The Bankrate promise
At Bankrate we strive to help you make smarter financial decisions. While we adhere to strict , this post may contain references to products from our partners. Here's an explanation for . The content on this page is accurate as of the posting date; however, some of the offers mentioned may have expired. Terms apply to the offers listed on this page. Any opinions, analyses, reviews or recommendations expressed in this article are those of the author’s alone, and have not been reviewed, approved or otherwise endorsed by any card issuer.
Credit card fraud has become the most common form of identity theft in 2022, according to the Federal Trade Commission, after running a close second to government documents or benefits fraud last year. Nearly 390,000 cases of credit card fraud were reported to the FTC in 2021, and another 118,191 in the first quarter of 2022.
While statistics like these may fuel consumer fear of credit card fraud, cardholders can take comfort in the fact that the major credit card networks — Visa, Mastercard, American Express and Discover — offer $0 liability protection. That means you won’t be on the hook for purchases you didn’t make if you’re a victim of credit card fraud.
Consumers can also be assured their banks or credit card issuers are improving security measures as well. Since banks and credit card issuers absorb much of the financial liability of credit card fraud, they have a vested interest in preventing fraud before it happens. Consequently, they’re beefing up their security networks to combat credit card fraud head-on.
Of the four major credit card networks that process credit card transactions, Visa and Mastercard don’t issue credit cards directly to consumers, but work with banks, credit unions and other financial institutions that do. American Express and Discover are credit card networks that also act as card issuers.
No matter which network your card relies on, you can be reasonably assured that it’s safe, with loads of security built in. Not to mention, your card issuer will likely shore up any security gaps through its own fraud prevention measures.
Here’s how each of the credit card networks are working to fight against credit card fraud, and how you can help protect yourself.
The Visa credit card network uses what it calls Visa Advanced Authorization to fight fraudsters looking to make purchases in your name. This anti-fraud detection system uses artificial intelligence (AI) and machine learning to analyze hundreds of pieces of data for risk whenever a transaction takes place.
Here is a small sampling of the many risk attributes Visa Advanced Authorization seeks to identify in roughly a millisecond:
- Type of transaction: Is the transaction via mobile, online, contactless, chip or magnetic stripe?
- Geo-location: Is your phone pinging in one location while your account is being used for a transaction in another area?
- Spending history: Is the transaction in line with the cardholder’s spending patterns?
- Unusual circumstances: Is a transaction occurring at an odd time of day for a significant amount of money?
After analyzing all available data, the system produces a risk score that indicates the likely probability of fraud — a risk score of one represents the least risk, while a score of 99 indicates the most risk.
The Visa network sends the risk score to the cardholder’s financial institution, which decides whether or not to approve the transaction.
According to Visa, the authorization system is so effective in spotting suspicious transactions that its global fraud rate — less than 0.1 percent — is now two-thirds less than it was two decades ago. The sharp decline is impressive because transaction volume has gone up over 1,000 percent during the same time frame.
Like Visa, Mastercard prioritizes identity verification in combating credit card fraud. The company’s centerpiece for authentication is the Mastercard Identity Check program, which uses its EMV 3D-Secure 2.0 technology. EMV 3D-Secure is an industry standard for helping merchants and card issuers authenticate card-not-present transactions.
The program’s primary purpose is to help merchants and their banks assess risks and ensure legitimate transactions in real-time. Through AI and machine learning, the system checks over 150 transaction variables to help an issuer make an informative decision to approve or deny a transaction.
The variables Identity Check includes demonstrate just how far user authentication has come. Identity Check looks at screen brightness, user gestures, transaction history and insights from the merchant and the card issuer to authenticate a payment.
If the transaction requires additional authentication to protect the buyer, Identity Check may employ biometrics — fingerprint or facial recognition — or a single-use password.
Mastercard, like the other credit card networks, also uses an EMV chip and secure tokenization system. An EMV chip is the square metallic chip on the front of your credit cards and debit cards. The chip reduces fraud by providing a unique code each time you make a purchase. Since the security code is unique for every purchase, it’s much harder for a thief to use the card to commit fraud.
EMV compliance law, enacted in October 2015, requests all U.S. merchants to update their payment systems to accept EMV cards, or they may be potentially liable for credit card fraud that originates at their business.
Until recently, Mastercard required cardholders to keep their account in good standing to enjoy $0 liability coverage for purchases made on its network. Thankfully, the company has removed that restriction and now offers cardholders complete protection. Note that most card issuers require cardholders to notify them within 30 days when fraud occurs in order to receive $0 liability protection.
American Express also uses a multi-layered approach to protect consumers from fraud.
The company uses EMV chips on its chip and pin cards to provide a one-time encrypted code to instantly verify your account information. Thieves cannot make a counterfeit copy of your card since a unique code is generated each time you insert your card.
Card identification numbers (CIDs) are credit card security codes that add another layer of security. Your CID consists of four digits printed above your account number on the face of your American Express card. Even if a thief has your credit card number, they won’t be able to authorize online or other card-not-present transactions without the CID.
According to American Express, its network facilitates $1.2 trillion in transaction value each year. To ensure safe transactions, Amex uses fraud protection that analyzes numerous variables for risk in real-time.
As both a credit card network and issuer, American Express directly provides payment services to cardholders and merchants. With few exceptions, it does not use third-party banks like other card issuers, which means Amex has more access to essential data to help it identify and prevent questionable transactions.
Like the other three credit card networks, Discover’s network uses EMV chip tokenization, CIDs and AI-powered user authentication analysis to ensure transactions are coming from the account holder.
Recognizing that fraudsters are migrating to card-not-present transactions, Discover is focusing its efforts on online credit card transaction security.
Discover’s primary weapon against fraudulent credit card activity online is ProtectBuy, which the company describes as a Three Domain Secure (3DS) customer authentication solution. With Three Domain authentication, the merchant, network and issuer join together in a secure pipeline to validate a purchaser’s identity during an online transaction.
Early on, real-time risk authentication would unnecessarily challenge many transactions, leading to shopping cart abandonment while irritating consumers. Discover says it only challenges transactions with the strongest risk signals.
When a transaction warrants extra security measures, Discover texts or emails a one-time password to the cardholder. The customer can then enter the password in the ProtectBuy pop-up on the merchant’s page without entering login information or answering security questions.
Merchants that accept Discover are not required to enroll in ProtectBuy. Still, Discover encourages them to employ the feature to reduce card-not-present fraud risk and chargebacks.
The bottom line
If your credit card is issued by one of the major credit card networks, you can rest assured that you’re well-protected against the fast-growing problem of credit card fraud. But it’s important to take measures to minimize these incidents and protect yourself against repeated fraud.
Before you initiate an online purchase, verify that your browser connection is secure, avoid open Wi-Fi networks and consider using a virtual credit card number. (Visa, Mastercard and American Express offer virtual numbers, but Discover discontinued this benefit in favor of $0 liability protection and a credit freeze feature.) It’s also wise to set up mobile fraud alerts, review account statements and credit reports regularly and report credit card fraud if necessary.