Credit card fraud remains the most common type of identity theft in the U.S., accounting for over 40 percent of all identity theft reports. A total of 271,823 cases were reported in 2019, more than doubling from the numbers reported in 2017. You feel violated. Anger.
There’s anger. For me, there’s anger. Some of the other people I talked to are afraid. I just get mad. I get mad. Somebody some clown stole from me. This is big business. These are organized crime rings that are behind the vast majority of this fraud and their operations are industrialized, they’re automated.
The Federal Reserve Bank of Atlanta estimates that over 75 percent of consumers in the U.S. have at least one credit card and that card fraud losses in the U.S. amounts to a little more than a dime for every one hundred dollars they spend. We really do have a big problem in the U.S. We are big targets. And part of it is because we let our guard down and we’re not quite as secure with our payment information because we like convenience.
Our estimate was that at the end of 2020, the U.S. was seeing about 11 billion dollars’ worth of loss due to credit card fraud. The vast majority of that is online. So why is credit card fraud so hard to stop in the U.S. and how detrimental is it to the U.S. economy?
HOW CREDIT CARD FRAUD WORKS?
Credit card fraud occurs in one of two ways: card present or card not present. For years, card-present frauds were the most popular type of card frauds where perpetrators were presenting stolen or counterfeit cards in order to make a purchase.
Most credit card fraud nowadays, however, are card-not-present, usually involving online or over-the-phone exchanges where physical card doesn’t have to be presented. Card-not-present fraud is very easy to commit. So all you need to do is make a fake identity and steal a credit card number and you’re in business. Then you can start committing card-not-present credit card fraud.
If you’re going to commit fraud in a card-present world, you need to get something that can duplicate a card, you have to buy the plastic, you have to learn how to copy that chip. It becomes very complicated. Whereas, card-not-present fraud, you know, even kids can do it. It’s so easy. There are numerous ways that criminals can gain access to your credit card information.
It can be as simple as looking over your shoulder while you’re making a purchase or as complex as a massive hacking operation like the 2017 Equifax security breach that involved more than 200,000 credit card numbers. To make matters worse, criminals are getting smarter and higher tech every year. The Dark Web and cryptocurrency has essentially provided a platform for all the different pieces of the fraud ecosystem to interact and grease the wheels.
Equally vulnerable re all of the small businesses. Your local pizza chain or your dentist. All of these people that are also collecting your payment data, you know, they don’t have necessarily these big I.T. departments to make sure that their infrastructure is secure. And actually, the organized crime rings love to pick on these little guys where you can get 2000, 5000 card numbers with a single breach. Criminals, however, aren’t the only ones responsible for credit card fraud.
In recent years, companies have seen a massive increase in what’s known as friendly fraud. That’s fraud committed by ordinary consumers out of a mistake made possible by the rise in e-commerce designed to make purchasing easier than ever. Companies like Google and Apple and iTunes, 80 percent of the fraud that they see is actually this friendly fraud. So it’s where consumers are just calling in. They don’t necessarily recognize the transactions.
These could be transactions performed by accident or even by their children without the cardholders’ knowledge. Should that be considered fraud and who is liable for the cost? That is a huge problem that the industry as a whole is facing is what are we going to do about all this friendly fraud?
COST AND REGULATION
According to the most recent Nielsen report, payment card fraud losses reached nearly twenty-eight billion dollars worldwide. The United States alone is responsible for more than a third of the total global loss, making America the most card fraud-prone country in the world. Part of it is that we are a very rich country, and part of it is because we let our guard down and we’re not quite as secure with our payment information because we like convenience.
The economic cost of card fraud goes far beyond the cost of legally purchased merchandise. Businesses often spend millions to protect themselves from fraud, buying software, and hiring security experts to monitor transactions. Fraud is kind of like an arms race. Whatever technology is being implemented, the fraudsters will eventually figure out a workaround so you have to be constantly investing in those technologies and that is the cost of doing business. And in fact, there’s a bunch of different companies out there that estimates anywhere between 10 to 20 cents out of every hundred dollars is spent on fraud prevention tools and filed lawsuits.
When a card fraud is identified or reported, what kind of fraud was committed determines who is responsible for the chargeback. For card-present, it’s usually the bank that has to bite the bullet. However, with more prevalent card-not-present crimes, it’s the merchant that’s responsible for the chargeback. Unfortunately, this includes small businesses that might not be able to afford such a loss. Chargeback fees can often range from $20 to $100 per transaction in addition to the cost of product or service.
So for a big business, they can absorb a loss, even a pretty significant loss. So if I have $10,000 worth of fraud in a month, big company might go “Ouch”. You know, it might hurt their bottom line, but it really won’t affect the business that they have. If a small one-shop business or a restaurant all of a sudden has a $10,000 loss, that could be the difference between making payroll and not making payroll for that company. There are several regulations designed to protect consumers from incidences of credit card fraud. The Fair Credit Billing Act allows consumers to dispute any charges in their statements.
