Credit cards can be a fantastic way to build credit, get frequent flier miles, score points, travel internationally, receive cash back on purchases and more. As long as we use them responsibly and remain within our means, we are safe, right?

Wrong! Credit card fraud is a very real issue for financial institutions and retail companies around the world. The Nilson Report found that global fraud losses to issuers, merchants and acquirers was $16.31 billion in 2014.

It is important to note that overall card transaction volume was $28.884 trillion in 2014. This means that for every $100 in transactions, 5.65 cents was lost to fraud. The “LexisNexis Card Issuer Fraud Study” found that card issuers alone annually lose $10.9 billion to card fraud every year.

You are even more at risk if you live and/or conduct business in the U.S. According to a 2015 report from Barclays, 47 percent of the world’s credit card fraud takes place in the U.S. This is interesting because only 24 percent of total credit card transactions are conducted by Americans, suggesting that a high volume of cross-border card-not-present (CNP) fraud, as well as the use of cloned foreign cards on U.S. soil.

Sluggish to Adopt Chip-and-PIN

The U.S. has begun to address this issue by adopting chip-and-PIN technology. The goal is to make it harder for fraudsters to acquire and use financial information stored on the credit card’s magnetic strip. Adoption of this technology has been slow, with many retailers still not accepting chip-and-PIN transactions.

A fraud liability shift went into effect in October 2015: Merchants who have not upgraded their point-of-sale (POS) machines may be liable for certain in-store counterfeit transactions. Affected merchants will no longer be able to charge back the financial institution or card issuer for lost money due to certain fraudulent purchases.

The liability shift essentially rewards the party with the most secure technology, forcing the charge back on the other party. If a counterfeit card is used in a store that has chip-enabled technology, the charge will fall on the card issuer rather than the merchant. However, if the store does not have the most secure technology, they may be liable.

Strip Versus Chip

As mentioned above, cards equipped with a chip tend to be safer than the traditional magnetic strip cards. It’s easier to siphon data from magnetic strip cards via skimming devices; they are also much easier to counterfeit.

The chip is designed to be tamperproof and nearly impossible to clone, which has greatly reduced counterfeiting in other parts of the world where the technology has been implemented. Embedded within the magnetic strip is information such as cardholder name, account number, expiration date and CVV number.

Card-present sales, where a card is physically swiped at a merchant’s POS or ATM, should become safer when retail and commercial organizations stop accepting the magnetic strip and move to chip cards.

Co-Branded Credit Cards

Co-branded credit cards are cards sponsored by two parties. Usually, one is a retail or services organization, such as an airline, hotel chain, holiday rewards organization, department store or gas chain. The other is a financial institution or credit card issuer, such as Visa, Discover, MasterCard or American Express.

In general, the bank behind the card issuer bears the true onus. It has the ultimate responsibility of deciding card approvals, determining credit limits and issuing interest rates. This means that the bank must deal with handling fraudulent charges that incur on its cards and issuing a card to a “bad debt” customer, which is a customer who becomes a liability to the issuer by not paying the balance, for example.

It is well-known in the industry that financial institutions have higher levels of security and fraud detection capabilities than most retailers. Similarly, the majority of global data breaches come from retail, internet usage, government and health care organizations.

You may be wondering why any issuer would choose to partake in co-branded credit cards. This is a legitimate question, since they bear the majority of the risk. But there are also benefits for the issuer, such as new sales channels and the potential to expand its customer base.

It is fair to say that the co-branded partner has the better end of the deal. It benefits from data sharing, revenue sharing, sign-up bonuses for new members, potentially higher spending and lower risks, since the issuer is assuming the majority of the financial risk. However, co-branded cards are no more or less risky than single-issuer cards.

Read the white paper: Accelerating growth and digital adoption with seamless identity trust

Preventing Credit Card Fraud

Financial Institutions and card issuers take fraud very seriously. The have dedicated fraud experts and highly specialized and sophisticated security and fraud detection systems in place that monitor unusual transaction activity.

The major credit card issuers and most bank-issued credit cards have zero liability policies for unauthorized transactions on their customers’ accounts, which means your bank is very likely to pay you back if it finds that your card was defrauded.

In addition, there are some practices that consumers can incorporate into their financial routine to assist in this battle:

  • Keep strong financial records, and check your statements and balances often.
  • Do not provide financial information to anyone unless you contacted the company directly and you are 100 percent sure it is a reputable number, contact and source.
  • Do not lend out your credit cards (this includes to family, friends and children).
  • Keep an eye on your cards during financial transactions.
  • Immediately report suspicious activity.

For more information on keeping your credit information safe see the Federal Trade Commission’s Consumer Information page.

More from Banking & Finance

What’s up India? PixPirate is back and spreading via WhatsApp

8 min read - This blog post is the continuation of a previous blog regarding PixPirate malware. If you haven’t read the initial post, please take a couple of minutes to get caught up before diving into this content. PixPirate malware consists of two components: a downloader application and a droppee application, and both are custom-made and operated by the same fraudster group. Although the traditional role of a downloader is to install the droppee on the victim device, with PixPirate, the downloader also…

Exploring DORA: How to manage ICT incidents and minimize cyber threat risks

3 min read - As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached $6.08 million, making it the second hardest hit after healthcare, according to IBM's 2024 Cost of a Data Breach report. This underscores the need for robust IT security regulations in critical sectors.More than just a defensive measure, compliance with security regulations helps organizations reduce risk, strengthen operational resilience and enhance customer trust.…

Unveiling the latest banking trojan threats in LATAM

9 min read - This post was made possible through the research contributions of Amir Gendler.In our most recent research in the Latin American (LATAM) region, we at IBM Security Lab have observed a surge in campaigns linked with malicious Chrome extensions. These campaigns primarily target Latin America, with a particular emphasis on its financial institutions.In this blog post, we’ll shed light on the group responsible for disseminating this campaign. We’ll delve into the method of web injects and Man in the Browser, and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today