Data breaches at large companies have become all too common over the past few years. Between Equifax, Facebook and Marriott, it can seem like it’s certain your data has gotten into the wrong hands at some point.
The good news is, as data breaches become more common, credit card networks have begun ramping up their security measures. Networks, which include Visa, Mastercard, American Express and Discover, are responsible for facilitating transactions between merchants and credit card issuer banks that exchange the money, like Capital One or Chase. This means they are the first lines of defense against fraud.
Card protections from 4 major networks
As a consumer, it’s important to keep in mind that no matter which major credit card network your card comes from, you will be protected against any liability for purchases made fraudulently in most instances. Each carrier guarantees zero liability in the case of fraud.
In addition to zero liability, here’s a guide to how each of the four major credit card networks protect cardholders from fraud. See how your cards stack up.
Visa describes their security program as “a multi-layered approach designed to keep your customer data safe.”
“These security layers protect cardholder data, enhance payment system security among e-commerce and brick-and-mortar merchants and prevent fraud using a combination of cutting-edge technology and human expertise in cybersecurity and fraud prevention,” says RL Prasad, senior vice president of Payment System Risk at Visa.
Visa monitors and prevents all fraud attempts through artificial intelligence and their Payment Fraud Disruption team, but they implement additional measures based on whether transactions are made card-present or card-not-present.
Card-present transaction security relies on EMV chip technology and geolocation data. “If a cardholder is in San Francisco but a card-present purchase is being made in Idaho, the transaction will be flagged for fraud,” Prasad says.
To protect card-not-present transactions, Visa uses a combination of tokenization, which replaces sensitive card information with digital “token” identifiers during online transactions, biometric authentication through fingerprint or facial recognition and near real-time transaction alerts.
For Visa users who fall victim to individual instances of fraud, Visa works with card-issuing institutions to mitigate risk. In cases of more widespread breaches of data, Prasad says, both Visa’s Payment Fraud Disruption team and artificial intelligence algorithms work to prevent and identify criminal activity using compromised payment credentials.
Mastercard also takes a layered approach to security that focuses on eliminating fraud from the system, says Chris Reid, executive vice president of Services at Mastercard North America.
“Starting from identity verification to authorization, Mastercard’s layered approach to security identifies the right user throughout the consumer experience and across customer touch points — before, during and after the transaction,” he says.
First, “The Identity layer authenticates that the person is who the person says the person is,” Reid says. Mastercard uses behavioral biometrics to authenticate users and provide a secure environment for their transactions. This is combined with “risk-based authentication” through Mastercard Identity Check, which “provides merchants and their banks an easy way to upgrade and enhance current security solutions to determine potential risks.”
Next, Reid says, “The Detection layer predicts and prevents fraudulent behavior and malicious attacks before they happen.” Mastercard scans network activity and intervenes when there’s a large-scale attack. They also analyze transactions to improve security and make sure real transactions are approved.
Finally, “The Prevention layer secures the infrastructure against cyberattacks by protecting accounts, devices and data,” Reid says. This includes implementation of the EMV chip and a secure tokenization system.
Mastercard also sends ID Theft Alerts if they suspect fraud on a user’s account, Emergency Wallet Replacement if cards and documents are lost or stolen, and Expert Resolution Services, which helps victims navigate processes like cancelling accounts and notifying credit reporting agencies.
Fraud monitoring and prevention is part of the brand promise at American Express, says Andrew Johnson, director of corporate affairs and communications. “Our state-of-the-art monitoring tools, controls and policies help detect and prevent fraud in our operations around the world.”
“To combat the increasing sophistication and scale of fraud attacks, we use advanced, machine-learning algorithms to evaluate different data points and make fraud risk decisions on every American Express transaction, anywhere in the world, within two milliseconds,” Johnson says. “Machine learning models also allow us to delve much more deeply into understanding the unique patterns of our customers’ spending and fraudulent episodes.”
In addition to consumer prevention, American Express has partnered with merchants to detect and prevent thieves from using compromised information and integrated authentication methods to identify theft.
American Express contacts cardholders if they suspect unusual activity on an account and also offers fraud alert notifications. In the event of a major data breach, their security increases.
“When an entity that has been breached informs us which card accounts were impacted, we elevate our level of fraud monitoring on those accounts,” Johnson says.
Discover’s fraud prevention measures can be activated by all parties and allow it to alert cardholders if something goes awry with their account, says Laks Vasudevan, vice president at Discover.
“We also provide additional tools for our cardmembers that go beyond just these measures, to give them more control around the security of their account, such as our Freeze It function, Social Security Number alerts and new account alerts,” Vasudevan says.
If a Discover cardholder does fall victim to fraud, “the free alerts from Discover are backed by 100 percent U.S.-based fraud resolution experts who can even help cardmembers place a fraud alert on their credit files with all three major credit bureaus,” Vasudevan says.
Because Discover constantly monitors every purchase, they are able to alert customers of any suspicious activity, but also encourage cardholders to reach out if they believe they may be a victim.
In addition to the major networks, credit card issuers, which back your credit card financially and collect your payments, have their own security measures. These issuers include banks like Chase, Capital One, Bank of America and others, while Discover and American Express act as both issuers and networks.
Chase uses “advanced algorithms and models like machine learning to detect and prevent high-risk activity” on all credit cards, a representative from JPMorgan Chase says. The strategies they implement “are designed to prevent fraudsters from being able to use customer information, whether it be from a large data breach or an individual’s information being compromised.”
Capital One, too, monitors cardholders’ accounts for fraud and offers digital tools that customers can enable to further protect themselves, says Sarah Strauss, head of fraud for U.S. cards at Capital One. These include CreditWise, a credit monitoring tool, Card Lock, which locks your accounts if your card is misplaced and Eno, a proactive alert system for suspicious activity.
“Protecting customer and account information is a top priority at Capital One, and we take it very seriously,” Strauss says.
What you can do
While your credit card networks and issuers are constantly evolving their security measures, you can take measures to prevent fraud on an individual level as well.
Thieves often look for the easiest targets, so the more you safeguard your information, the less likely you are to fall victim or even be targeted at all. Best practices include creating strong passwords (and different passwords for all your accounts), ordering only from trusted online merchants, not completing online orders over public Wi-Fi networks and reviewing your transaction history and credit regularly.