The Electronic Fund Transfer Act and Truth in Lending Act, more commonly known as regulations E and Z, are also designed to protect consumers from fraudulent charges and potential billing errors. The amount was fourteen thousand and some dollars, it was a big amount. I didn’t lose one penny. US bank did everything right, including denying all the fraudulent transactions so they were attempted but the transactions never went through.
I didn’t lose anything. However, experts say there just aren’t enough regulations protecting small businesses from chargebacks caused by fraudulent transactions. Small businesses, they don’t have these robust fraud operations. They generally can’t afford really expensive technology that can help assess the risk of fraud and how to control it. These are folks that just stood at the forefront and they want to sell their stuff. Experts contend credit fraud is such a difficult problem to solve in the United States for two reasons.
WAR AGAINST CREDIT CARD FRAUD
The first issue is that credit card thefts often go unreported, uninvestigated, and unpunished by law enforcement. Small businesses rarely get law enforcement involved as they rarely succeed in catching the criminal. Big businesses also don’t report it out of worry that it would reflect them in a bad light. And a lot of card frauds go unnoticed by consumers after banks automatically clear bogus charges.
The reality is it’s so common and it’s so cross-jurisdictional that it becomes a very difficult thing for law enforcement to actually go after unless it’s, you know, a very, very large fraud ring that you can demonstrate has done severe damage. OK, then it’s worth putting together a multi-jurisdictional sort of task force and going after them. When the fraud happened, I contacted the one person in the FBI that I knew and we did trade a couple of emails back and forth. I packaged all that stuff up and sent that off. He said, we’re going to send that to Florida, to our office in Florida. So he forwarded it to Florida. That was it. That was it. That’s the last I heard. That was it.
The sad fact is, if you’re a credit card fraud victim or an identity theft victim, you are on your own. There’s not a human being, there’s no law enforcement agency on the planet that’s going to help you. And so that’s just the way it is and that needs to change. When asked for comment, the FBI said they look into each reported complaint and diligently work to investigate fraud. However, they do not comment on specific investigations.
The other issue is banks and big businesses who are most capable of initiating change have no incentive to eliminate card frauds forever. For companies like Visa and MasterCard, they make a lot of money off of the transactions. And, you know, I mentioned the fees that merchants will pay around fraud. There’s a lot of companies that make money off of fraud.
So when fraud happens, it increases their bottom line. So the players that might actually solve the problem are not necessarily financially incanted to solve the problem because they have a revenue stream that they don’t want to disappear.
In response to these claims, MasterCard said the company invests in technologies, processes, and expertise to prevent, detect and resolve potential threats. Visa said it is focused on maintaining the integrity of the payment network through A.I. technology and that merchants and banks only incur fees from fraudulent transactions if they cannot meet standard thresholds for fraud prevention over time.
The problem, however, is getting worse, Nielsen report estimates that card fraud losses could climb above 40 billion dollars worldwide by the year 2027. The Covid-19 pandemic is also playing a major role in the explosive growth in card fraud activity. So the attacks are currently not being successful, but the number of attacks has increased. What happens in every economic downturn, though, is that the attacks do start to become more successful. And so over the next two to three years, I fully expect credit card fraud numbers to increase in a pretty meaningful way.
Most companies are looking toward technological solutions to solve credit card fraud, like machine learning or the EMV chip. The effect of the chip is that it makes point-to-point fraud, physical fraud much harder to perpetrate because it’s an encrypted communication. While some European countries have mandated a multi-authentication, system known as 3D secure that has shown promising results, chances of seeing it in the US is slim.
In America, we are the one-click buy, we-want-everything-now-super-convenient. And so our tolerance for adding friction to the checkout process is very low. There’s a lot of fear that it’s going to be way too much friction and people are going to abandon shopping carts and not know what to do. U.S. consumers are notoriously averse to friction. And so I just don’t see that we’re going to see any sort of mandate like that happen here anytime soon.
Advisers believe that educating consumers and collaboration between merchants, issuers and shoppers are two vital steps in combating card fraud. Consumer awareness is certainly helpful. So just having basic practices like keeping an eye on your bank statements, checking it out once a week, make sure there are no unauthorized purchases.
Having the awareness that having the same set of usernames, passwords across all of your online relationships is not a good idea. However, most experts also agree that the US is far from ending card fraud. Ok, here, let’s be depressing for a second. I don’t see it being solved under the current construct. As long as there’s data breaches, there’s going to be fraud being perpetrated and that data being monetized somehow.
Now I can imagine scenarios where the way fraud is being perpetrated changes dramatically. And so it may look very different. But, you know, as long as money is being transferred digitally, it’s going to be trouble.