Technology
How debit card fraud can happen without using the card
NEWYou can now listen to Fox News articles!
Every so often, we receive an email that stops us cold. Not because it is dramatic. Not because it is careless. Because it feels impossible.
Sheri M. from Georgia recently wrote to us with this question:
“Yesterday I learned that someone had stolen my debit card information. I was alerted by my bank about 10:00 p.m. last night that someone tried to use my card in Brazil. I am in the Southern United States and have never traveled outside the country. What I have trouble understanding is that this particular debit card has never been used and has never been out of a locked vault. It has been activated, and once activated, I locked it up. No one had access to it, no questions about that. It is just not possible. So how could someone have my card information? I asked this question at my bank, and after speaking to several people, they are at a loss as to what to tell me. I hope you can shed some light on this.”
GHOST-TAPPING SCAM TARGETS TAP-TO-PAY USERS
Debit card numbers can be compromised digitally through system breaches or automated number-guessing attacks. (fizkes/Getty Images)
Sheri, first, we are glad your bank flagged it. That alert tells you fraud monitoring worked. Now let’s address the part that feels unreal. How can someone use a debit card that has never left a locked vault?
If you have asked that same question, you are not alone. This type of debit card fraud happens more often than most people realize. And it almost never involves someone physically touching your card.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
How debit card fraud happens without using the card
When a card is compromised without being used, the issue is typically digital. Here are the most likely explanations.
1) The number was exposed before you received it
Debit cards move through multiple systems before they reach your mailbox. Third-party vendors manufacture, encode and ship them. That means the card number exists in databases long before you open the envelope. If one of those systems is breached, criminals can obtain card numbers in bulk. They never need the physical card. They never need your home. In that case, it has nothing to do with your vault.
2) A BIN attack may be responsible
Every debit card starts with a bank identification number. Criminals use software to generate the remaining digits at high speed. They test thousands of combinations using small transactions or foreign authorizations to see which numbers work. This is known as a BIN attack. They are not stealing your specific card. They are guessing valid numbers mathematically. If your card was activated, even if it was never used, it becomes part of the pool that can be tested. A foreign attempt, like one in Brazil, is often a test authorization. It feels personal. In reality, it is automated.
WEB SKIMMING ATTACKS TARGET MAJOR PAYMENT NETWORKS
A customer completes a transaction at Pike Place Market in Seattle, Washington, on May 28, 2025. Financial security specialists recommend canceling compromised cards and monitoring accounts immediately after a fraud alert. (M. Scott Brauer/Bloomberg via Getty Images)
3) A processor or network weak point
Sometimes the exposure does not originate at the bank itself. The weak link can involve:
- A payment processor
- A card network
- A digital wallet backend
- A servicing vendor
Frontline bank employees often do not have visibility into these system-level issues. Patterns can take time to surface internally. That is why you may not receive a clear explanation right away.
4) Backend systems assign numbers early
Many banks pre-assign card numbers or connect them to digital systems before you ever swipe the card. If that backend data is exposed, the physical card remaining locked away does not matter. That is why debit card fraud without using the card can still occur.
Why did the transaction show up overseas?
You may wonder why the attempt came from Brazil. Foreign authorizations are often used as test transactions. Criminal groups run small or unusual location charges to see which numbers are active. If the charge clears, they escalate. The good news is your bank blocked it.
What you should do right now
If this happens to you, act quickly.
- Cancel the card completely. Do not just lock it. Make sure the number is permanently closed.
- Request a new card number. Confirm it is not a reissue of the same digits.
- Monitor your checking account daily for at least 30 days.
- Freeze your credit with all three credit bureaus.
- Add identity monitoring to detect broader misuse.
That final step is often overlooked.
WHY SCAMMERS OPEN BANK ACCOUNTS IN YOUR NAME
Experts say debit card fraud often occurs without the physical card ever being used or stolen. (Nikos Pekiaridis/NurPhoto via Getty Images)
Why identity monitoring matters
Debit card fraud can be isolated. It can also signal a larger data exposure.
If your card number surfaced through a breach or vendor leak, other personal details may be circulating too. Email addresses, phone numbers and Social Security numbers often appear together in stolen datasets. That is where early detection becomes critical.
Our top Identity Theft Protection recommendation monitors credit activity, financial accounts and dark web marketplaces for signs your identity is being misused. You receive fast alerts so you can respond before small incidents turn into larger problems.
Instead of waiting for a late-night fraud alert, you gain earlier visibility.
