In our world of digital transactions, credit card fraud poses a threat to all merchants who accept credit cards. For protecting yourself from credit card fraud, knowledge is power.
Credit card fraud is a pervasive form of financial crime that encompasses a wide range of illegal activities, from counterfeit card schemes to sophisticated online scams to the creation of synthetic identities. As technology advances and transactions become increasingly digital, the battle against credit card fraud grows.
For merchants to protect ourselves from fraud, it is imperative to know the types of credit card fraud and understand fraud detection in payments and the preventive measures you can take. This article covers some credit card fraud market statistics, the common types of credit card fraud, and ways to protect yourself as a merchant.
Credit card fraud statistics
Global credit card fraud losses exceeded $34 billion in 2022, so it is a big business for criminals. Credit card fraud losses in the United States amounted to $9.5 billion. In contrast, Canadian credit card fraud losses were $450 million for Canada in 2022. UK has the highest credit card fraud in Europe totalling $750 million. Other top countries with credit card fraud include Russia, Ireland, Brazil, and Mexico.
The United States has around 30% of total global credit card fraud. Some factors contributing to the high amount of fraud in the USA include the high percentage use of credit cards, a more diverse financial ecosystem, and a large population. As a result, the volume of credit card transactions and the potential for fraud are generally higher in the United States.
The worst credit card fraud incident in recent history
The worst credit card fraud case in recent history is attributed to the cyberattack on U.S. retailer Target Corporation in 2013. The breach compromised the credit and debit card information of approximately 40 million customers and the personal information of around 70 million individuals. The estimated cost of Target data breach goes well beyond the $18 million settlement. In fact, it’s estimated the company lost over $200 million.
The attackers gained access to Target’s network through a heating system vendor and installed malware on point-of-sale (POS) systems, allowing them to capture sensitive customer data during transactions. The incident resulted in significant financial losses, damage to Target’s reputation, and widespread concerns about the security of payment systems. Target took extensive measures to enhance its security protocols and implemented stricter payment card security measures in response to the breach.
People using stolen or lost credit cards
Fraudsters using lost or stolen credit cards is very prevalent. They obtain stolen credit cards through various means, such as theft, pickpocketing, or data breaches. They may also purchase stolen card information on the dark web. Once they acquire a stolen card, fraudsters often perform small transactions to test if the card is active. This helps them assess whether they can proceed with larger purchases.
Here are ways merchants can protect themselves against people using lost or stolen cards:
- Always request identification and verify the signature on the card.
- Match the name on the card with the customer’s identification.
- Ensure the card’s security features, such as holograms or watermarks, are present and genuine.
- Use chip-and-PIN enabled terminals, which are more secure than traditional magnetic stripe readers. Encourage customers to use contactless payment methods like mobile wallets or EMV chip cards.
Fraud by credit card skimming
Credit card fraud using card skimming is a method where fraudsters capture credit card information without the cardholder’s knowledge. Skimmers are devices that are installed on legitimate card readers, such as ATMs, gas pumps, or point-of-sale terminals, and they are designed to record the data from the magnetic stripe or chip of the victim’s credit card. Fraudsters then go used that data to make fraudulent purchases. The Target Corporation fraud case described above is credit card skimming
Credit card skimming is most prevalent in the USA and the FBI estimates that credit card skimming totals more than $1 billion annually. Here are ways merchants can protect themselves against card skimming:
- Merchants should regularly inspect their card readers for any signs of tampering or unusual attachments. Look for loose components, mismatched colours, or suspicious devices that may have been added to the terminal.
- Train employees to recognize signs of skimming attempts, such as loose components, hidden cameras, or suspicious individuals near the card reader.
- Encourage customers to shield their PIN entry with their hand.
Card-not-present (CNP) fraud
Among the various types of credit card fraud, Card-Not-Present (CNP) fraud is considered one of the most prevalent and fastest-growing. Card-Not-Present fraud accounts for roughly 50% of all credit card fraud. Unlike traditional in-person transactions where the card is physically swiped or inserted into a card reader, CNP fraud occurs in remote payment scenarios, such as online shopping, phone orders, or mail orders.
Here are some of the ways to protect against CNP fraud:
- Implement address verification systems (AVS) to match the billing address with the cardholder’s information.
