Credit Card Fraud: How Common Is It?

Estimated read time: 6 minutes

There are more than 469 million open credit card accounts in the U.S., and the average American has about 2 cards. That's a big field for potential scammers. Should you be concerned about credit card fraud?

Credit card fraud is frighteningly common

In 2016, the number of identity fraud victims in the U.S. hit a record high of 15.4 million, and credit card fraud accounted for 32.7% of that. It's estimated that the overall cost of these types of fraud is $16 billion.

If you have a credit card, you've probably been a victim of credit card fraud at least once. If you haven't been victimized, your turn is probably coming.

It's not the muggers

Why is there so much credit card fraud? It's not the muggers stealing your purse or wallet. In the "old days" a thief had to steal your physical credit card and use it to buy things. When this happened, most victims realized it right away.

If your purse or wallet were stolen or if your home was broken into, you would quickly notify the credit card companies, and they would cancel your cards. Sometimes the cards were shut down before a thief even had a chance to use them. But it's a brave new world, and there are new types of thieves running about.

    These are the major sources of credit card fraud.

  1. Brick and Mortar Hack:

    Malware is remotely installed on a point of sale system.

  2. Processor Breach:

    The network that processes transactions between the credit card issuing bank and the merchant bank is compromised.

  3. Vendor Point of Sale Hack:

    The company that sold the point of sale terminal is hacked, not the merchant where the terminal is in use.

  4. E-commerce Merchant Hack:

    All that online shopping is a boon to credit card thieves. An online retailer's database or website is breached.

  5. Phishing Scams:

    You get an official looking or sounding email or phone call asking for your account number. You hand over the number, and you've been phished.

  6. Skimmers:

    A physical device is attached to things like ATMs and gas pumps, and it reads your card and PIN.

  7. Employee Theft:

    When you hand your credit card to an employe at a business, they copy the card number. In more sophisticated cases, they have a device that can make a duplicate of your card.

  8. Data Theft:

    An entity (bank, government agency, Equifax!) don't properly protect consumer data and it's stolen.

You can see why "good old fashioned" credit card theft has fallen out of favor. You know instantly (or almost instantly) that you're purse or wallet has been stolen, but it can take days or weeks to notice that your card has been compromised through any of these newer methods of credit card fraud. By the time you notice, a thief could have charged thousands of dollars on your card.

You're not on the hook

Don't panic if your card is compromised. As long as you take the correct steps right away, you will bear little to no financial responsibility for any charges you did not make or authorize.

There is a federal law in place to protect consumers from credit card fraud. The Fair Credit Billing Act (FCBA) mandates that consumers can't be held liable for any charges if the theft of their card is reported before any fraudulent charges are made.

Well that's great if you're mugged, but most credit card fraud doesn't happen that way! Don't worry. If your card is used before you report it stolen, you could be responsible for up to $50 in charges but no more. If the charges are made without your card being physically present, you will have no responsibility.

The rules for debit cards are different. If you report the card stolen within two days, your maximum responsibility is $50. After two days, you could be responsible for as much as $500, and if you wait 60 days before reporting your card stolen you could be held accountable for all of the fraudulent charges.

I wouldn't worry about the worst case scenario for the theft of your credit or debit card. I've been the victim of both.

The first time was on a credit card. My guess is when a server took my card away to charge drinks in a restaurant, she copied the card or took a photo of it or whatever her scam was because the friend I was with had the same thing happen to the card she used for her drinks.

The second was on my debit card (much scarier!). I don't know how my card number was stolen, but it was probably sold on the dark web because I was getting charges in Africa (for school fees) and China (for a teddy bear and flowers from a florist).

The credit card fraud I did not notice for a few days. The debit card fraud I caught right away because I check my bank account more often than my credit card accounts. Both times I called up the credit card company and bank, explained what happened, answered a few questions, and that was it.

I did have to take one additional step with the debit card fraud. I had to E-sign an affidavit stating that I did not make nor authorize the charges I was disrupting.

In both cases, I was not liable for one cent of any of the charges.

What can you do to stay safe?

While you're unlikely to be held liable for any charges that occur when your credit or debit card is stolen, you still want to take steps to avoid it. It's a hassle, especially for the debit card. Not only will you not have access to your cash for a few days, whatever amount of cash is missing due to the fraud will not be returned to you for a few days, too.

This means you could bounce checks or be late on bill payments. Or your credit card company or bank could decide to play hardball for whatever reason and hold you accountable for as much as they're legally allowed to.

Your best defense is to regularly check your credit card and bank statements. You no longer have to wait to get a once a month statement. You can go online or call the number on the back of the cards and get a transaction history. The second you realize there are fraudulent charges, call and notify the credit card company or bank.

Your next best defense is never to use a debit card. For the most part, when there is fraud on your credit card, it's the bank's problem. But when you're hit on your debit card, you're the one with the problem. The second that debit card is swiped, woosh! The cash comes out of your checking account. Even if the bank reimburses every cent, it can take time and you're stuck with no cash in the meantime. Use a credit card as often as you can (while staying on budget of course!).

Shred any documents that have your account numbers on them. When you get a new card, you should shred the old one.

Do not give out your account numbers via email or the telephone no matter how "official" the email looks or the person on the other end of the phone sounds. There is no legitimate reason for getting such a request.

Don't shop online unless the merchant's site has a little padlock on the far left side of the search bar. This means the site is secure, or at least as secure as it can be.

Don't use obvious passwords or PINs. I know it's hard to remember all those different passwords and PINs, but you can use something like a random password generator to make a password for you and a secure password manager site to hold them.

Card skimmers can be hard to detect, but if something about a terminal where you would swipe your card looks fishy, don't use your card. Another good trick is to cover the PIN pad when you type in your PIN. Some scammers will install tiny cameras above ATM terminals to record you punching in your PIN.

Things are improving

The 2013 Target data breach cost the company $252 million, only $90 million of which was covered by insurance. Credit card fraud is a pain for consumers, but it's like an amputation without anesthesia for retailers and banks.

Therefore, those who accept credit card payments, those that process them, and the banks the charges are drawn from have a vested interest in improving credit card security.

America finally made the leap to chipped cards that Europe made years ago, and those chips provide a layer of security cards with magnetic strips didn't have because the chip encrypts each transaction.

Unfortunately, we have not yet made the full move to chip and PIN cards as, again, Europe has had for many years. American cards are almost all chip and signature. If they were chip and PIN, it would add another layer of security.

Eventually such futuristic technologies like biometrics, multi-factor authentication, and dynamic CVV (the three digit code on the back of your credit cards) may be introduced to secure credit cards further.

But until then, it's mostly down to us consumers to protect ourselves from fraud. Stay safe everyone!