Credit card fraud is a wide-ranging term for theft and fraud committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a transaction. The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account. Credit card fraud is also an adjunct to identity theft. According to the Federal Trade Commission, while identity theft had been holding steady for the last few years, it saw a 21 percent increase in 2008. However, credit card fraud, that crime which most people associate with ID theft, decreased as a percentage of all ID theft complaints for the sixth year in a row.
The cost of card fraud in 2006 were 7 cents per 100 dollars worth of transactions (7 basis points). Due to the high volume of transactions this translates to billions of dollars. In 2006, fraud in the United Kingdom alone was estimated at £535 million, or US$750–830 million at prevailing 2006 exchange rates.
Origins
The fraud begins with either the theft of the physical card or the compromise of data associated with the account, including the card account number or other information that would routinely and necessarily be available to a merchant during a legitimate transaction. The compromise can occur by many common routes and can usually be conducted without tipping off the card holder, the merchant or the issuer, at least until the account is ultimately used for fraud. A simple example is that of a store clerk copying sales receipts for later use. The rapid growth of credit card use on the Internet has made database security lapses particularly costly; in some cases, millions of accounts have been compromised.
Stolen cards can be reported quickly by cardholders, but a compromised account can be hoarded by a thief for weeks or months before any fraudulent use, making it difficult to identify the source of the compromise. The cardholder may not discover fraudulent use until receiving a billing statement, which may be delivered infrequently.
Stolen cards
When a credit card is lost or stolen, it remains usable until the holder notifies the issuer that the card is lost. Most issuers have free 24-hour telephone numbers to encourage prompt reporting. Still, it is possible for a thief to make unauthorized purchases on a card until it is canceled. Without other security measures, a thief could potentially purchase thousands of dollars in merchandise or services before the cardholder or the card issuer realize that the card is in the wrong hands.
The only common security measure on all cards is a signature panel, but signatures are relatively easy to forge. Some merchants will demand to see a picture ID, such as a driver's license, to verify the identity of the purchaser, and some credit cards include the holder's picture on the card itself. However, the card holder has a right to refuse to show additional verification, and asking for such verification is usually a violation of the merchant's agreement with the credit card companies. Self-serve payment systems (gas stations, kiosks, etc.) are common targets for stolen cards, as there is no way to verify the card holder's identity. A common countermeasure is to require the user to key in some identifying information, such as the user's ZIP or postal code. This method may deter casual theft of a card found alone, but if the card holder's wallet is stolen, it may be trivial for the thief to deduce the information by looking at other items in the wallet. For instance, a U.S. driver license commonly has the holder's home address and ZIP code printed on it.
Card issuers have several countermeasures, including sophisticated software that can, before a transaction is authorized, estimate the probability of fraud. For example, a large transaction occurring a great distance from the cardholder's home might seem suspicious. The merchant may be instructed to call the card issuer for verification, or to decline the transaction, or even to hold the card and refuse to return it to the customer. The customer must contact the issuer and prove who they are to get their card back (if it is not fraud and they are actually buying a product).
Compromised accounts
Card account information is stored in a number of formats. Account numbers are often embossed or imprinted on the card, and a magnetic stripe on the back contains the data in machine readable format. Fields can vary, but the most common include:
- Name of card holder
- Account number
- Expiration date
- Verification/CVV code
Card not Present
The mail and the Internet are major routes for fraud against merchants who sell and ship products, and impacts legitimate mail-order and Internet merchants. If the card is not physically present (called CNP Card Not Present) the merchant must rely on the holder (or someone purporting to be so) presenting the information indirectly, whether by mail, telephone or over the Internet. While there are safeguards to this, it is still more risky than presenting in person, and indeed card issuers tend to charge a greater transaction rate for CNP, because of the greater risk. To many people's surprise, telephone ordering is the most risky, far more risky than the Internet.
It is difficult for a merchant to verify that the actual cardholder is indeed authorising the purchase. Shipping companies can guarantee delivery to a location, but they are not required to check identification and they are usually not involved in processing payments for the merchandise. A common recent preventive measure for merchants is to allow shipment only to an address approved by the cardholder, and merchant banking systems offer simple methods of verifying this information. Before this and similar methods were introduced, mail order carding was rampant as early as 1992., using a method in which the carder obtains the credit card information for a local resident and intercepts expensive computer equipment he ordered using the stolen card and shipped to the address, often by staking out the porch of the residence.
