not only must consumers dispose of physical details in a secure manner, but they should also ensure that sensitive electronic documents are kept separate from each other. Scanned documents and account details should not be kept on computer hard drives but backed up on disc, with full virus and email protection products in place.’

Get cards covered with CPP identity protection alert
To reduce the risk of identity theft, Barclaycard suggested I take out a policy with CPP Identity Protection Alert. This costs £69.99 per year through Barclaycard. It is available direct from CPP for £5.99 monthly, or on slightly different terms through other card providers.

The direct version offers cover of up to £60,000 against the cost of restoring your identity if you become a victim of identity theft, plus a confidential helpline with access to professionals who specialise in fraud, and the use of a member-only website with tips on how to prevent fraud.

CPP registers its policyholders with Experian and Garlik Data Patrol, and alerts you by email or text if there are any significant changes to your credit report or if your information is being used on unsecure websites. It registers documents, such as passports and driving licences, and pays up to £200 to cover their replacement if they are stolen.

Barclaycard also offers a year’s free registration with CIFAS to recent fraud victims. This means CIFAS members must undertake additional verification checks to ascertain that anyone applying for credit or other products or services in the individual’s name is genuine.

Individuals can register with CIFAS before anything goes wrong or to maintain cover after the first year. The cost is just £14.10 annually, but the downside is that you may experience delays in accessing credit.

CPP offers protective services for a variety of other card providers, but be clear about what they cover. Marks & Spencer’s Card Safe policy, for instance, can be used to register your credit, debit and store cards.

Card Safe will notify all the issuers immediately if cards go missing, and it provides up to £100,000 of fraud insurance. But this is only valid if the cards have been lost or stolen, and their disappearance reported within 24 hours of discovery. It does not insure the holder against identity theft.

What is phishing?
Phishing is the term used for email messages where fraudsters seek to extract personal or financial information from unsuspecting victims. Some can be blocked by using regularly updated anti-virus and anti-spyware software. Avoid opening attachments or files unless you are confident that they are from a trusted source.