Preventing payment card fraud
In 2018, unauthorised financial fraud losses across payment cards, remote banking, and cheques in the UK totalled £844.8 million which was an increase of 16% compared to 2017.
However, banks and card companies prevented £1.66 billion in unauthorised fraud* in 2018, representing incidents that were detected and prevented by firms and is equivalent to £2 in every £3 of attempted fraud being stopped.
In addition to this, in 2018 UK Finance members reported 84 incidents of authorised push payment scams* with gross losses of £354.3 million.
Fraud losses on UK-issued cards totalled £671.4 million in 2018 – up 19% compared to 2017 with a total of £1.12 billion in card fraud stopped by banks and card companies in 2018, which is the equivalent to £6.27 in every £10 of attempted card fraud being prevented. The figures include fraud on debit, credit and ATM and is only cards issued in the UK.
With the worrying increase in figures, the finance industry is continuing to tackle card fraud by:
- Developing fraud screening detection tools for retailers to use such as 3D Secure.
- Investing in advanced security systems to protect customers, including real-time transaction analysis and behavioural biometrics on devices. At the end of 2019 Strong Customer Authentication (SCA) for higher value, online payments became a legal requirement adding an extra layer of security.
- Speedily, safely and securely identifying compromised card details though UK Finance’s intelligence hub so that issuers can put protections in place.
- Working with government and law enforcement in the Joint Fraud Taskforce to use collective powers, systems, and resources to crack down on financial fraud.
- Fully sponsoring a specialist police unit – the Dedicated Card and Payment Crime Unit, which targets organised criminal groups responsible for card fraud.
If your business is compromised by fraud it can damage your business financially and also have a detrimental effect on your brand reputation within the marketplace.
Here are our simple steps to preventing card payment fraud from occurring in your business:
Card not Present Fraud (Online & Mail Order/Telephone Order)
This type of card fraud is where fraudsters obtain consumers’ card details from things like discarded receipts, emails or account hacking and they use this information to purchase high value or desirable goods online, by phone or mail order. Click here for more on information on preventing card payment fraud at
How to prevent this type of fraud
If you are selling your goods and services online then it is important to ensure that your online system is PCI compliant and uses 3D secure which is an extra level of security. There are a few questions you should ask yourself before proceeding with the order. If you answer ‘yes’ to any of them, then you should take further steps to identify the legitimacy of the order:
- Is the sale excessively high in comparison to your usual orders?
- Does the address provided seem suspicious? Has the delivery address been used before with different customer details?
- Is the customer attempting to use more than one card in order to split the value of the sale?
If you are still unsure check the Industry Hot Card File to see if the card is registered.
Remember you have the right to decline the order if you suspect the transaction to be fraudulent, make every effort to try and contact the customer and verify their details before making your decision.
Although on the decline since the introduction of chip and pin in the UK, there is still a black market for the manufacturing of fake credit cards using genuine card details. The card details are copied from the magnetic strip of the genuine card using a device called a skimmer. This information is then transferred to the magnetic strip on a fake credit card, so the customer will not be able to use the chip and will ask for the card to be swiped. Although some foreign cards do not use the Chip and Pin you should be wary if a customer asks to swipe.
How can I tell if a card is fake?
Extra vigilance should be taken when accepting cards that are not chip and pin. Foreign cards and chip & signature cards will still exist. When swiping the card follow your ‘on terminal’ prompts.
Also, look out for these:
- Check the first four digits – On MasterCard and Visa cards the first four digits of the embossed card number are also printed above or below
- Check the last four digits – Check that the last four digits shown on the front of the card match the last four digits shown on the receipt
- Check the signatures – Is the spelling correct? Is it large, messy writing on the signature strip possibly covering the real signature?
- Check the signature strip for signs of tampering
Sources include UK Finance Fraud the Facts 2019, The definitive overview of payment industry fraud.
*Unauthorised fraud: In an unauthorised fraudulent transaction, the account holder does not provide authorisation for the payment to proceed and the transaction is carried out by a third party.
**Authorised fraud: In an authorised push payment fraudulent transaction, the genuine customer themselves processes a payment to another account which is controlled by a criminal.