Research and Statistics

Study: Card fraud shifts online


Consumers need to change their defenses, too

The content on this page is accurate as of the posting date; however, some of our partner offers may have expired. Please review our list of best credit cards, or use our CardMatch™ tool to find cards matched to your needs.

Fraud shifts online

Fraudsters are shifting their tactics in the face of new card security measures – but consumers can fight back to protect their accounts with tactics of their own.

Those are among the conclusions of the 2017 Identity Fraud Study from Javelin Strategy & Research released this week. The study examined fraud on payment cards and other types of consumer accounts.

Despite the rollout of EMV chip cards, fraud increased in 2016, Javelin’s annual survey found. The number of fraud victims jumped to a new record of 15.4 million, affecting 6.2 percent of U.S. consumers.

In dollar terms, fraud losses were up a relatively modest $700 million to $16 billion.

“After five years of relatively small growth or even decreases in fraud, this year’s findings drive home that fraudsters never rest,” Javelin Research Director Al Pascual said in a statement, “and when one area is closed, they adapt and find new approaches.”

Here are the findings, and security experts’ countermeasures:

This year’s findings drive home that fraudsters never rest, and when one area is closed, they adapt and find new approaches.

\u2014 Al Pascual
Javelin Strategy & Research
  • Card-not-present fraud jumped 40 percent.
    A typical card-not-present fraud is an online transaction. The jump in online fraud was expected: As chip cards raised protections for in-store transactions, crooks shifted to online sales.

What to do: Only use your cards on trusted sites, checking for a secure “https” connection and correct web address, to protect your card number. Register to receive text alerts about transactions in your bank account or credit card accounts, so suspicious transactions will raise red flags immediately.

  • Account takeover incidents rose 31 percent.
    That represents a rebound, as takeovers declined to a low in 2014. Takeovers were among the mostly costly and time-consuming frauds, averaging $253 in costs for affected consumers.

What to do: Guard your birthdate, address and other sensitive data online, particularly on social media. Register for text alerts to signal you about password changes, and sign up for credit report monitoring that will generate alerts of change-of-address attempts.

  • New account fraud held steady.
    In this type of fraud, criminals use your identity to open new accounts. Detection slowed, with many consumers discovering the breach only after checking their credit report or being called by a debt collector to pay the unauthorized bills.

What to do: Guard your personal information online, make sure only friends can see your profile. Set up credit report monitoring with alerts to detect new account fraud. Halt the damage quickly by calling the supposed creditors and putting a fraud alert on your credit report, blocking further attempts to use your identity.  

Free credit tools for consumers
Credit card users “are increasingly worried about identity theft, and feel powerless to do anything about it,” said Pranav Khanna, vice president of U.S. cards at Capital One. By using alerts to monitor transactions and changes on the credit report, “They can get peace of mind.”

Monitoring changes on your credit report does not have to involve paying for a costly credit monitoring service. Most major credit card issuers now provide free credit scores, with varying degrees of detail about changes on the credit report. An unexpected change in credit score by itself can alert you to unauthorized accounts, as your overall credit profile changes, Khanna said.

Often detailed alerts are available. Capital One’s CreditWise, for example, gives cardholders email alerts about new credit inquiries, new account openings, changes of address, accounts going into collections, and bankruptcy filings, Khanna said. Other companies, including Discover and Experian, offer free credit score access to noncustomers.

Card issuers have much to gain from cutting fraud losses, which they generally absorb. At the credit bureau Experian, 1 in 4 fraud complaint resolutions involves credit card accounts, said Michael Bruemmer, vice president for consumer protection.

Online consumers suffer more fraud
The Javelin survey, which polled 5,028 adults during November 2016, also examined activities that put consumers at risk of fraud.

Offline consumers, who do little social networking or online shopping, had the lowest risk, Javelin said. However, offline consumers had a blind spot: They were slower to catch fraud when it did occur. It took them more than 40 days to detect a problem, allowing losses to mount.

Frequent e-commerce and mobile commerce shoppers had higher risk of fraud on an existing card. They also caught problems the fastest, however, with 78 percent detecting fraud within a week.

Social network users who shared their personal information, but do little online shopping, had a higher risk of account takeover fraud. Personal details of the sort shared online can be used to overcome security measures and win victims’ trust, Javelin said.

LifeLock Inc., a company that sells ID protection services, funded the study, but was not involved in conducting it or analyzing the results, Javelin said.

\u2018Customers need to be educated’
Giant data breaches aimed at millions of credit card accounts, such as the Target breach in 2013, are less common, but hackers are focusing on softer targets, said Brenda Brigman, leader of payment card industry compliance at CBIZ Security & Advisory Services. Smaller merchants have less resources to devote to security, while individual consumers are also vulnerable to malware, fake email and malicious sites that can extract passwords and other sensitive data.

“Customers need to be educated,” Brigman said. While shoppers wish to be protected by the companies they deal with, “The best defense is a layered defense. The company and customer work together.” Companies are increasingly issuing one-time codes or “tokens” that allow transactions to complete without exposing a customer’s actual card number. In turn, consumers should use account alerts and credit report monitoring, and react quickly to suspicious activity.

See related:Card fraud and ID theft statistics

Editorial Disclaimer

The editorial content on this page is based solely on the objective assessment of our writers and is not driven by advertising dollars. It has not been provided or commissioned by the credit card issuers. However, we may receive compensation when you click on links to products from our partners.

What’s up next?

In Research and Statistics

CFPB levies $13 million in penalties for RushCard outage

UniRush LLC and Mastercard failures in botched system conversion amount to breach of consumer protection law, agency charges

See more stories
Credit Card Rate Report
Cash Back

Questions or comments?

Contact us

Editorial corrections policies

Learn more