Why You Can Trust CNET Advertiser Disclosure
Credit Card Fraud Is the Problem That Won't Go Away. It Just Changes
Companies are looking to tech to help solve credit card theft.
What's happening
Despite advances in technology, credit card fraud continues to be a problem.
Why it matters
Credit card fraud costs American companies billions of dollars each year. While consumers are never on the hook for fraudulent charges, reporting thefts and replacing cards can be aggravating and time consuming.
What's next
Payment processing companies like Visa and Mastercard are investing billions of dollars in new technology designed to catch fraud and stop it quickly.
We've all been there. You notice a suspicious charge on your latest credit card statement. Or maybe the credit card company reaches out, asking if you actually just tried to make some random purchase.
Inevitably, the $1.79 charge for a burrito at a Taco Bell in another state or a family-sized purchase at a Sam's Club you don't belong to starts a tedious cycle. Cancel your card, get a new one issued, update your online accounts with the new number. It's a total pain.
It also isn't going to go away anytime soon.
Despite huge advances in technology over the years, American companies shell out billions of dollars annually to address credit card fraud. Fraud involving existing credit cards jumped 69% in 2021 from the year before, resulting in $9 billion in costs, according to Javelin Strategy & Research, which tracks financial and identity fraud. The accounts of more than 13 million American adults were affected, Javelin says.
It's debatable as to whether those costs ultimately get passed on to consumers in the form of higher card interest rates or fees. Regardless of who's paying, experts say those ill-gotten gains are supporting criminal organizations in the US and abroad.
"It's inevitably lining the pockets of criminals," said John Buzzard, Javelin's top analyst for fraud and security. He notes some criminal gangs that previously focused on drug trafficking, gambling and other high-profile crimes have shifted toward financial fraud because it involves less risk and lighter criminal penalties if caught.
Meanwhile, those criminals, new or old, are taking their crimes online. The global pandemic sped up a shift already in progress from in–person fraud to what's called "card not present," or largely online, fraud.
Over the past decade, the introduction of chip technology in banking cards and terminals has made it incredibly hard for criminals to copy physical cards, pushing credit card fraud online.
COVID moved even more fraud away from physical stores and to e-commerce sites, with criminals focusing on using stolen personal information to either take over existing consumer online accounts or create new ones, Buzzard says, adding that Javelin has spotted recent spikes in both kinds of fraud.
Paul Fabara, Visa's chief risk officer, says the pandemic pushed online a lot of people who didn't know how to protect themselves or look out for scams. Fraudsters responded in kind, he says, dialing up phishing attacks and other schemes designed to steal personal and financial information. (Phishing is a technique in which cybercriminals entice consumers to give up credentials and other important information using bogus emails, texts or even phone calls.)
"This is something that would have happened over a period of years," Fabara said. "The pandemic made it happen overnight."
In response, he said his company mobilized, stepping up the tech needed to catch fraud early and stop it. Consumers have also gotten wise to online threats and scams, but it took a while for everyone to realize that they could be the target of an attack.
Over the past five years, Visa has spent $9 billion on cybersecurity and fraud prevention, including $500 million in artificial intelligence capabilities and data infrastructure designed to spot fraud. Last year alone, that tech helped prevent tens of billions of dollars in fraud, as well as reduce unwarranted and often embarrassing instances of declined transactions for consumers.
Good security can still allow for a good customer experience, Fabara says.
"I do believe those things can coexist," he said, adding that he thinks consumers have become more savvy and now understand why when, for example, they're asked to provide more data about themselves to prove their identity.
Mastercard is also looking to new kinds of technology like AI and machine learning to reduce fraud as it analyzes an average of 1 billion transactions around the world each day. Within milliseconds, the company's systems are able to assess a potential transaction for risk based on several factors including where the transaction is being made, what kind of device is being used and how it compares to recent similar transactions.
Like Visa, it wants to reduce the frequency of unnecessarily declined credit card transactions, noting that the majority of people will just move on to another card if their attempt to buy something fails. It's also rolling out technology that uses sensors in smartphones to better identify the consumers behind mobile transactions by looking at how they hold their phone or how hard they press on their displays.
Those security improvements will go a long way toward protecting consumers in the coming years as Mastercard expands its network to move new kinds of even more personal data designed to fuel custom e-commerce experiences for consumers, said Ken Moore, the company's chief innovation officer.
For example, a diner might walk into a restaurant and receive a custom menu based on information they've shared about their preferences and dietary restrictions. Video screens could show images of the ocean if they order seafood, and there might be a salty scent in the air.
"That's not somewhere over the rainbow," Moore said. "That's three to five years from now."
Still, none of that can happen if customers don't trust that their data and privacy are being protected and respected.
Regardless, that all may still seem fantastical to many consumers who just want to be able to use their credit cards without having to worry about their number being stolen. While individuals are never on the hook for the cost of fraudulent charges, getting a replacement card remains a pain for many.
Buzzard, the Javelin analyst, notes that it took him nearly two weeks to get a replacement card the last time his debit number was stolen, because the ongoing microchip shortage has hit the companies that produce credit cards just like it has other industries.
According to Javelin research, it takes a person an average of nine hours to deal with the fallout from a stolen credit card number by doing things like filing a fraud report, figuring out exactly where that card was being used and updating their automatically paid bills.
"It's very burdensome but necessary to keep the wheels of personal commerce greased," he says.