- Watch out for suspicious activity such as unusually large or frequent orders, multiple transactions with different shipping addresses, requests for rush delivery, or inconsistencies in billing and shipping information
- Use CVV verification to confirm that the person making the purchase has the physical card.
- Consider adopting 3D Secure protocols, such as Verified by Visa or Mastercard SecureCode, to provide an additional layer of authentication.
Friendly fraud, also known as chargeback fraud or first-party fraud, occurs when customers dispute legitimate transactions, claiming they did not authorize or receive the goods or services. It is called “friendly” fraud because the perpetrator is typically someone known to the merchant, such as a customer or acquaintance, rather than an unknown fraudster. Studies reveal that friendly fraud accounts for 71% of all chargeback fraud.
Friendly fraud can have a significant impact on merchants. When a chargeback is initiated, the merchant not only loses the sale but also incurs chargeback fees, potential penalties, and additional administrative costs. Moreover, excessive chargebacks can harm a merchant’s reputation, increase their payment processing fees, and affect their ability to process payments.
Here are some ways to protect against friendly fraud:
- Provide clear product descriptions, terms of service, refund policies, and shipping information to customers. Ensure that customers fully understand what they are purchasing and what to expect in terms of delivery, returns, and refunds.
- Maintain detailed records of customer orders, including order confirmations, shipping/tracking information, and any communication with the customer.
- Implement robust dispute resolution processes and be prepared to provide evidence in case of chargebacks.
- Use clear billing descriptors on customer credit card statements. A recognizable descriptor helps customers remember purchases and reduces mistaken disputes.
Fraudsters may use stolen personal information to open new credit card accounts or make fraudulent transactions. Merchants should have robust identity verification processes in place, especially for high-value purchases or suspicious activities.
- Verify customer identities using multiple factors, such as address, phone number, and email verification.
- Monitor and flag suspicious activity, such as multiple orders with different shipping addresses but the same payment details.
- Securely store customer data and adhere to industry-standard security protocols to prevent data breaches.
Phishing and social engineering
Phishing and social engineering are techniques used by fraudsters to trick merchants into revealing sensitive information, such as credit card details, with the intention of committing credit card fraud. Fraudsters may use deceptive emails, phone calls, or websites to trick merchants into revealing credit card numbers or login credentials.
Merchants should educate their employees about these scams and maintain strict security practices.
- Educate employees about common phishing techniques and provide regular training on how to identify and report suspicious communications.
- Use secure communication channels and avoid sharing sensitive information via email or unsecured platforms.
- Double-check the legitimacy of websites, email addresses, or phone numbers by independently searching for official contact information or using trusted sources.
- Avoid sharing sensitive information, such as credit card details or passwords, through email or unsecured websites. Legitimate organizations typically do not request such information via email.
Best practices for merchants to reduce fraud
Merchants have a crucial role to play in fortifying their defences and creating a secure environment for credit card transactions. By implementing a series of robust measures, they can significantly reduce the risk of falling victim to fraudsters’ schemes.
The first step in this defence strategy lies in selecting the right payment processor. Partnering with a reliable and reputable provider, such as TRC-Parus, ensures access to cutting-edge security measures and advanced fraud detection tools.
One vital security measure is the implementation of EMV payment terminals. These terminals provide enhanced security when compared to the traditional magnetic stripe readers of the past.
However, technological solutions alone cannot guarantee complete protection. Educating employees about the signs of fraudulent activity and training them on secure card transaction handling is paramount. With their increased awareness, employees become an additional line of defence, helping identify and prevent potential fraud attempts.
To stay one step ahead, leveraging fraud detection tools becomes imperative. By continuously monitoring and analyzing transactions, merchants can identify suspicious patterns or anomalies in real-time. These tools act as a proactive safeguard, providing early warning signs and allowing for swift action to mitigate risks.
Securing customer data is a cornerstone of fraud prevention. Robust security measures, including encryption, firewalls, and regular security audits, are essential to safeguard sensitive information. Additionally, enforcing strong password policies for internal systems and devices bolsters the overall protection of merchant operations.
Monitoring chargeback activity provides invaluable insights into potential vulnerabilities. By analyzing patterns and trends, merchants can identify areas for improvement and implement proactive measures to prevent fraud-related chargebacks. This not only minimizes financial losses but also maintains a high level of customer trust and satisfaction.
By embracing these comprehensive measures, merchants can create a solid environment that deters fraudsters from credit card fraud.