Credit card fraud rates are rising, and while bad behavior will never go away, research from Security.org shows that some progress is being made.
More of us are being hit more often. The number of victimized Americans is 65%, up from 58% YOY. That’s more than 150 million people. Close to half (44%) reported two or more fraudulent charges. That’s up by more than 25% since 2021.
The median fraudulent charge is up by 27% to $79. That’s roughly $12 billion in attempted fraudulent charges. One in eight had a fraudulent recurring charge from the same merchant.
Why fraud rates are up
An apparent reason for these gains is because we’re simply transacting more online, Security.org’s senior editor for industry research Corie Wagner said. More than half (51%) of all retail actions are done with credit and debit cards, double the cash rate. It’s also happening because it’s profitable.
The increase in online shopping is another reason. Since 2021, one forecaster has it up 13% from 2021, reaching a record $1 trillion.
Many of us keep getting ripped off because we’re patsies; our online habits are horrible. We’re getting better at avoiding public WiFi, but 42% still use it, down from 55% a year ago. Unsecured networks are dangerous, especially for those who keep their financial information on their devices.
“You are putting your information at a great risk for people who should not see that information to see it pretty easily,” Wagner said.
Perhaps law enforcement would take stronger action if they knew the problem’s prevalence, but they don’t. Only 10% report their losses to the police. When they do, the average sum reported is $400, five times the median fraudulent charge.
More people taking fraud prevention steps
The message is slowly kicking in, Wagner said. Fewer of us use the same password for multiple accounts, down 12%. Use a password manager that generates a unique password for each account. Many are free.
Victims are likelier to use multi-factor authentication or facial recognition to access online credit card accounts. Most get their money back once they notify their bank; 28% get it immediately.
But the bad habits endure. Many people, including victims, use the same card for everyday spending and autopay accounts. This is troubling because that means card numbers are stored in multiple places. If the data is stolen, it also means updating more accounts because of one breach.
Popular fraud techniques
There are a few places where fraudsters especially like to lurk, Wagner said. Many recurring charges are linked to gas stations. That environment, where we swipe outdoors, makes adding skimmers to the pump easy. Most won’t even notice it. Adult and gaming websites are also popular.
Phishing continues to evolve. One recently exposed scam includes a network of realistic-looking but fake websites and credit card numbers purchased on the dark web. It builds on the scam that lures people to what looks like the real corporate website, but the address is slightly off.
Phishers often send messages that look like they’re from a trusted source but contain malware or a link to a fake site. Some urgent action the victim needs to take is highlighted. Scammers rely on the resulting sense of haste to complete the theft.
Recurring charges can be hard to spot but can be addressed through diligence. Scammers schedule small, recurring charges similar to the rates for subscription services and renewable payments like utilities. The hope is the average person doesn’t notice. If they don’t, larger thefts may be attempted.
Steps to take
Luckily, more folks check their monthly statements. Look closely, especially at the expenses from unfamiliar merchants. Don’t store information on browsers or websites; only let Google or PayPal “remember” your number.
Register for alerts, Wagner advised (59% do). Credit card providers can send suspicious transaction alerts to your email or phone. You can also receive notifications listing every purchase made with your card. Among those with activated alerts, 38% were notified of attempted fraud within seconds, nearly 10 times the rate of those without notifications.
Using Apple Pay or Android Pay is effective because merchants cannot see financial data. Two-factor authentication is also required on such accounts. Use identity theft protection services that keep track of credit and PII.
The jury’s out on virtual cards
Might virtual cards help reduce fraud? Maybe, maybe not, Wagner said. On the positive side, there isn’t a physical card to steal or lose.
“But that’s not usually how fraud happens,” she noted.” If people can access the number, you’re still at risk for credit card fraud. We’ll have to wait and see how that impacts the level of fraud.”
Tony is a long-time contributor in the fintech and alt-fi spaces. A two-time LendIt Journalist of the Year nominee and winner in 2018, Tony has written more than 2,000 original articles on the blockchain, peer-to-peer lending, crowdfunding, and emerging technologies over the past seven years. He has hosted panels at LendIt, the CfPA Summit, and DECENT's Unchained, a blockchain exposition in Hong Kong. Email Tony here.