We’re still a long way from wiping out credit card fraud, so remain vigilant

Credit card issuers as well as companies such as Visa and Mastercard continue to invest in ways to flag and decline these types of transactions before they’re ever a problem. And even now, they’re dealing with the fallout from a pandemic-induced surge in fraud as people who normally did their shopping in person were forced to go online.

Nearly 40,000 Americans reported an instance of credit card fraud dealing with existing accounts to the Federal Trade Commission in 2022 — up 23 percent from the year before. And that number isn’t “reflective of the national scope of the issue,” because people often don’t bother reporting these issues after sorting things out with their card provider, said Eva Velasquez, president and CEO of the nonprofit Identity Theft Resource Center.

Unfortunately, we’re still a long way from wiping out credit card fraud, which means you still need to remain vigilant. Here’s what you should know about shielding yourself from fraudsters — and what the companies behind your cards are trying to do to help.

Don’t lose your credit card. A new one could take months.

If you happen upon sites that claim to, say, sell brand-name products for well under their normal price, steer clear. Velasquez said that deals that look too good to be true often land people in front of unscrupulous vendors who try to pull fast ones with your payment information.

“You do get a lot of instances of people falling victim” to those fraudulent retailers, especially since problems online increased during the pandemic, said Chris Reid, Mastercard’s executive vice president of identity solutions.

Paul Fabara, Visa’s chief risk officer, said phishing attacks — in which cardholders receive emails, texts or even WhatsApp messages demanding an urgent response — remain the top way people fall prey to financial scams. You don’t even need to fork over your account details to get stung, he added; sometimes clicking on a link is enough, because it routes you to a shady site that attempts to install malware on your device. Instead, avoid links in messages from sources that look unusual.

Credit card companies and banks can send you notifications via app, email or text messages whenever one of your accounts is charged.

By turning these on, you’ll get a near-instant heads-up whenever a transaction — shady or otherwise — happens, so you can quickly contact your provider when something unusual pops up. The downside is that these notifications can get annoying pretty quickly, but that’s a small price to pay for catching a fraudulent transaction.

Giving up online shopping entirely probably isn’t a reasonable ask. Instead, you can use tools to limit the visibility of your credit card details.

Some credit card issuers, such as Capital One and Citi, offer “virtual” account numbers — checking out online with one of those prevents the credit card’s actual account number from going anywhere. In some cases, you’ll be able to set limits on the size of transactions for those virtual cards to further minimize any hassles you might encounter.

If you’re determined to dodge fraudulent credit card charges, there are a few other things you might want to consider. They’re not for everyone, but they might reinforce your financial security.

Some merchants can, for example, automatically update your Visa and Mastercard credit card on file for recurring payments when you’re issued a new card.

That service is ostensibly there for convenience, but Velasquez from the Identity Theft Resource Center described one case where a consumer couldn’t avoid some shady recurring fees without opting out of these systems. Your mileage may vary, but you can contact your card issuer about bowing out if you’d rather handle these kinds of payment updates yourself.

A few years ago, Visa, Mastercard, American Express and Discover jointly rolled out an online payment tool called Click to Pay, which tries to make checkout faster and more secure. Purchases made with the tool are “tokenized,” meaning they use disposable payment details separate from your actual credit card number. It might be worth looking into — as long as you don’t mind opting in for each individual card you want to use it with.

Finally, consider reporting instances of credit card fraud to agencies such as the Federal Trade Commission. Yes, it’s time consuming and, yes, you’re busy. But flagging these issues helps give our lawmakers and the industry a better sense of how rampant a problem fraud is, Velasquez said.

For every fraudulent charge that shows up on your credit card statement, there are many others that never get close. Beyond the fraud protections offered by your credit card company, the payment networks operated by Visa and Mastercard continually update the tools they use to spot fraudulent transactions the moment they’re made.

To Visa’s Fabara, artificial intelligence has been a critical component of fraud detection for years. He says its biggest value is helping the company analyze the fire hose of transactions it deals with daily to more accurately identify legitimate charges — even if they are out of character for a cardholder. In the past, its systems outright declined more transactions it thought suspect. Now, AI helps Visa process more of the legitimate charges while weeding out fraudulent ones, he said.

Because these payment processors quickly get feedback about which charges are legitimate, the massive flow of transactions it deals with daily helps inform the way their risk assessment models work.

“At a minimum we upgrade every year,” Mastercard’s Reid said, referring to the models that assess the risk of financial transactions.

Meanwhile, credit card companies and merchants are looking at more unusual bits of context — like the way you hold your phone or your typing cadence, Reid added — to more definitively judge whether you are, in fact, you.

While methods of sniffing out fraudulent transactions before they’re processed are getting more sophisticated, Velasquez said it seems unlikely that people will be able to fully protect themselves from card fraud anytime soon. Too often, they’ll have to call their card providers after the fact — like I did with the weird attempted charge for the hotel — to deal with the damage.

“There are some things that are going to be beyond an individual’s control,” Velasquez said. But that doesn’t mean you shouldn’t try.