Worldwide, cards payments are safer now than they ever have been
before, but new types of fraud are creating fresh concerns for the
industry. Traditional types of fraud have been declining in recent
years. Visa reported in late 2006 that its global fraud levels had
fallen by 50 percent since 2001 to record lows of only $0.07 per
$100 transacted worldwide, and just $0.03 per $100 transacted in
the Asia-Pacific region.
However, certain types of fraud are growing at a rapid pace. Card
not present (CNP) transactions have become particularly
troublesome, as people use the anonymity of the internet and
telephone to commit fraud. Advances in technology have become
something of a double-edged sword – just as payment networks and
issuers are utilising new technology to combat fraud, the
fraudsters themselves are also employing evolving technology to
devise new ways to beat the systems.
Phishing has become an increasingly significant area of growth for
card and identity fraud. According to APACS, the UK payments
association, between the first six months of 2005 and the first six
months of 2006, the number of phishing incidents in the UK
increased by 1,471 percent (see Figures 1 and 3). Other markets
such as the US, India and Canada have seen comparable recent
increases in the prevalence of phishing attacks.
Pharming is another growing scam. Like phishing, pharming attacks
trick cardholders into entering data into a fraudulent website that
looks like a legitimate banking website. However, unlike phishing,
which requires victims to click on an e-mail link to get to the
fake site, pharming automatically redirects a customer’s web
browser to the site, making it harder to detect as a scam.
Other types of scams include increasingly complex skimming
operations that use smaller and harder-to-detect cameras, as well
as computer viruses, Trojans and spyware that invade a cardholder’s
computer and search for private information, including card
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below formBy GlobalData
Types of fraud
Card fraud is increasingly moving from the physical world to the
virtual world. Fraud from CNP transactions was almost non-existent
ten years ago. However, the growing popularity of the internet and
telephone commerce has given fraudsters a new medium for card
crime, and CNP transactions are becoming a major source of card
In Australia, CNP fraud is the second-largest source of fraud, and
in the UK it is the first (see Figure 2). The magnitude of the
growth in CNP transaction fraud is alarming: in 2005, the value of
CNP fraud in the UK was nearly twice the total value of all types
of card fraud in 1996.
In the US, credit card fraud accounts for 26 percent of all types
of identity theft fraud, according to a 2006 report by the Federal
Trade Commission. However, a study by US research consultancy
Javelin Strategy and Research, published in February 2007, reported
that identity theft in the US fell by 12 percent in 2006, its third
consecutive year in decline.
In a survey made as part of the study, only 4 percent of
respondents indicated they had been a victim of identity theft in
the past 12 months, down from 4.7 percent in 2003.
As debit card payment becomes increasingly popular in the US,
fraudsters are doubling their efforts to obtain cardholder details
through a variety of methods. According to the latest study
commissioned by the Pulse EFT Association, the US debit network, US
debit card-issuing financial institutions experienced debit card
transaction growth of 18 percent in 2006 and expect continued
strong growth in 2007.
Issuers also reported fraud-related information from 2005, and it
appears that debit fraud is shifting from the cardholder level to
the system level, and predominantly from signature debit to both
signature and PIN debit.
Based on fraud losses reported by study participants, the study
estimates that issuers in the US lost a total of $662 million to
debit card fraud in 2005, a 21 percent increase over 2004. Of these
losses, 60 percent resulted from ATM transactions, 37 percent from
signature debit transactions and 3 percent from PIN point of sale
transactions. Signature-based losses grew 28 percent in 2005, while
PIN-based losses (including ATM and PIN POS losses) rose 17
In response, US debit issuers are using more advanced fraud
detection tools to combat evolving fraud tactics, such as the use
of card verification value or card verification code (CVV/CVC)
checking, neural networks and international transaction blocks.
CVV/CVC checking is expected to significantly reduce
phishing-related PIN-based losses in 2006.
Probably the most important change in the fight
against fraud has been a shift in many markets towards
EMV-compliant chip and PIN technology. Many markets that have
introduced chip and PIN cards, such as Malaysia, the UK and
Australia, have seen a significant reduction of fraud from
In December 2006, the Australian Payments Clearing Association
(APCA) released data for cheque, debit card, credit card and charge
card fraud across all financial institutions in Australia. At
A$0.03 in every A$100, Australia’s total plastic card rate of fraud
is about one-third of that in the UK, which is £0.09 for every
£100. The credit card rate for signature-based transactions
globally is currently around $0.07 for every $100 transacted as
against every A$0.04 for every A$100 in Australia. The Australian
PIN-based debit card system fraud rate is less than A$0.01 for
every A$100 transacted. Between July 2005 and June 2006, the most
common type of card fraud in Australia was that of lost and stolen
fraud, which comprised 44 percent of debit card fraud incidents and
32 percent of credit and charge card fraud incidents.
Malaysia was the first country to complete a national EMV chip card
adoption programme, converting all credit cards to EMV chip by
December 2004 and all card terminals by December 2005. As a result,
in the first quarter of 2005, total card fraud in Malaysia fell to
its lowest level in five years, according to Visa Asia-Pacific.
Visa announced that total fraud at merchant outlets in the country
fell to 0.12 percent of sales in the first three months of 2005
compared with 0.74 percent over the same period in 2000.
Counterfeit fraud dropped by 87 percent from 0.6 percent to 0.08
percent of sales over the same five-year period.
Another industry innovation in the fight against fraud has been the
improvement and standardisation of security protocols. In 2006,
MasterCard, Visa, JCB, American Express and Discover joined forces
to create the PCI Security Standards Council – an independent
organisation to manage the ongoing evolution of the Payment Card
Industry Data Security Standard.
Networks are also actively promoting internet security.
MasterCard’s Secure Code and Visa’s Verified by Visa programmes are
helping to prevent internet fraud by providing cardholders with an
extra security code they can use to authenticate internet card
More than 110,000 merchants have adopted Verified by Visa and
10,000 banks have made the service available to over 395 million
consumers globally. In early 2006, MasterCard announced that
merchants who support MasterCard Secure Code would be eligible for
lower rates than those for face-to-face transactions.
The networks have recently launched additional security measures.
In October 2006, MasterCard introduced its Online Fraud Monitor
service, which uses data analytics and risk scoring models to try
to spot fraudulent debit card transactions as they