How Credit Card Cloning Fraud Works and How to Prevent It

January 12, 2023

During our fourth session of Fraud Office Hours, an attendee asked, "How does credit card cloning fraud work, and how can you prevent it from happening?" Watch this video clip and read below to see how Unit21's Head of Fraud Risk, Alex Faivusovich, responded.

How to Prevent Credit Card Cloning

"The best practice is identifying the fraud, finding more cards that show the same pattern, and locating the common purchase point (CPP).

When it comes to preventing credit card cloning, the best strategy is to really focus on how to monitor it and flag it in a timely manner.

When monitoring card activity, whether it's credit cards or debit cards, organizations need to check with the cardholder if they’ve performed the activity.

In some cases, the user may explain that they weren’t using the card and that it was stolen. If the cardholder hasn’t performed the suspicious activity, they could be victims of credit card cloning fraud.

Once you’ve identified an incident of credit card cloning, you’ll want to dig deeper to identify if this is isolated or part of a more extensive fraud network. A good strategy is to investigate if other accounts are showing similar fraudulent activity using link analysis.

After identifying one, two, or three cards exhibiting suspicious activity, the next step is to detect the common purchase point (CPP), whether that’s a store location or website.

Once you detect the CPP, you will understand where those cards were exposed, where they were counterfeited, and from which business or merchant the information of the cards was taken. Then you can understand - and begin to examine - all the cards in your ecosystem that were exposed to that specific merchant, website, or place.

From there, your team can take action. This can be aggressive and swift, where you shut down access to the cards and replace them for all users because the risk of keeping them active is too high, or more measured and calculated, where you add those cards to a watchlist for further monitoring.

Either way, the risk and compliance team can begin to prevent fraudulent activity from occurring. Ultimately, your team's approach will boil down to the risk appetite your organization has and how you intend to crack down on threats.

No matter what method your team uses, the best practice for identifying - and preventing - this type of fraud is the same; identify the fraud, find more cards that have the same pattern, and locate the CPP.

Once you’ve found the CPP, you’ll be able to see what cards were exposed, and then a plan of action can be formulated to address and combat these threats."

Looking for more insights? Check out our fourth session of Fraud Office Hours on-demand for a deeper dive into current fraud trends and which preventative measures to consider.

New call-to-action

Getting started is easy

See first-hand how Unit21
can help bolster your risk & compliance operations