See my tips and best picks on Best Identity Theft Protection at Cyberguy.com.
Ways to stay safe from invisible debit card fraud
You cannot control global criminal networks. You can reduce your exposure.
- Keep debit cards locked in your banking app when not in use
- Turn on real-time transaction alerts
- Use credit cards for online purchases when possible
- Freeze your credit as a preventative step
- Avoid storing debit card details across multiple retail sites
- Use identity monitoring for broader protection
Layered security gives you more control.
Kurt’s key takeaways
Sheri’s experience feels impossible because she did everything right. The card never left the vault. It was never used. No one had access. Yet the number was still tested from across the world. That is the reality of today’s financial crime. It is automated, remote and system-driven.
If this can happen to a card locked in a vault, what does that say about how secure our financial system really is? Let us know by writing to us at Cyberguy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
Copyright 2026 CyberGuy.com. All rights reserved.
Technology
Meta’s glasses will turn off the camera if you tamper with the privacy light
Amid public backlash over its smart glasses, Meta announced that it will be updating its glasses with a new feature that will disable the camera when it detects that someone has tampered with or destroyed the glasses’ privacy LED light. The update is meant to address modders who have taken actions such as physically drilling into the LED light.
Meta has previously tried to discourage tampering with the LED light. For example, starting with its second generation glasses, blocking the light with tape or other objects will trigger a prompt asking users to uncover the recording light. However, many modders have found various workarounds for that particular measure.
Meta’s VP of wearables Alex Himel told The Verge that the privacy-focused update was on the way a few weeks ago after launching cheaper Meta Glasses without Ray-Ban branding. At the time, Himel acknowledged that the company was aware of increasing misuse alongside wider adoption of the devices.
Technology
Discord accidentally banned over 8,000 people for posting grids and other ‘benign’ images
Stanislav Vishnevskiy, Discord co-founder and chief technology officer, writes that the bug impacted around 200 users who posted “grid-like” pictures, in addition to about 8,000 people who posted “other benign images” since May 2026. “Everyone affected has now been unbanned,” Vishnevskiy says.
In a thread on X, Discord writes that its safety system is designed to flag content by “matching it against known harmful material.” This system can produce “false positives,” Discord explains, which is when an employee would step in to review the flagged content. But instead of just temporarily preventing the account from uploading content during the review, a glitch led its system to ban users entirely.
“When our staff reviewed and cleared those accounts, the same bug prevented the ban from being lifted automatically, so it just stayed in place,” Discord says.
Technology
Hoto’s PixelDrive screwdriver is down to $60, matching its best price
If your Prime Day purchases included a new desk, TV stand, bookshelf, or other furniture you still haven’t assembled, Hoto’s PixelDrive cordless screwdriver can help speed up the process. It’s currently on sale for $59.99 ($20 off) at Amazon, matching its best price to date.
From tightening loose screws on furniture to repairing electronics, the PixelDrive is designed to handle a wide range of household projects. Hoto includes 30 screwdriver bits that cover many of the most common screw types, all neatly organized in a small cylindrical case. It also offers six adjustable torque settings, allowing you to use less power when working with fragile electronics or increase it when putting together a desk, bookshelf, TV stand, or other furniture. You can also switch between a slower 80RPM mode for more precise work and a faster 200RPM mode with the press of a button.
Hoto also added several features that make assembling projects a little easier. A built-in display lets you quickly check your current torque setting and remaining battery life, while an integrated LED light helps illuminate dim spaces, whether you’re working under a desk or inside a cabinet. The rechargeable 2,000mAh battery also charges over USB-C, so you won’t need to keep buying disposable batteries.
-
Los Angeles, Ca57 minutes agoBicyclist killed by hit-and-run driver in Long Beach
-
Detroit, MI1 hour agoChild shot while riding bike outside home on Detroit’s west side, police say
-
San Francisco, CA1 hour agoBay Area restaurant has strict policy on acceptable children behavior
-
Dallas, TX1 hour agoDetroit Pistons trade Marcus Sasser to Dusty May’s Dallas Mavericks
-
Miami, FL2 hours agoThe offseason has been a massive success for the Miami Heat
-
Boston, MA2 hours ago
Can’t afford Boston’s priciest restaurants? Try these instead. – The Boston Globe
-
Denver, CO2 hours agoCity of Denver says images of piling waste a case of illegal dumping
-
Seattle, WA2 hours ago14-year-old dies in electric motorcycle crash at Seattle bike park