How major credit card networks protect customers against fraud

1
kumikomini/E+/Getty Images
Bankrate Logo

Why you can trust Bankrate

At Bankrate we strive to help you make smarter financial decisions. While we adhere to strict , this post may contain references to products from our partners. Here's an explanation for . The content on this page is accurate as of the posting date; however, some of the offers mentioned may have expired.

Credit card fraud ranked as the second most common form of identity theft in 2020, according to the Federal Trade Commission (FTC), trailing very close behind government documents or benefits fraud. The agency fielded 393,207 reports last year, up 45 percent from 271,823 in 2019, from consumers whose credit card accounts were compromised or who had new lines of credit opened in their name.

While statistics like these may fuel consumer fear of credit card fraud, cardholders can take comfort in the fact that the major credit card networks—Visa, Mastercard, American Express and Discover—offer $0 liability protection. That means you won’t be on the hook for purchases you didn’t make if you’re a victim of credit card fraud.

Consumers can also be assured their banks or credit card issuers are improving security measures as well. Since banks and credit card issuers absorb much of the financial liability of credit card fraud, they have a vested interest in preventing fraud before it happens. Consequently, they’re beefing up their security networks to combat credit card fraud head-on.

No matter which network your card relies on, you can be reasonably assured that it’s safe, with loads of security built in. Not to mention, your card issuer will likely shore up any security gaps through its own fraud prevention measures.

Let’s take a look at what credit card networks do, how they are working to fight against credit card fraud and how you can help protect yourself against fraud.

What are credit card networks?

A credit card network is the infrastructure that works behind the scenes to process credit card transactions. When you use a credit card to make a purchase, it’s the credit card network that works in the background to help the store accept your payment and collect the funds from your card issuer, which then bills you for the charge.

There are four major credit card networks: Visa, Mastercard, American Express and Discover. Visa and Mastercard don’t issue credit cards directly to consumers. Instead, they work with banks, credit unions and other financial institutions that distribute the cards to consumers. When you pay your credit card bill, you pay your card issuer, like Chase or Bank of America, not Visa or Mastercard.

By contrast, American Express and Discover are credit card networks that also act as card issuers. These two companies generally—but not exclusively—issue cards directly without using a third party.

Visa

The Visa credit card network uses what it calls Visa Advanced Authorization to fight fraudsters looking to make purchases in your name. This anti-fraud detection system uses artificial intelligence (AI) and machine learning to analyze hundreds of pieces of data for risk whenever a transaction takes place.

Here is a small sampling of the many risk attributes Visa Advanced Authorization seeks to identify in roughly a millisecond:

  • Type of transaction: Mobile, online, contactless, chip or magnetic stripe
  • Geo-location: Is your phone pinging in one location while your account is being used for a transaction in another area?
  • Spending history: Is the transaction in line with the cardholder’s spending patterns?
  • Unusual circumstances: Is a transaction occurring at an odd time of day for a significant amount of money?

After analyzing all available data, the system produces a risk score that indicates the likely probability of fraud—a risk score of one represents the least risk, while a score of 99 indicates the most risk.

The Visa network sends the risk score to the cardholder’s financial institution, which decides whether or not to approve the transaction.

According to Visa, the authorization system is so effective in spotting suspicious transactions that its global fraud rate—less than 0.1 percent—is now two-thirds less than it was two decades ago. The sharp decline is impressive because transaction volume has gone up over 1,000 percent during the same time frame.

Mastercard

Like Visa, Mastercard prioritizes identity verification in combating credit card fraud. The company’s centerpiece for authentication is the Mastercard Identity Check program, which uses its EMV 3D-Secure 2.0 technology. EMV 3D-Secure is an industry standard for helping merchants and card issuers authenticate card-not-present transactions.

The program’s primary purpose is to help merchants and their banks assess risks and ensure legitimate transactions in real-time. Through AI and machine learning, the system checks over 150 transaction variables to help an issuer make an informative decision to approve or deny a transaction.

The variables Identity Check includes demonstrate just how far user authentication has come. Identity Check looks at screen brightness, user gestures, transaction history and insights from the merchant and the card issuer to authenticate a payment.

