Credit Cards Are More Secure, But Credit Card Fraud Continues to Grow
As US credit/debit-card point-of-sale security measures have improved, counterfeiters and payments-scams operators have increasingly moved online, and the tools and methods they employ credit card fraud have become both more diverse and more effective.
In 2020, the risk-return of stealing credit/debit card data at retail point-of-sale has become comparatively poor relative to online methods of credit card fraud. Lower-risk methods for obtaining card data online – like corporate data breaches, spoofed online checkout forms, and malicious mobile applications – have proliferated over recent years. Additionally, it has become increasingly easy for thieves to leverage people’s readily-available personal identifying information (PII) to enable fraudulent new account creation.
For most of the 2000s, the US lagged behind European nations in implementing EMV card-chip technology. In 2015, this began to change as US payments networks imposed a Fraud Liability Shift onto retailers using their services.
By early 2019, penetration of EMV chips in credit/debit cards has reached over 60% of total cards issued. Visa recently reported that 75% of US retail outlets are now EMV enabled, and that 99% of storefront payment volume is now taking place on EMV enabled cards and retailers.
The result of this is that retail point-of-sale payment fraud has dropped by almost 40% between 2015 and 2018.
However, despite the significant investment card companies and retailers have put into payments security, Card Not Present (CNP) fraud has grown at twice the rate of retail-fraud declines, doubling in size over the same period, and resulting in an overall 20% growth in card-account fraud.
In effect, what used to be a vulnerability of brick-and-mortar point of sale technologies, has switched to a weakness in online-point-of-sale; some of which is the fault of insecure online business-practices, and some of which is driven by insecure consumer behavior in how they share card-data.
New Account Fraud Increasingly Drives Credit Card Fraud
Additional to the growing CNP fraud trend, the FTC has reported declining numbers of claims of existing-account breaches, and explosive growth in New Account Fraud over a similar period.
Creating fake accounts in a victim’s name often turns out to be far simpler and lower-risk than violating their existing primary financial accounts. One main reason is that businesses tend to want to encourage new-business with existing customers, and frequently apply less security-scrutiny to secondary/supplemental accounts, like rewards or loyalty-points programs, or additional mobile phones. New accounts are also far less likely to trigger ‘unusual activity’ flags that protect existing financial accounts, and victims are unlikely to ever see statements.
Many types of New Account Fraud can be accomplished using easy-to-access personal information, much of which can be acquired through perfectly legal sources of information, like online data brokers such as Spokeo, White Pages, Mylife and Intelius. For example, fraudulent mobile-phone accounts often require little more than a name and billing address, and are a common point-of-entry for many scammers; by creating a new phone number associated with an victims identity, they can often bypass 2-factor authentication, change passwords, or intercept SMS codes enabling control of payments accounts.
Consequently these methods have exploded in popularity in the past 3 years, with fraud complaints to FTC more than doubling since 2017, while reports of existing card-account fraud have remained static-to-declining.
As consumer spending behavior increasingly moves online, and payments technology evolves, credit card fraud methods have also become more sophisticated, exploiting often simple-but-overlooked vulnerabilities.
Blur, the card-masking service by Abine – The Online Privacy Company™, provides users with a simple but effective tool to control how your credit-card information is shared, via card masking, mitigating a wide range of the current existing and emerging security threats in online-payments.