Credit Card Fraud Is Now a $10B Business ― Are You at Risk?

What is credit card fraud?

Credit card fraud is when a thief uses stolen credit card information to make unauthorized purchases. It’s considered a form of identity theft since thieves use some of the cardholder’s identity to carry out the fraud. 

“The goal of credit card fraud is typically to make unauthorized transactions, which can result in financial loss for the cardholder and the issuing bank,” said Ranjita Iyer, executive vice president, NAM services at Mastercard. “Credit card fraud can occur in various ways, such as stealing the physical card, obtaining card details through phishing or hacking or using skimming devices to capture card information. In a bid to sell this data to other criminals, fraudsters can even place part of the 16-digit numbers on illegal websites.”

Here are some of the ways credit card fraud can happen:

• Card-not-present: This happens when a scammer steals an individual’s personal information and uses it to make a purchase online. This type of fraud can happen whenever the credit card is not physically present for the transaction, noted Iyer, such as during online or over-the-phone purchases.
• Card-present fraud: This type of fraud involves the use of a counterfeit or stolen card at a point-of-sale terminal, said Iyer. These types of fraud also pair frequently with other techniques like credit card skimming.
• Credit card skimming: Skimmers are devices that steal the credit card information on the back of a card. Hackers will sell this information or use it to make fraudulent purchases themselves. 
• Account takeover: Once a scammer steals a consumer’s personal information, they might contact the credit card company pretending to be that person. They then change the PIN or password to have complete control over the account.
• Friendly fraud: This involves a legitimate cardholder making a purchase before calling the credit card company and disputing the validity of the charge, said Iyer. Often, in these cases the cardholder would claim that the charge was unauthorized.
• Stolen cards: Scammers will also steal someone’s credit card or intercept credit cards that come in the mail. 

Credit card fraud is surprisingly common. According to the Federal Trade Commission, the Consumer Sentinel Network received 2.6 million fraud reports in 2023 alone ― that’s nearly $10 billion in fraud, up 21 percent from the previous year. That number will only grow as more and more consumers favor online purchasing. While it’s possible that any e-commerce fraud rules could mistakenly reject legitimate orders, implementing both automatic and manual fraud screening efforts could prevent your business and its customers from becoming victims of fraud crimes.

How can you prevent credit card fraud?

All business owners, but especially those who rely on online credit card payments, should take the risk of fraud seriously and put measures in place to ensure their business is safe for them and their customers. 

“Businesses should work with their employees and payment card processors to establish rules for verifying both in-person and online transactions,” said Roman Sannikov, president of Constellation Cyber LLC. “These measures should be clearly stated either on the website or at the physical location so that the customers know about them and do not feel singled out.”

Let’s look at five ways to help prevent credit card fraud in your company. 

1. Educate yourself about the threats.

Credit card fraud comes in many forms, so the first step is educating yourself about the risks. Businesses should ensure they educate themselves, their employees and their customers on the most common types of credit card fraud and their warning signs, said Iyer. “Train your staff to recognize signs of fraud and educate your customers about safe practices, such as not sharing their card information,” she added. 

Additionally, businesses should also watch out for these red flags:

• Unusual purchasing patterns: “Large or multiple purchases in a short period, especially if they deviate from the customer’s usual behavior,” said Iyer. 
• Mismatched information: “The name or address on the order does not match the name and address on the payment card,” explained Sannikov.
• Suspicious behavior: “Customers who are overly secretive about their card or who seem nervous during the transaction,” offered Iyer.
• Inability to produce documentation: “If the client cannot produce a copy of a physical card or if a client cannot produce a copy of an ID matching the name on the credit card this is a major red flag,” said Sannikov. 
• Hostility: “If a client becomes belligerent either in person or over the phone and tries to browbeat the company employee into allowing the transaction,” this could be a major sign of a red flag, according to Sannikov. 

Additional warning signs can include: 

• Multiple credit cards from the same internet protocol address are used.
• The customer asks for rush shipping or has a lot of questions about how quickly you can ship an item.
• The customer gives a fake email address.

2. Use fraud protection services.

It may not be possible to eliminate online fraud, but the right fraud protection services can help you minimize it. For instance, you can validate customer information by comparing it to databases maintained by Experian or Equifax. Address verification service (AVS) is another method that can help cut down on fraud. AVS authenticates the cardholder by comparing the billing address to the address on file with that customer’s bank. 

