Account management

As online fraud spikes, here’s how to safeguard your accounts


Protect your devices with strong passwords. That’s just one step you can take to reduce your risk as e-commerce fraud soars

The content on this page is accurate as of the posting date; however, some of our partner offers may have expired. Please review our list of best credit cards, or use our CardMatch™ tool to find cards matched to your needs.

They’re the red flags of fraud. An email from your card issuer checking to make sure you booked a stay at a resort in Mexico. A text confirming that you intended to buy another big screen TV. Bogus recurring charges showing up on your card statements.

As merchants continue to switch to chip-card readers to reduce credit card fraud in stores, thieves are increasingly turning online to conduct their crimes. Their old go-to crime – creating new cards with stolen card numbers – is in decline, since

chip cards can’t be cloned. That makes online retail stores the easiest target, and that’s where the crooks are going.

Online fraud, known in the industry as card-not-present fraud, is spiking. It has gone from $3.2 billion in 2015 to an estimated $4 billion in 2016, according to a study by Aite Group and iovation released in May 2016. By the end of 2020, card-not-present fraud is projected to cost retailers and financial institutions $7.2 billion in the U.S.

Since the switch to hard-to-clone chip cards began in 2015, online fraud attacks are up 26 percent in the U.S., according to a study by Forter, an e-commerce fraud prevention company. According to an Experian study, e-commerce fraud attack rates in 2016 are at least 15 percent higher than 2015’s total.

“We’re only seeing the beginning,” says Bill Zielke, chief marketing officer at Forter.

In the United Kingdom, where chip-and-PIN technology was adopted in 2003, online fraud climbed from 26 percent of all fraud in 2002 to 63 percent of all fraud in 2012, says Loc Nguyen, chief marketing officer at data security company Feedzai.

“Maybe we’re on the same trajectory,” Nguyen says.

E-commerce criminals likely will have even more opportunities to cash in on fraud this holiday shopping season because a higher percentage of American consumers are expected to do their Christmas shopping online.

Online sales are expected to increase more than 17 percent in 2016, according to an eMarketer report. Holiday e-commerce sales, defined as November and December sales, are forecast to jump to $94.71 billion, representing 10.7 percent of total holiday sales.

“As we start to see merchants close the EMV gap, the fraudsters will need to find potentially new places to play. That will increase the card-not-present fraud.”

“As we start to see merchants close the EMV gap, the fraudsters will need to find potentially new places to play,” says Ryan Wilk, director of customer success at NuData Security. “That will increase the card-not-present fraud.”

Despite the increased fraud risk, 29 percent of consumers say they take no action to protect their personal and financial data, a Kaspersky Lab 2015 study found. Why? They’re counting on merchant websites being sufficiently protected.

Experts say that’s like leaving your front door unlocked and your garage door open because you figure your Neighborhood Watch program will catch intruders.

If you’re in that 29 percent, there are easy things you can do to reduce the chances of online card account fraud. Just complete one of these nine actions each week until you check off all of them.

1. Protect all your devices with passwords.
Use a passcode lock on your smartphone and other devices, the American Bankers Association (ABA) advises. This will make it more difficult for thieves to access your information if your device is lost or stolen.

Only 58 percent of people password protect all their devices, and 16 percent don’t protect any devices with passwords, according to Kaspersky Lab.

2. Don’t use your birthday or pet’s name as a password.
Most passwords are poorly constructed and resemble basic PINs, according to a Salted Hash study of more than 126,000 passwords compromised during phishing attacks in 2016.

Use a combination of letters and numbers for your passwords and change them periodically, the ABA suggests.

3. Use unique, strong passwords on each website.
If a fraudster gains access to one site, at least he won’t be able to hack the rest of your online accounts, Wilk says.

4. Store passwords securely in specialized software.
Only 7 percent of consumers stored passwords in specialized security software, and 48 percent save passwords on notepads, sticky notes or even on the device itself, according to Kaspersky Lab.

Bad idea, says. Instead, the site’s tips for creating strong secure passwords suggests, “If you must write it down, hide the note somewhere where no one can find it.”

5. Use online banking alerts to protect yourself.
Monitor your financial accounts regularly for fraudulent transactions, the ABA says.

Sign up for text or email alerts from your bank for certain types of transactions, such as online purchases or transactions of more than $500. And act quickly if you get a fraud alert from your credit card issuer or bank.

6. Monitor your credit report.
Order a free copy of your credit report every four months from one of the three credit reporting agencies at

If you see something suspicious, such as an account you don’t remember opening, file a dispute with the credit bureau.

7. Verify that a site is secure before making a payment.
Don’t give out your credit card number online unless the site is secure and reputable, the FBI advises in its tips to avoid credit card fraud. One way to do this is to only use sites that have an \u2018s’ (for secure) after http.

“We’re only seeing the beginning.”

Also, when shopping online, the FBI recommends using your credit card (not your debit card), whenever possible. With credit cards, you don’t risk your bank account being emptied out and can dispute the charges if something goes wrong.

8. Implement strong privacy settings on social media.
That makes it harder for hackers to guess your passwords and security questions. Only 39 percent take that step, according to Kaspersky Lab. Thirteen percent take no action at all.

The more information you post, the easier it may be for a hacker or someone else to use that information to steal your identity, access your data or commit other crimes,” the site says.

9. Don’t shop or check your accounts on public Wi-Fi.
What if you must use public Wi-Fi? Stay out of sensitive accounts and make sure your anti-virus software is up to date, according to’s 6 important ways to prevent public Wi-Fi attacks.

With updated anti-malware and anti-virus software, you’ll be in the minority – only 20 percent of consumers keep that software current, according to Kaspersky Lab.

If you’ve checked off all these steps, security experts say you’ve closed and locked your doors, added a security system and maybe even a barking dog.

See related:10 warning signs of identity theft, New technologies, analytics to battle online fraud, Millennials most likely to fall prey to scams

Editorial Disclaimer

The editorial content on this page is based solely on the objective assessment of our writers and is not driven by advertising dollars. It has not been provided or commissioned by the credit card issuers. However, we may receive compensation when you click on links to products from our partners.

What’s up next?

In Account management

Take control of pesky recurring card charges

Automatic renewals easy to forget, sometimes hard to turn off

See more stories
Credit Card Rate Report
Cash Back

Questions or comments?

Contact us

Editorial corrections policies

Learn more