Credit card fraud
The latest figures from UK Finance show more than 2.7 million people in the UK were hit by card fraud, worth a total of £556.3m. We outline the steps you can take to avoid credit card fraud, and what you must do if you suspect you are a victim.
Table Of Contents
What is credit card fraud?
Credit card fraud is the unauthorised use of a credit card to make purchases or withdraw cash.
Fraudsters may steal your physical credit card, clone or copy your card, or obtain your credit card details to make payments online or over the phone. In some cases of credit card crime, criminals may steal your identity and open a new credit card account in your name.
Common types of credit card fraud
Card not present (CNP) fraud
Card-not-present (CNP) fraud is when the physical card isn't needed to complete a transaction.
Often referred to as ‘remote purchase fraud’, it can happen in transactions such as:
- online
- over the phone
- mail order
To commit CNP fraud, fraudsters need the following details:
- accountholder’s name
- billing address
- the 16-digit card number
- card expiry date
- 3-digit CVV/CVC security code
These details are often obtained via text or email phishing scams.
Counterfeit card fraud
Counterfeit card fraud occurs when a criminal ‘skims’ – copies or clones the data held on the magnetic strip of a legitimate credit card.
This data is then used to create a counterfeit card that contains the real card’s details.
In most cases of credit card forgery – credit card skimming – fraudsters also need to know the cardholder’s personal identification number (PIN) to use the counterfeit card. They might obtain this by:
- attaching a camera to an ATM
- watching the genuine keyholder input their PIN
- acquiring the cardholder’s written note of their PIN
Lost and stolen card fraud
Thieves might steal a credit card from a victim or take it from an unattended bag or purse in a public place. In some cases, credit cards are simply lost and found by opportunists.
Lost and stolen credit cards can be used for contactless purchases up to certain limits without the need for a PIN to be entered.
Card ID theft
Card ID theft happens when someone has been a victim of identity theft and their details are used to open new credit card accounts. The criminal may steal ID documents or buy the victim's details from the dark web. They use them to pass credit card providers’ identity verification checks.
Also known as credit card application fraud, the thief then uses the new card to make purchases.
Detecting credit card fraud
Credit card fraud might be detected by either the cardholder, a retailer or the credit card company (or bank).
Signs of fraudulent activity
For cardholders, signs of fraudulent activity include:
- Your credit card statement showing purchases you don’t remember making
- Mobile bank notifications showing transactions you didn’t make
- Notification from your credit card provider that you’ve exceeded your card limit
- Your credit card being rejected when you try to make a payment
- Genuine applications for other forms of credit being rejected
- Communication from your bank saying it has blocked a suspicious transaction on your credit card
Monitoring your credit card statements
If you have a credit card you should monitor your credit card statements each month to check you recognise all the purchases.
If you make a lot of credit card purchases, keep a list of them and check this matches your statement.
If you have mobile or online banking, you can check your credit card statement and transactions whenever you want.
How to prevent credit card fraud
There are several ways you can both reduce your chances of being a victim of credit card fraud and spot fraudulent activity quickly.
Secure practices
- Keep your credit card in sight when making a transaction. Don’t leave it behind a bar or let waiting staff at a restaurant take it away from the table.
- Don’t tell anyone your PIN and don’t keep a written note of it with your card (in your wallet or purse).
- Make your PIN hard to guess. Don’t use an obvious sequence such as your date of birth.
- Shield your PIN when entering it into an ATM or payment terminal.
- Check any ATM you use has not been tampered with and that there are no suspicious people loitering nearby. Ignore anyone who tries to interrupt you while you are at the ATM.
- Watch the news and follow official advice if a company you have bought something from is a victim of a data breach.
- If you want to close your credit card account, contact your credit card company. Just cutting up your card is not sufficient.
- Shred or burn paper copies of credit card statements.
- Log out of your online banking as soon as you have finished, especially if you are using a public computer.
Technological tools and security features
- Keep your credit card in a RFID (Radio Frequency Identification)-blocking card holder.
- Only purchase items from secure websites with a padlock icon in the web address bar.
- Use computer security measures such as a firewall or anti-virus software.
