These days, many transactions are done using payment cards – or at least their associated information – instead of actual cash. While this trend typically offers increased convenience and security, it can still be exploited by criminals looking to steal or fraudulently spend other people's money.
Here, we’ll discuss how they do that: payment card fraud. We’ll explain the two different types of it, as well as common techniques fraudsters use to get the cards and/or information necessary. We’ll finish by suggesting some strategies organizations can use when building an anti-fraud program to counter payment card fraud.
Card payment fraud is any unauthorized use of a payment card, or the information registered to it, to make a fraudulent transaction. This could be to make a purchase with the victim’s money, withdraw cash from the victim’s bank account, or transfer money from the victim’s account to a criminal’s.
The most common type is credit card payment fraud, though other types of payment cards – including debit cards and even gift cards – are vulnerable to this type of fraud.
Card payment fraud typically falls into one of two categories: card-present or card-not-present.
Because of the growing prevalence of digital payment solutions, most modern payment card fraud statistics show that card-not-present fraud accounts for the majority of payment card fraud cases.
In order to commit payment card fraud, criminals need to have access to a payment card itself, the information registered with the card, or both. Here are some common ways they get these things.
The most basic way for a criminal to commit payment card fraud is to steal someone else’s actual payment card, and then use it while pretending to be that person. This type of card-present fraud can be easy to stop, though, if the criminal doesn’t know many other details about their victim and a merchant knows their customers well.
Sometimes also referred to as “shimming,” this is the use of a hidden device to copy a payment card’s information covertly. This is usually done at a point of transaction, such as a retail store terminal, ATM, or fuel pump. However, some criminals can carry hidden radio-frequency-enabled devices to collect payment card details as they walk down the street.
New payment card technologies exist that can block some of these techniques, but they’re not foolproof (or at least won’t be eventually). So it may be a good idea to simply educate customers about how to detect and avoid this method of payment card fraud.
Many online marketplaces allow (or require) users to store payment card information on their accounts, for the sake of making purchases faster and more convenient. However, this also makes that information vulnerable to criminals who try to break into these accounts.
If they’re successful in doing this, criminals can copy payment card information out of accounts. A criminal may even make fraudulent transactions while pretending to be the account’s legitimate owner. That’s why it’s important to teach customers to secure their online accounts.
“Phishing” refers to a group of malicious impersonation activities that attempt to trick people into doing something harmful. They usually involve pretending to be a company representative, an authority figure, or a close associate to gain a victim’s trust falsely. Then, by convincing the victim to respond to an email, download an email attachment, or fill out a form on a fake website, the impersonator can steal the victim’s sensitive information and/or damage their computer.
These types of attacks tend to have certain giveaway characteristics, though. So it’s important for both an organization’s staff and its customers to know these tricks and what to do about them.
In addition to stealing payment cards and/or their information, criminals may copy this information onto fake or reformatted cards. Then they can use these counterfeit cards for card-present fraud, while arousing less suspicion that they aren’t a payment card’s legitimate owner.
There are many angles that fraudsters can use to steal payment cards, or at least the information required to use them fraudulently. That’s why it’s important for a marketplace or financial institution to have a multifaceted risk management system to prevent fraudulent payment card use. Here are some suggestions for effective strategies.
A business or organization should do occasional audits of its transaction infrastructure, especially at points where payment cards would be used. Check these points for suspicious implements that could be used to copy payment card data illegally. Also, think about ways to improve the security of these points against card-copying technology, and against fraudulent card payments.
For merchants, payment cards provide fraud protection through new security technologies such as EMV chips and RFID. Be sure to support these technologies if possible, but also be aware that some criminals know (or will find) ways around them. So make this just one part of a broader fraud prevention strategy.
Knowing your customers is a vital tool in lessening the economic impact of payment card fraud. Verifying customer identities during onboarding and using multi-factor authentication for transactions will foil most fraudsters who don’t put much effort into creating convincing fake identities. Building behavioral profiles of where, when, and how customers typically use their payment cards can also help teams quickly spot unusual activity that could be fraudulent.
It’s also essential that customers are made aware of how payment cards and their associated information get stolen, and what they can do to prevent this from happening. Tips can include:
Stopping payment card fraud takes a multi-pronged anti-fraud approach. This includes securing your transaction infrastructure, educating the public, and knowing your customers well. Unit21’s fraud detection solutions simplify these processes with rule-based suspicious activity detection and centralized fraud investigation tools.
To see how our platform can bolster your organization’s anti-fraud program in a practical sense, book a demo with us today.