In today's world, card payments offer unmatched convenience, but they also come with hidden security risks. This makes it essential for both merchants and customers to stay alert and protect card information.
Specifically, global projections indicate alarming trends, with anticipated losses from payment card fraud expected to soar to a staggering $43 billion by 2026. Notably, according to eMarketer, card not present fraud accounted for a significant 73% of card payment fraud losses in 2023. These statistics underscore the pressing need for heightened awareness and proactive measures to protect against the evolving landscape of financial fraud.
In this article, we’re going to uncover what credit card fraud is, how to identify it and share ten important tips to combat card fraud.
What’s considered to be credit card fraud?
Credit card fraud, also known as credit fraud or credit card theft, encompasses a variety of fraudulent activities or thefts carried out using credit card information. Typically, the objective behind such crimes is to make unauthorised purchases using fraudulently obtained card details or to directly steal funds from a victim's account. Regrettably, instances of credit card fraud are on the rise, with criminals continuously devising new and sophisticated schemes. In the UK, numerous scams are currently in operation, which we will explore further in this article.
Credit card fraud trends in the UK
According to a UK Finance report, credit card fraud in the UK reached a concerning £551.3 million in 2023. Notably, card not present fraud, primarily originating from online transactions, accounted for a staggering 79% of all card fraud cases, totalling 2.13 million instances.
Over the past year, most forms of fraud have witnessed a steady rise in losses, except for card not present and card not received fraud. However, there is a glimmer of hope as the ratio of fraud losses to the total amount of transactions on cards has declined to 5.8 pence, down from 6 pence in 2022. Banks and card companies played a pivotal role in mitigating fraud, preventing a substantial £1 billion worth of fraudulent transactions, which represents a 4% increase from 2022.
These statistics further emphasise the importance of implementing a robust anti-fraud strategy for merchants, ensuring sensitive consumer information is protected at every point of the payment journey.
Credit card fraud repercussions in the UK
The repercussions for credit card fraud in the UK vary depending on several factors, such as the degree of culpability, the extent of the loss incurred or intended, and the impact on the victim. Penalties are determined based on these factors and the financial situation of the perpetrator. In cases of severe wrongdoing, community service or custodial sentences may be imposed. Additionally, those involved in conspiracy to defraud could face a maximum prison sentence of 10 years, under the Criminal Justice Act 1987.
How do fraudsters get card details and what are some examples of credit card fraud?
Credit card fraud encompasses various schemes designed to deceive cardholders and exploit their financial information. Among the prevalent methods are:
Skimming
Skimming involves the illicit copying of credit card information, typically through a device installed on legitimate card readers. Criminals clone card details onto a magnetic strip, enabling them to create duplicate cards for fraudulent transactions. Though replicas may be declined by card readers, manual entry of stolen details facilitates the completion of illicit purchases.
Investment scams
Fraudsters employ investment scams to deceive cardholders into disclosing their card details. This may involve multiple transactions using lost or stolen cards before they’re reported and cancelled. While limited to contactless payments or online purchases without the PIN, these transactions can still result in significant financial losses. Immediate notification to the bank upon card loss or theft is crucial. Examples of investment scams include fraudulent stock options and non-existent property investments, to name a few.
Application fraud
Application fraud entails the fraudulent use of someone else's card details to apply for credit cards. Perpetrators fabricate supporting documents to falsely verify their identity. This deception enables them to acquire credit cards under false pretences, exploiting the victim's financial credentials.
Card not present (CNP) fraud
Card not present (CNP) fraud occurs predominantly in online transactions, where stolen card details are used without the need for physical possession of the card.
Card not present fraud can occur for various reasons, including the following:
- Credit card details are compromised through phishing emails or texts.
- Payments are made over unsecured public WiFi networks vulnerable to hacking.
- Cardholders inadvertently disclose credit card details to scammers over the phone.
- Credit card information is shared on fraudulent or unsecured websites.
What’s the difference between credit card skimming and phishing?
Phishing is classified as fraud conducted over email, text or telephone where the perpetrator pretends to be a trusted organisation. Phishing examples include lucrative offers sent via email or text, requests to verify bank details or attachments containing viruses.
Credit card skimming can take place when the cardholder is least expecting it and will only be alerted when they notice transactions they haven’t made appearing on their statement. The capturing of details can take place at ATMs or petrol stations, anywhere that a small device can be fitted over the card swipe mechanism.
A tiny camera can also be installed on the ATM to record the cardholder entering the PIN, allowing the fraudster to create a physical copy of the card. Credit card skimming devices can be detected by a few tell-tale signs, including a loose or protruding card reader, scratches around the terminal or a thicker keypad.