- Ensure your credit card has 2-Factor authentication (2FA) or Strong Customer Authentication (SCA). This type of credit card fraud protection means you may be asked to provide additional information when making some purchases. For example, when shopping online you may have to enter a passcode, which would be sent to your mobile phone.
- Turn off or ‘freeze’ your card in mobile banking if you won’t be using it for a while.
- Your credit card provider may use credit card encryption and various cybersecurity measures to reduce the likelihood of credit card information being stolen. The small, square microchips on many credit cards today are known as EMV chips and make use of encryption technology.
What to do if you're a victim of credit card fraud
Immediate steps
If you have mobile or online banking, freeze your credit card so it cannot be used further by the fraudster.
Change your online and mobile banking PINs and passwords in case the fraudsters have access to these.
Reporting the fraud
Report credit card fraud as soon as possible. If your bank and phone company are both on the following table, you can call 159. This is a short-code phone service that connects people safely to their bank’s fraud prevention service.
When you call 159, you’ll be taken through an option menu, and you can then use your telephone keypad to be put through to your bank.
Banks |
Phone companies |
|---|---|
Bank of Scotland |
BT |
Barclays |
EE |
Co-operative Bank |
Plusnet |
First Direct |
Gamma |
Halifax |
O2 |
HSBC |
Giffgaff |
Lloyds |
Sky |
Metro |
Three |
Monzo |
Vodafone |
Nationwide Building Society |
TalkTalk |
Natwest |
Virgin Media |
Royal Bank of Scotland |
|
Santander |
|
Starling |
|
Tide |
|
TSB |
|
Ulster Bank |
Alternatively, call your card provider direct using the number shown on the card or their website, and report the fraud.
Report credit card crime to the police through Action Fraud by:
- calling 0300 123 2040
- filing a report online at actionfraud.police.uk
Action Fraud will file the report and give you a crime reference number.
Minimise the damage
Go through all your accounts and check for any transactions you don’t recognise. If a fraudster has stolen your identity to commit credit card fraud, they may have also compromised your other accounts.
Be organised by keeping copies of all correspondence from banks, law enforcement agencies and other organisations regarding the fraud.
Check your credit report with all three credit reference agencies:
Credit reference agency |
Website |
|---|---|
Equifax |
|
Experian |
|
TransUnion |
Your credit report will show you if any new credit accounts have been opened in your name. You can also sign up for credit monitoring services or a credit fraud alert with the credit reference agencies.
Navigating legal waters
Understanding your rights
It’s important to report your credit card as missing, lost, stolen, copied or cloned straight away. The sooner you report credit card fraud, the quicker the criminals can be stopped.
Credit card fraud laws mean your card provider should always refund fraudulent charges and transactions that take place after you've reported your card missing.
You should also be able to get your money back for transactions that happened before you realised your card was compromised. However, you will be liable for the first £35 of any sum spent on your credit card before you reported it stolen. Some banks waive this charge.
Credit card fraud laws also say that if your credit card provider thinks you're responsible for the transaction or you’ve been negligent, the onus is on the credit card firm to prove this. You don't need to prove you weren't responsible.
If your credit card company can prove you were responsible for the transaction or authorised someone else to use your card, you won’t get a refund.
Legal recourse and protection
Credit card fraud protection is overseen by the Financial Conduct Authority (FCA), which sets out consumers’ rights in the event that a credit card is used fraudulently. Credit card issuer policies should reflect the regulator’s rules.
If your bank refuses to refund you for credit card fraud and you cannot reach an agreement within eight weeks, you can take your case to the Financial Ombudsman Service (FOS).
Other advice about credit card fraud is offered by Action Fraud, Citizens Advice and MoneyHelper.
Conclusion: Credit card fraud
Credit card fraud is big business for fraudsters and criminal gangs.
But banks and credit card providers are fighting back by developing better ways to detect fraudulent transactions as quickly as possible.
Consumers have a part to play too. Keep your cards, PIN and passwords safe to reduce the chances of falling victim to fraud. If the worst happens, the law is on your side – your credit card provider must refund fraudulent transactions unless it can prove the cardholder was negligent.