Credit card fraud: What you need to know now

Credit and payment card thieves are getting more sophisticated as chipped cards drive them to account takeover and card-not-present schemes.

credit card theft / credit card fraud / credit card hack
Jariyawat Thinsandee / Getty Images

Payment cards make purchasing convenient not only for consumers and businesses, but for fraudsters, too. Global fraud losses from payment cards in 2018 reached $27.85 billion, according to the latest numbers from The Nilson Report, a card and mobile payments trade publication. As large as those losses are, they only amount to $10.83 for every $100 of spending by credit card users, which is actually lower than the previous year, $11.12 per $100.

That may be why credit card issuers believe they have fraud under control. "What worries most credit card sponsors more than fraud is unfairly blocking a consumer’s legitimate transaction," says Roger Grimes, a defense evangelist at KnowBe4, a security awareness training provider. "Most of the evolving and newer systems aren’t trying to detect credit card fraud better. What they are trying to do better is prevent losing customers from blocking legitimate transactions. So, shockingly, most of the activity is in preventing 'false-positives' and not in actually decreasing real fraud."

Fraud has a limited immediate impact on consumers and businesses. If a number is compromised and a thief goes on a spending spree, liability is limited to $50.

Consumers and businesses might see fraud costs down the road in the form of increased prices for goods and services as merchants and credit card issuers pass on the cost of losses. "Ultimately, some amount of fraud will always exist for as long as we continue to use credit cards," observes Paul Bischoff, a privacy advocate at, an information website for consumer security products. "A large part of the interest payments we all make on credit cards goes toward compensating for fraud.”

Credit card fraud scope and trends

To continue reading this article register now

22 cybersecurity myths organizations need to stop believing in 2022