Protect yourself from card-not-present fraud

By Benjamin Salisbury

Despite a drop in overall credit card fraud, one particular type is on the rise: card-not-present fraud. With chip card technology thwarting criminal efforts to counterfeit physical cards, fraudsters have turned to online fraud.

According to a March 2015 report by industry group Financial Fraud Action, credit card spending increased by 50% between 2008 and 2014, and card fraud losses decreased by 21% during that same period. However, "card-not-present" (CNP) fraud losses (fraud via online, phone or mail order purchases that do not require a physical card) increased in 2014. CNP fraud accounted for about 70% of the total credit card fraud figure of £479 million reported in the UK in 2014.cnp-fraud

"The rise in CNP fraud needs to be put in context," Andrew Horne, a spokesman for the UK Cards Association, said in an emailed response to questions. "In 2014, e-commerce spending in the UK was £148 billion, meaning that for every £100 spent, only 9.2p was fraudulent."

Still, the fact remains that the majority of fraud now happens online, Peter Bayley, executive director of risk management at Visa Europe, said in an emailed response to questions. "This is where criminals are focusing their attacks, so it's where we're focusing most of our effort today and in the future," Bayley said.

According to a June 2014 report for RSA, a US computer and network security company, the switch to chip-and-PIN cards caused CNP fraud to rise. The report states that CNP fraud grew by 79% between the chip cards' introduction in 2005 and the peak of CNP fraud in 2008.

Merchant protections
"We encourage merchants to think about the level of risk they are comfortable with, and then act to put in place the right technologies and processes to meet this level," Bayley said. "As a merchant, the best first step is to talk to the bank that provides you with your payments technology."

Bayley said his company works with others in the industry to provide detection and benchmarking tools. "We've made it easier for merchants to access their fraud data from their payments provider," he said.

According to Horne, the industry is making some progress in combating the problem but they need to keep it up.

"The continued promotion and growth in use of [3D secure] systems, such as Verified by Visa [VbV], MasterCard SecureCode and American Express SafeKey, along with use of sophisticated fraud screening detection tools by retailers and banks are key to the industry detecting and preventing remote purchase fraud," Horne said. 3D Secure is an additional fraud prevention layer that allows consumers to create and assign passwords to their credit cards to verify purchases.

But criminals keep coming up with new tactics and schemes themselves, so continued vigilance and investment in security solutions is vital.

"In recent years, our investment has built tools that make it safer to shop online and tackle CNP fraud including [VbV]," Bayley said. "Now we're evolving VbV again, making it risk-based. This makes it more consumer and merchant friendly while maintaining its fraud prevention power."

How you can protect yourself
Even as merchants and banks are stepping up defences, there are steps you can take yourself to minimize the chance of becoming a victim. First, get to know the common ruses, which include fraudsters tricking cardholders into giving out personal financial information over the telephone.

Criminals pretend to be bank officials, police or other trusted organisations and claim the cardholder's account is at risk for fraud, then request the PIN and other card details to "rectify the problem". Then, Horne said, the criminals use the information to shop by phone or online.

Your first step in protection is to ensure your sensitive information isn't available in public places, such as on the Internet, Horne said. One way to do this is to use only websites that start with "https" -- the "s" stands for secure. Often, these sites will also have a little padlock icon in the address bar as well. Also remember to keep your computer up to date with the latest anti-virus software.

If you get an email or phone call claiming to be your bank or other organisation asking for card details, do not give them over right away. Instead, tell the caller you'd like to call your bank or issuer yourself and speak with someone you know works for the organisation. Do not call right away, as the fraudster can remain on the line and intercept the call. Use a different phone, or wait a day before calling.

If it's an email, simply call the organisation the email is supposedly from and ask why they need your details. Remember, a legitimate source will tell you why you need to give your details, and will likely have you log on to a secured site to deal with any issues. If it's a phone call, the caller should ask you to verify your identity by asking for other information, such as a mother's maiden name or date of birth, rather than just asking for details right away. You may have even set up these security questions yourself.

See also: 6 ways to reduce your risk of financial fraud, Old-style scams increasingly used by fraudsters 

Published: 21 April 2015