What is credit card fraud?

Credit card fraud is one of the most common types of identity fraud. Its prevalence rose significantly during the coronavirus pandemic, with fraudulent credit card applications up 17 percent in the first month of the pandemic alone. And this has been sustained since, with the National Fraud Hunter Prevention Service revealing that UK credit card fraud reached a five-year high in the last three months of 2021. With this in mind, how can financial organizations protect themselves and their customers from credit card fraud and minimize its impact on financial institutions worldwide?

Credit card fraud definition

Credit card fraud is the unauthorized use of a debit or credit card to make purchases or withdraw cash. In 2021, there were 389,845 reports of credit card fraud in the US with the Federal Trade Commission reporting it to be the most common type of identity fraud affecting people aged 20-39.

How does credit card fraud happen?

Credit card fraud happens when a criminal steals someone else’s credit card information and uses it for their own financial gain. 

Traditionally, credit card fraud occurred when a physical card was stolen from the owner. With contemporary credit card fraud, it is increasingly likely a fraudster will obtain a victim’s credit card details, but not the physical card. 

 The two main types of credit card fraud are:

• Application fraud 
• Account takeover fraud

With application fraud, a fraudster uses illegally obtained credit card information to open a new account in the victim’s name. The criminal may have stolen or bought the victim’s details from the dark web.

With account takeover fraud, a criminal uses a victim’s personal identifying information to take control of their account and misappropriate funds. 

Find out more about account takeover fraud in our spotlight blog. 

Examples of credit card fraud

Credit card fraud can be divided into two main categories:

Card-not-present (CNP) fraud

This is becoming more common as digital payments are now the norm. Once the fraudster obtains stolen credit card details, they can carry out multiple incidents of fraud, typically via online transactions. An example of digital CNP fraud is when a criminal makes very large online purchases or bulk purchases of the same item, acting quickly to maximize the time they have before the fraud is discovered. CNP fraud can also occur offline; for example, the fraudster could complete a payment form using the stolen credit card details and email it to the retailer. It can also happen over the phone. 

Examples of incidents that can lead to CNP credit card fraud:

• Credit card details intercepted in a shop or restaurant.  
• Credit card details phished via email or text.
• Details overheard on a phone call in a public place.
• Public Wi-Fi being hacked while someone is using their credit card.
• Victim’s credit card details obtained from documents that were not properly shredded.  
• A vulnerable person being manipulated or duped into revealing their credit card details – also known as credit card abuse.

Card-present fraud  

This is becoming less common thanks to the advent of chip and PIN.

Examples of incidents that can lead to card-present fraud:

• Credit card theft from your home or from your person.
• Lost credit card; for example, the card being left in the back of a taxi.
• Credit card cloning via skimming at an ATM, or in a shop or restaurant.
• A new or replacement credit card being intercepted in the post

The impact on financial organizations

The prevention of credit card fraud should be a top priority for financial organizations as it can have a huge impact on time, resources, and the organization’s reputation. The impact can be even more extreme if disputes are unresolved and the customer reports the institution to the Ombudsman, or equivalent.

In the US, under the Fair Credit Billing Act, credit card firms must refund customers for unauthorized purchases over $50 made before the fraud was detected and reported. This is known as a chargeback. Some card companies have policies that reduce this to $0. The customer must alert the card company within 60 days of the fraudulent transaction taking place, and they must respond within ten days. 

The guidelines in the UK are similar. Under the Consumer Credit Act, customers are not liable for the fraudulent use of their credit card, although some banks choose not to refund the first £50 if they feel the customer did not keep their credit card details safe. However, if you are a financial institution, the onus is on you to prove that the customer did not keep their details safe.

How can companies detect and prevent credit card fraud?

Fraudsters will not stop evolving their credit card fraud methods, but firms can empower their customers to proactively avoid becoming victims. It’s also important that customers know how to report credit card fraud as soon as possible.

Firms should encourage their credit card customers to:

• Use the strong customer authentication; for example, multi-factor authorization, one-time passwords (OTPs), in-app approval, and biometrics – including voice and language.
• Check their statements regularly and set up transaction alerts.
• Keep their PIN private – do not write it down.
• Avoid carrying their social security or national insurance number on their person.
• Avoid storing their credit card details on websites, particularly their Card Verification Value (CVV) code. It’s often safer to checkout as a guest, particularly on less reputable retailer sites.
• Not let physical credit cards out of their sight in restaurants, bars, and shops.
• Avoid conducting financial transactions over public Wi-Fi.
• Check that retailer website addresses start with https:// and thus show that the website is secure.
• Look out for signs of tampering on ATM machines.
• Be proactive about checking if their details have been part of a data breach.
• Shred documents or, better still, go ‘paperless’.
• Avoid clicking on links in emails or texts that could be phishing.
• Use up-to-date antivirus software, anti-spyware, and firewalls.
• Change banking passwords regularly.

Firms can also advise their retailers to be proactive about credit card fraud detection by looking out for red flags such as: 

• Unusual, very large, or rushed orders, including small orders that are similar or identical.
• A customer sending a courier to collect an order made online or over the phone.
• A change to the customer’s shipping address.
• A customer distracting the cashier at the moment of purchase.

The integration of artificial intelligence (AI) and machine learning (ML) into fraud detection software can lead to substantial enhancements in the prevention and identification of credit card fraud. ML tools are fast and accurate and can process vast amounts of data. With sophisticated transaction monitoring software, ML can predict the likelihood of a transaction being fraudulent and predict future behavior. ML can also help firms keep up with trends and stay one step ahead of new evolutions in credit card fraud schemes. This is vital as it helps firms maintain customer trust and brand reputation and reduce costly chargebacks.