If the transaction requires additional authentication to protect the buyer, Identity Check may employ biometrics—fingerprint or facial recognition—or a single-use password.

Mastercard, like the other credit card networks, also uses an EMV chip and secure tokenization system. An EMV chip is the square metallic chip on the front of your credit cards and debit cards. The chip reduces fraud by providing a unique code each time you make a purchase. Since the security code is unique for every purchase, it’s much harder for a thief to use the card to commit fraud.

EMV compliance law, enacted in October 2015, requests all U.S. merchants to update their payment systems to accept EMV cards, or they may be potentially liable for credit card fraud that originates at their business.

Until recently, Mastercard required cardholders to keep their account in good standing to enjoy $0 liability coverage for purchases made on its network. Thankfully, the company has removed that restriction and now offers cardholders complete protection. Note that most card issuers require cardholders to notify them within 30 days when fraud occurs in order to receive $0 liability protection.

American Express

American Express also uses a multi-layered approach to protect consumers from fraud.

The company uses EMV chips on its chip and pin cards to provide a one-time encrypted code to instantly verify your account information. Thieves cannot make a counterfeit copy of your card since a unique code is generated each time you insert your card.

Card identification numbers (CIDs) are credit card security codes that add another layer of security. Your CID consists of four digits printed above your account number on the face of your American Express card. Even if a thief has your credit card number, they won’t be able to authorize online or other card-not-present transactions without the CID.

According to American Express, its network facilitates $1.2 trillion in transaction value each year. To ensure safe transactions, Amex uses fraud protection that analyzes numerous variables for risk in real-time.

As both a credit card network and issuer, American Express directly provides payment services to cardholders and merchants. With few exceptions, it does not use third-party banks like other card issuers, which means Amex has more access to essential data to help it identify and prevent questionable transactions.

Discover

Like the other three credit card networks, Discover’s network uses EMV chip tokenization, CIDs and AI-powered user authentication analysis to ensure transactions are coming from the account holder.

Recognizing that fraudsters are migrating to card-not-present transactions, Discover is focusing its efforts on online credit card transaction security.

Discover’s primary weapon against fraudulent credit card activity online is ProtectBuy, which the company describes as a Three Domain Secure (3DS) customer authentication solution. With Three Domain authentication, the merchant, network and issuer join together in a secure pipeline to validate a purchaser’s identity during an online transaction.

Early on, real-time risk authentication would unnecessarily challenge many transactions, leading to shopping cart abandonment while irritating consumers. Discover says it only challenges transactions with the strongest risk signals.

When a transaction warrants extra security measures, Discover texts or emails a one-time password to the cardholder. The customer can then enter the password in the ProtectBuy pop-up on the merchant’s page without entering login information or answering security questions.

Merchants that accept Discover are not required to enroll in ProtectBuy. Still, Discover encourages them to employ the feature to reduce card-not-present fraud risk and chargebacks.

How to protect yourself against credit card fraud

The methods criminals use to perpetrate credit card fraud and steal your personal information are ever-evolving. Protect your sensitive data, such as credit card numbers, account login information and your Social Security number, by taking these preventive measures:

  • Browse securely: Before you initiate an online purchase, look for “https” in the web address to verify your browser connection is secure and encrypted.
  • Avoid open networks: Never submit sensitive information while using a public Wi-Fi network that doesn’t use passwords. Open networks give thieves easy access to monitor and steal your private data.
  • Consider using virtual credit cards for card-not-present purchases: A virtual credit card number is a unique one-time credit card number associated with your account that is different from the number printed on your card. Virtual credit cards provide a secure way to pay for purchases online or over the phone while safeguarding your physical credit card’s information. Visa, Mastercard and American express offer virtual credit card numbers, but Discover discontinued this benefit in favor of $0 liability protection and a credit freeze feature.
  • Be skeptical: Exercise caution whenever a person or business asks you for personal information via email, text, phone or instant messaging. The financial institutions and government agencies you deal with already know your account numbers and personal data and are unlikely to ask for them.
  • Review your financial documents: It’s also a good habit to review your credit reports and account statements regularly to spot any unauthorized purchases and report credit card fraud if necessary.