How can card fraud be prevented?
If you offer online payments, it’s important to have a strong anti-fraud and risk management strategy in place to help safeguard your shoppers’ sensitive payment data. Below we’ve identified some ways your business can do this.
Tokenisation
Payment tokenisation describes the process by which sensitive data, such as credit card details, are replaced by a non-sensitive, undecipherable equivalent – i.e. a token. A token is an identifier that helps to deter payment card fraud by hiding sensitive information behind a specific series of randomised digits, making it inaccessible to unauthorised users.Address verification service
Address Verification System (AVS) is a fraud prevention tool integrated into modern payment systems. It verifies that the billing address provided by a customer during an online transaction matches the address associated with their bank account on file with the card issuer. AVS allows merchants to confirm if the consumer placing the order in their eCommerce store is the same individual as the cardholder, which helps detect suspicious transaction behaviour to deter fraud while also preventing chargebacks.
3D Secure 2
3DS2 is an authentication protocol that can help you reduce fraud and enhance security in online card payments. It’s especially important for merchants accepting payments in the EEA, Monaco and/or UK region, as it adheres to the Strong Customer Authentication (SCA) requirement set by the EU Payment Services Directive 2 (PSD2). This process enhances transaction security by requiring the issuer to confirm the cardholder's identity.
Velocity checks
Velocity checks monitor transaction patterns by tracking the frequency and amount of purchases made within a specific timeframe. By setting thresholds on the number and volume of transactions, merchants can quickly identify abnormal purchase behaviours, such as a high volume of transactions in a short period, that may indicate fraud.
IP geolocation checks
IP geolocation checks allow merchants to confirm that a customer's location aligns with their billing and shipping information. For instance, if a customer claims to be in one country but their IP address shows another, this discrepancy can trigger additional verification steps. This adds a layer of security by identifying potentially fraudulent cross-border transactions.
Two-factor authentication
Two-factor authentication (also known as 2FA) adds security beyond simple password entry by requiring multiple forms of verification. Methods such as biometric identification, SMS codes or bank app-based confirmation ensure the person making the purchase is indeed the authorised cardholder, further strengthening security in online payments.
Card security code (CVV) verification
Requiring customers to enter the CVV (Card Verification Value) during transactions adds a layer of security by verifying that the purchaser physically possesses the card. This helps prevent fraud attempts using stolen card numbers, as CVV information is not stored in the card's magnetic stripe or chip, making it harder for fraudsters to acquire.
Regular security audits and updates
Routine security audits and updates help businesses keep up with evolving threats by identifying vulnerabilities within their payment systems. Staying proactive about security assessments and patching known issues promptly ensures that your business remains resilient against new fraud tactics.
Educating customers
Educating customers about online security best practices, such as recognising phishing attempts and protecting their passwords, can reduce the likelihood of fraud. A well-informed customer base is less likely to fall victim to scams, which not only reduces fraud attempts on your platform but also helps minimise chargebacks and the associated costs, benefiting both the customer experience and your bottom line.
Work with a trusted payment partner
To effectively combat credit card fraud, merchants should partner with an experienced, PCI-compliant Payment Service Provider (PSP) that offers sophisticated fraud detection and prevention tools, such as velocity checks, transaction count, and amount thresholds. A trustworthy PSP stays current with changing legislation and emerging security threats, ensuring that your business is compliant with the latest regulatory standards and protected against emerging fraud threats.
With the addition of stronger identity verification requirements, your PSP should also provide two-factor authentication, making it increasingly difficult for fraudsters to impersonate legitimate customers. By choosing a proactive, security-focused PSP, you can protect your business while giving customers confidence and peace of mind in their purchasing experience.
How can emerchantpay help you?
Fraud is a major concern for businesses, and while it can never be completely eradicated, there are proven strategies to protect both your business and your customers. With legislation like PSD2 and increasing consumer awareness, the industry is taking significant steps toward reducing fraud incidents.
Backed by over 20 years of experience, emerchantpay supports merchants in accepting secure, seamless payments worldwide. Our clients benefit from dedicated guidance from payment experts and personalised support from a Risk Analyst, helping you to strengthen your payment security. In addition, we provide a comprehensive suite of risk and fraud management services designed to protect your business from financial vulnerabilities.
With emerchantpay’s expertise and proactive fraud prevention tools, you can confidently navigate the complexities of payment security, ensuring a safe and seamless experience for your customers while safeguarding your business from potential risks.
Interested in accepting payments securely and seamlessly for customers across the globe? Contact one of our payment specialists today!