The latest biennial report from the Bureau of Consumer Financial Protection found that the total number of credit card accounts and enrollments in associated online services continue to increase. In fact, more than 75% of U.S. consumers now own credit cards. This trend was especially prominent in 2017, when the number of new card accounts activated came close to pre-recession numbers. In the third quarter alone, U.S. consumers opened 91.6 million new accounts.
Unfortunately – yet unsurprisingly – increased credit card usage has resulted in higher rates of credit card fraud, according to a recent report from the Federal Trade Commission. The report found that in 2017, credit card fraud rates increased by 23% over the previous year. Additionally, credit card fraud topped the list of identity theft complaints received last year. This continues a steady, multiyear rise in credit card fraud, which has been growing in frequency and severity since 2013.
The introduction of EMV chip cards has made a dent in “card-present” credit card fraud, in which a fraudster physically presents a counterfeit card to a merchant in person. While this is obviously a positive development, it unfortunately has had an unintended consequence – an increase in “card not present” (CNP) fraud. According to a recent report from Javelin Strategy & Research, CNP fraud was 81% more prevalent than card-present fraud in 2017. Additionally, account takeover (ATO) fraud continues to grow, tripling over the past year to reach a four-year high. ATO occurs when a fraudster poses as a legitimate customer, gains control of an account and then makes unauthorized transactions. Total ATO losses in 2017 reached $5.1 billion, a 120% increase over 2016. As fraudsters largely commit ATO fraud via phishing or malware schemes, EMV chips also cannot prevent this type of fraud.
Who is paying for credit card fraud?
Despite the alarming rise of credit card and ATO fraud, which does not appear to be slowing down anytime soon, the average U.S. consumer lost a median of only $429 from credit card fraud in 2017. In fact, 79% of those who experienced credit card fraud did not suffer any financial loss whatsoever. The question naturally follows – who is paying for this rampant fraud if not the consumer?
The answer: financial institutions. Global credit and debit card fraud resulted in losses totaling $21.84 billion in 2015. Card issuers and merchants incurred 72% of those losses, or almost $16 billion. While the adoption of EMV chips has cut out a solid chunk of card-present fraud, as described above this has unfortunately resulted in the rapid rise of CNP fraud. Clearly, EMV chips alone are nowhere close to sufficient for preventing fraud, and financial institutions must look to other methods to reduce the impact on their organizations.
Financial organizations should, without question, implement technology safeguards and cybersecurity best practices in order to reduce the impact of credit card fraud. While crucial to preventing fraud, these strategies alone will not wipe out credit card fraud. Underscoring the particular challenges that financial institutions face, 30% of all data breaches result in some form of credit card fraud – but less than 10% of breaches actually occur at financial organizations. The majority of the time, the financial organization is not responsible for a breach, but will nonetheless be liable for potentially massive damages stemming from resulting credit card fraud.
The point is, no cybersecurity investment can completely eliminate fraud – that’s just the world we live in. However, financial organizations can implement programs and services that can help to identify and stop fraud before it can cause significant damage. The earlier that credit card fraud is caught, the sooner financial organizations can take action to remedy the situation. This also ensures that identity thieves have less time to rack up charges using stolen information, which is critical as it can reduce the costs ultimately incurred by the associated financial organization.
As you might hope, the vast majority of credit card issuers already have fraud prevention services in place that monitor for and alert customers about suspicious activity on their existing accounts. In fact, most credit card companies and banks can now detect certain types of fraud almost immediately. However, many financial institutions lack monitoring services that alert customers about new accounts opened in their names. This is especially troubling as the specter of synthetic identity fraud looms ever larger.