Credit card fraud detection is the process of identifying and preventing unauthorised and fraudulent use of debit and credit cards.
How is credit card fraud detected?
Credit card fraud is a primary concern for banks, who work hard to stay ahead of scammers and cybercriminals, both big and small. In the past, credit card fraud was simpler to detect as it mainly involved thieves stealing credit cards and using them at ATMs or retail outlets to make unauthorised transactions. However, with the rise of electronic commerce, fraud has become more complex and sophisticated.
To prevent fraud, banks must constantly update their payment-transaction systems and plug vulnerabilities to ensure the purchaser is a legitimate cardholder. They also use digital tools and continuously adapt their fraud detection systems to learn from new data and evolving techniques.
The Australian Banking Association (ABA) recently launched the Fraud Reporting Exchange (FRX), a digital platform to prevent fraudulent transactions. In collaboration with the country’s leading banks, the ABA identified bank transfers as the most common payment method for scams. The FRX enables banks to quickly share information about scam transactions with a ‘near real-time reporting’ system to prevent money transfers to fraudsters.
» MORE: How to spot and avoid credit card scams
How does credit card fraud detection work?
Credit card fraud detection involves various tools to verify transactions, techniques to authenticate cardholders and technologies, such as statistical analysis and machine learning, to monitor suspicious transactions and activities.
Much of the fraud detection process happens behind the scenes through systems used by credit card companies, including card networks and providers.
Systems used by card networks
Card networks (Visa, Mastercard, American Express) have also had to keep up with the rapid pace of digital change, and nowadays, they can implement a combination of some or all of the tools below to assist them. These include:
- 3DS. 3D Secure is a security standard created by Visa and Mastercard to prevent fraudulent card usage. It involves three domains: the merchant/purchaser, the issuer, and the interoperability domain. When a merchant initiates authentication, further validation is required for the purchase, often involving a PIN request for identification.
- Biometrics. Biometric security uses hardware like cameras or fingerprint readers on devices to identify cardholders by comparing scanned information with a database.
- Multi-factor authentication. Multi-factor authentication, such as Mastercard SecureCode and Visa Secure, helps detect credit card fraud by using a combination of PINs, secret questions, biometrics and verification codes sent to the owner’s email or phone.
- One-time passwords. Card networks add extra security with a one-time password, like Mastercard Identity Check, to send a password for purchases across all devices.
Systems used by card providers
Some notable techniques and systems used by card providers include:
- Account takeover tools. These tools detect account takeovers by comparing current behaviour with past usage and requesting additional information such as CVV or PIN. If not provided, the provider can lock or block the card to prevent future transactions.
- Adaptive authentication. Artificial intelligence-powered adaptive authentication detects potential fraud by analysing customer transactions for anomalies and assigning a risk score.
- Analytics. Advanced analytics use AI and machine learning to detect abnormal card use like unusual location or spending amounts. False positives are likely, but they trigger an alert prompting additional verification steps like a PIN or one-time password.
- Tokenisation. Tokenisation replaces sensitive data, such as a credit card number, with randomly generated tokens to deter hackers.
- Voice biometrics. Voice biometrics is a relatively new technology that uses voice recognition to authenticate callers based on their unique voiceprint.
Credit card fraud detection security features
The general public also has an interest in detecting fraud, and some tools and security features require the participation of cardholders and merchants.
Tools for cardholders
Card providers have various fraud-detection tools and security features available to cardholders nowadays, some of which are embedded in cards and all designed to trigger fraud alerts. These include:
- 24/7 Fraud Protection. Always-on card protection uses all available technology around the clock to check for fraudulent activity, regardless of location.
- CHIP technology. Card providers constantly review and update their security protocols for improvements, including microchips. New microchips store more data than magnetic stripe credit cards and protect against card skimming. Westpac’s CardShield is an example of advanced CHIP technology.
- Geolocation. Geolocation matches your phone’s location with a transaction to detect fraud. Your provider can then confirm with an SMS or unique password.
- Location-based security. Allowing your card app to track your location helps detect suspicious account activity by checking if you are near the transaction location.
- Online Transaction Security Guarantee. Your card provider’s Online Transaction Security Guarantee does not stop fraud per se. Still, it guarantees that you, the cardholder, will not be liable for any transaction made without your knowledge or consent.
- PIN technology. A personal identification number (PIN) is a numerical code used in financial transactions and ATMs, often required for online transactions along with a CVV. It’s a technology that most people readily associate with credit card security.
- Push notifications. Push notifications are an effective and straightforward way to check whether you’ve been a victim of credit card fraud. Enabling push notifications on your bank’s mobile app can alert you of any credit card fraud transactions. Notify your provider immediately if you didn’t make or don’t recognise the charge.
- Virtual credit cards. Virtual cards allow you to make transactions without disclosing your number and address, meaning there’s less risk of your details falling into the wrong hands.
» MORE: How to cancel a credit card
Tools for merchants
Retailers and businesses also get involved in the process of detecting fraud. Some of the tools and features used by merchants to authenticate customer transactions include:
- AVS authentication. Address Verification Service (AVS) is used to verify a user by comparing the billing address used in a transaction with the one the card provider has stored on that customer.
- KBA authentication. Enhance Knowledge-Based Authentication (KBA) is another tool, like AVS, that checks personal information provided for a transaction against stored customer details to validate identity.
- KYC alerts. Know Your Customer (KYC) is a tool that verifies a customer’s identity through face, document and biometric verification, providing multiple points of reference before accepting a card transaction.
DIVE EVEN DEEPER
How To Lock, Block Or Freeze Your Credit Card
A card lock is essentially an on-off switch that allows you to temporarily freeze or block your credit card and most debit cards.
Lost Credit Card? Here’s What to Do
If you lost your credit card, don’t panic. Lock your card, then contact your issuer and take steps to limit the damage of fraud.
How To Dispute A Credit Card Transaction
When you dispute a transaction, you tell your credit card provider, ‘I’m not paying for that,’ and asking for help getting the money back.
How Do Credit Cards Work?
Everything you need to know about how credit cards work and how to use them responsibly.