Small transactions generally undergo less scrutiny, and are less likely to be investigated by either the card issuer or the merchant. CNP merchants must take extra precaution against fraud exposure and associated losses, and they pay higher rates for the privilege of accepting cards. Fraudsters bet on the fact that many fraud prevention features are not used for small transactions.
Merchant associations have developed some prevention measures, such as single use card numbers, but these have not met with much success. Customers expect to be able to use their credit card without any hassles, and have little incentive to pursue additional security due to laws limiting customer liability in the event of fraud. Merchants can implement these prevention measures but risk losing business if the customer chooses not to use the measures.
Identity theft
Identity theft can be divided into two broad categories: Application fraud and account takeover.
Application fraud
Application fraud happens when a criminal uses stolen or fake documents to open an account in someone else's name. Criminals may try to steal documents such as utility bills and bank statements to build up useful personal information. Or they may create counterfeit documents.
Account takeover
Account takeover happens when a criminal tries to take over another person's account, first by gathering information about the intended victim, then contacting their card issuer masquerading as the genuine cardholder, and asking for mail to be redirected to a new address. The criminal then reports the card lost and asks for a replacement to be sent.
Some merchants added a new practice to protect their consumers and their own reputation, where they ask the buyer to send a photocopy of the physical card and statement to ensure the legitimate usage of a card.
Skimming
Skimming is the theft of credit card information used in an otherwise legitimate transaction. It is typically an "inside job" by a dishonest employee of a legitimate merchant. The thief can procure a victim’s credit card number using basic methods such as photocopying receipts or more advanced methods such as using a small electronic device (skimmer) to swipe and store hundreds of victims’ credit card numbers. Common scenarios for skimming are restaurants or bars where the skimmer has possession of the victim's credit card out of their immediate view. The thief may also use a small keypad to unobtrusively transcribe the 3 or 4 digit Card Security Code which is not present on the magnetic strip.
Instances of skimming have been reported where the perpetrator has put a device over the card slot of a ATM (automated teller machine), which reads the magnetic strip as the user unknowingly passes their card through it. These
Credit Card Companies Fight Reform | Corporate Accountability and ...
Credit Card Companies Fight Reform. By Danny Schechter, AlterNet. Posted May 11, 2009. ... Current credit card company losses may be behind the current round of gouging but they ...
Credit Card Canceled Without Notice? Fight Back!
Credit Card Canceled Without Notice? Fight Back! Posted On: October 16, 2009 ... write about your outrage to the president of your current credit card company ...
Tips to fight your travel credit card dispute - CNN.com
Tips to fight your travel credit card dispute ... says Rich Bialek, a Wheaton, Illinois-based credit card expert. After contacting your card company, it ...
Ann Minch Triumphs In Credit Card Fight (VIDEO)
Ann Minch Triumphs In Credit Card Fight (VIDEO) ... I too have copies of everything I signed, however, when you call a credit card company it is ...
Report your credit card company to authorities
More ways to fight back >>... AG who sued Providian and forced them to pay the largest judgment against a credit card company ...
Fight Unfair Credit Card Fees | Unfair Credit Card Fees
The credit card interchange fee is the biggest credit card fee you\\\\\'ve never heard of. Nearly $2 of every $100 American consumers spend using credit cards goes directly to ...
O.C. 7-Eleven franchisee takes credit-card fee battle to D.C. - Jan ...
California’’s 848 stores collected 368,199 signatures, the company says. The battle is over what is called credit card interchange fees charged each time a customer makes a ...
How to fight for lower credit-card rates Jennifer Openshaw ...
Are you seething mad because you’ve paid your bills on time but your credit-card company still insists on changing your rate or other important terms? You’re probably thinking,
Debt Cures: Fight Back Against Your Credit Card Company
Lenders are unscrupulous in their tactics, so Kevin Trudeau urges consumers to counter attack. Debt Cures describes how to fight the good fight. Once more Trudeau says that ...
Join The Fight to End Credit Card Company Customer Abuse ...
Suggestions for those who want to join the fight to end credit card company customer abuse. Complain to legislative representatives, consumer protect