How quickly you act after a account compromise directly determines how much you can recover. Every extra 10 minutes between spotting the anomaly and completing the freeze is another potential charge for the attacker. Act first, investigate later — getting the order wrong means even airtight evidence won’t help.
Complete all 5 steps below within 30 minutes of detecting suspicious activity.
Step 1: Freeze the card before anything else
Open the card issuer’s app, go to card management, and tap “Freeze” or “Lock Card.” This takes priority over changing your password — as long as the card remains active, the attacker can keep making charges.
Most virtual cards support instant freezing without needing to contact support. If you have already been logged out of the app (meaning the attacker has also changed your account password), go directly to the support hotline or ticket system — most issuers allow remote card freezing using your registered email address and a government-issued ID.
Step 2: Change your password and force-logout all devices
Freezing the card only blocks the payment channel; the attacker may still control the account itself. Go to “Account Security,” change your main password, then find “Device Management” or “Active Sessions” and log out all devices.
If you have used the same password across multiple exchanges or wallets, change every single one. This is the most common source of cascading account breaches.
Step 3: Enable 2FA (if you haven’t already)
Use a TOTP app such as Google Authenticator or Authy. Avoid SMS-based 2FA — SIM swap attacks are extremely common in the crypto space. Also check whether your email account has 2FA enabled; your inbox is the master back-end for all your accounts.
Step 4: Contact support and file a formal report
Submit a fraud report through the in-app ticket system or the issuer’s official email address (verify the domain carefully — phishing emails frequently impersonate support). Clearly include:
- The time you discovered the unauthorized activity
- The amount, merchant name, and timestamp of each suspicious transaction
- The time and location of your last legitimate card use
- Whether you recently lost a device or clicked any suspicious links
Save the ticket number. It is a critical reference for any subsequent chargeback dispute.
Step 5: The 60-day chargeback window
Under Visa and Mastercard dispute resolution rules, cardholders typically have 60 days (up to 120 days in some regions) to initiate a chargeback on unauthorized transactions. Even though USDT cards settle in stablecoins at the backend, the same dispute rules apply as long as the card BIN runs on Visa or Mastercard.
Documentation required for your dispute:
- Screenshots of the transaction history
- Proof of your own location during the same period (flight tickets, hotel records, ride receipts, IP logs)
- Your support ticket number
- A police report receipt (optional, but strengthens your case)
Important: if a transaction was completed with 3DS authentication (SMS code or Authenticator confirmation), the issuing bank will tend to treat it as cardholder-authorized, significantly reducing your chance of a successful dispute. This is another reason why Step 3 matters — it both prevents future incidents and demonstrates to the issuer that you fulfilled your security obligations.
Editorial Advice
Do this now: check whether 2FA is enabled on your regularly used USDT card, and verify that you are not still relying on SMS-based 2FA. Remediation after the fact is always harder than prevention beforehand.
Do not do this: do not cancel or close your card account while a support ticket is still open. Once account records are deleted, pursuing a chargeback dispute becomes significantly more complicated.
Further reading: What is a USDT card and how to choose one | Why no-KYC cards carry higher risk | What to do if your card issuer shuts down. If you are looking for a card with stronger security, see the editorial pick MPCard and the 2026 Overall Top 5.