You can also set your payment system up to flag or outright decline transactions above a certain amount automatically. You should also partner with a merchant services provider that offers chargeback protection. If you’re looking for a secure and trustworthy merchant, check out our recommendations for the best merchant account services.

“Payment card processors also typically have settings that the businesses can adjust,” said Sannikov. “If a business is seeing a significant impact of fraud, I recommend setting the anti-fraud settings to the highest available level. This will mean that the payment card processors will try to match and verify as many different points as possible, like location, IP [internet protocol] range or operating system.”

3. Power up with data.

Another technique to verify shoppers’ identities is comparing the data provided to you with information publicly available on social networks like Facebook and LinkedIn. This approach is useful because while it’s easy to set up a new social media profile with a fake name or stolen identity, it’s challenging to create one with a long history. Plus, the information used is unlikely to match the name and email address of the customer they’re impersonating. Find a risk analysis service that integrates social media data for an added layer of protection. [Related article: How to Conduct a Cybersecurity Risk Assessment]

Unifying your customer data is another way to harness data for fraud prevention. In other words, connect your data sets on marketing and customer experience with your data on fraud. By aligning this information, you can use the customer data to verify purchase information, lessening the risk of false declines that wrongly flag a legitimate order. 

4. Trust your instincts.

A common financial scam is one in which a scammer poses as a potential client. The purported customer might approach your business saying they want to pay for your services in advance. The catch is that they want to include an additional sum that you’ll then pay to a third-party subcontractor. For instance, they want to pay you $15,000 to build them a website, but they need you to pay their supposed photographer $5,000 from that money. This person is likely using a stolen credit card, so they want you to send the $5,000 to their bank before you realize the original $15,000 is fraudulent. 

While it’s harder for online businesses to meet their customers, you can still form customer service relationships with them and get to know the purchase habits of your target consumers. That way, odd behavior and requests will stand out as departures from the norm. The bottom line is that if a proposed payment exchange sounds too good to be true, it probably is. 

5. Put fraud procedures in place now.

Credit card fraud is unpredictable ― you could experience zero incidents for weeks and then see a sudden spike in suspicious activity. That’s why it’s crucial to begin implementing protective security measures now and make ongoing fraud monitoring part of your regular business operations. Don’t put off researching payment service and risk management providers who can help cut down on your risk of fraud, because every day that goes by is another day your business is potentially exposed. [Read related: Cybersecurity Risk Management Guide for Business]

Businesses can also institute the following steps to help make fraud more difficult to carry out in the first place:

• Use EMV chip technology: Ensure that your business’s point-of-sale terminals support EMV chip technology, advised Iyer. “This helps shift the liability for fraudulent transactions to the card issuer if the chip is used, rather than the magnetic stripe,” she added.
• Use tokenization technology: Tokenization makes transactions faster and more secure. “It takes the security of a physical EMV chip and applies it to non-card environments including proximity, mobile and internet payments,” said Iyer. 
• Require strong authentication: “Use multi-factor authentication or Payment Passkeys for online transactions,” advised Iyer. “This adds an extra layer of security by requiring customers to provide additional verification, such as a code sent to their phone or their biometric on their device.”

What should you do if you suspect fraud?

Of course, what if you put all of these procedures into place and your business and customers are still victims of fraud? “If a business suspects that they have been a victim of fraud, it is best to try to cancel the transaction before the goods or services have been provided,” said Sannikov. “The business can contact the customer and ask them to attempt to place the order again with an alternative payment method. The business has to try to balance out the possibility of losing a sale versus the possibility of being a victim of fraud and having to refund funds and pay fees to the processor on top of the lost funds.”

Iyer noted that even with strong preventative measures in place, fraud can still occur. In such situations, a business should contact their bank, legal counsel and local police department as soon as possible. “If your employees are suspicious about a card or a cardholder at any time during a transaction, tell them to call the Authorization Center and request a Code 10 authorization,” advised Iyer. “A Code 10 authorization request alerts the card issuer to suspicious activity — without alerting the customer.”

Additionally, businesses should still report the incident to their local law enforcement and give them a record of any interactions they’ve had with the suspected scammer. Lastly, but not insignificantly, contact any customers who’ve been affected so they can take the necessary steps to protect themselves and recover their misused funds.

Jeremy Bender and John Canfield contributed to this article.