Tim Maxwell Bankrate.com
WWR Article Summary (tl;dr) As Tim Maxwell reports, "Since banks and credit card issuers absorb much of the financial liability of credit card fraud, they have a vested interest in preventing fraud before it happens. Consequently, they’re beefing up their security networks to combat credit card fraud head-on."
Credit card fraud ranked as the second most common form of identity theft in 2020, according to the Federal Trade Commission (FTC), trailing very close behind government/benefits fraud. The agency fielded 393,207 reports last year, up 45 percent from 271,823 in 2019, from consumers whose credit card accounts were compromised or who had new lines of credit opened in their name.
While statistics like these may fuel consumer fear of credit card fraud, cardholders can take comfort in the fact that the major credit card networks — Visa, MasterCard, American Express and Discover — offer $0 liability protection. That means you won’t be on the hook for purchases you didn’t make if you’re a victim of credit card fraud.
Consumers can also be assured their banks or credit card issuers are improving security measures as well. Since banks and credit card issuers absorb much of the financial liability of credit card fraud, they have a vested interest in preventing fraud before it happens. Consequently, they’re beefing up their security networks to combat credit card fraud head-on.
No matter which network your card relies on, you can be reasonably assured that it’s safe, with loads of security built-in. Not to mention, your card issuer will likely shore up any security gaps through their own fraud prevention measures.
Let’s take a look at what credit card networks do, how they are working to fight against credit card fraud and how you can help protect yourself against fraud.
What Are Credit Card Networks? A credit card network is the infrastructure that works behind the scenes to process credit card transactions. When you use a credit card to make a purchase, it’s the credit card network that works in the background to help the store accept your payment and collect the funds from your card issuer, who then bills you for the charge.
There are four major credit card networks: Visa, Mastercard, American Express and Discover. Visa and Mastercard don’t issue credit cards directly to consumers. Instead, they work with banks, credit unions and other financial institutions that distribute the cards to consumers. When you pay your credit card bill, you pay your card issuer, like Chase or Bank of America, not Visa or Mastercard.
By contrast, American Express and Discover are credit card networks that also act as card issuers. These two companies generally—but not exclusively—issue cards directly without using a third party.
Visa The Visa credit card network uses what they call Visa Advanced Authorization to fight fraudsters looking to make purchases in your name. This anti-fraud detection system uses artificial intelligence (AI) and machine learning to analyze hundreds of pieces of data for risk whenever a transaction takes place.
Here is a small sampling of the many risk attributes Visa Advanced Authorization seeks to identify in roughly a millisecond: —Type of transaction: Mobile, online, contactless, chip or magnetic stripe —Geo-location: Is your phone pinging in one location while your account is being used for a transaction in another area? —Spending history: Is the transaction in line with the cardholders spending patterns? —Unusual circumstances: Is a transaction occurring at an odd time of day for a significant amount of money?
After analyzing all available data, the system produces a risk score that indicates the likely probability of fraud—a risk score of one represents the least risk, while a score of 99 indicates the most risk.
The Visa network sends the risk score to the cardholder’s financial institution, which decides whether or not to approve the transaction. According to Visa, their authorization system is so effective in spotting suspicious transactions that their global fraud rate—less than 0.1 percent—is now two-thirds less than it was two decades ago. The sharp decline is impressive because transaction volume has gone up over 1,000 percent during the same time frame.
Mastercard Like Visa, Mastercard prioritizes identity verification in combating credit card fraud. The company’s centerpiece for authentication is the Mastercard Identity Check program, which uses their EMV 3D-Secure 2.0 technology. EMV 3D-Secure is an industry-standard for helping merchants and card issuers authenticate card-not-present transactions.
The program’s primary purpose is to help merchants and their banks assess risks and ensure legitimate transactions in real-time. Through AI and machine learning, the system checks over 150 transaction variables to help an issuer make an informative decision to approve or deny a transaction. The variables Identity Check includes demonstrate just how far user authentication has come. Identity Check looks at screen brightness, user gestures, transaction history, and insights from the merchant and the card issuer to authenticate a payment.
If the transaction requires additional authentication to protect the buyer, Identity Check may employ biometrics—fingerprint or facial recognition—or a single-use password.
Mastercard, like the other credit card networks, also uses an EMV chip and secure tokenization system. An EMV chip is the square metallic chip on the front of your credit cards and debit cards. The chip reduces fraud by providing a unique code each time you make a purchase. Since the security code is unique for every purchase, it’s much harder for a thief to use the card to commit fraud.
EMV compliance law, enacted in October 2015, requests all U.S. merchants to update their payment systems to accept EMV cards, or they may be potentially liable for credit card fraud that originates at their business. Until recently, Mastercard required cardholders to keep their account in good standing to enjoy $0 liability coverage for purchases made on its network. Thankfully, the company has removed that restriction and now offers cardholders complete protection. Note that most card issuers require cardholders to notify them within 30 days when fraud occurs in order to receive $0 liability protection.
American Express American Express also uses a multi-layered approach to protect consumers from fraud.
The company uses EMV chips on their chip and pin cards to provide a one-time encrypted code to verify your account information instantly. Thieves cannot make a counterfeit copy of your card since a unique code is generated each time you insert your card.
Card identification numbers (CIDs) are credit card security codes that add another layer of security. Your CID consists of four digits printed above your account number on the face of your American Express card. Even if a thief has your credit card number, they won’t be able to authorize online or other card-not-present transactions without the CID.
According to American Express, their network facilitates $1.2 trillion in transaction value each year. To facilitate safe transactions, they use fraud protection that analyzes numerous variables for risk in real-time. As both a credit card network and issuer, American Express directly provides payment services to cardholders and merchants. With few exceptions, they do not use third-party banks like other card issuers, which means they have more access to essential data to help them identify and prevent questionable transactions.
Discover Like the other three credit card networks, Discover’s network uses EMV chip tokenization, CIDs and AI-powered user authentication analysis to ensure transactions are coming from the account holder.
Recognizing that fraudsters are migrating to card-not-present transactions, due in part to the positive impact EMV technology is making in the card-present space, Discover is focusing its efforts on online credit card transaction security.
Discover’s primary weapon against fraudulent credit card activity online is ProtectBuy, which the company describes as a Three Domain Secure (3DS) customer authentication solution. With Three Domain authentication, the merchant, network and issuer join together in a secure pipeline to validate a purchaser’s identity during an online transaction.