Credit Card Fraud - Countermeasures

Countermeasures

Countermeasures to combat credit card fraud include the following.

By merchants:

  • PAN truncation – not displaying the full number on receipts
  • Tokenization (data security) – not storing the full number in computer systems
  • Requesting additional information, such as a PIN, ZIP code, or Card Security Code

By card issuers:

  • Fraud detection and prevention software that analyzes patterns of normal and unusual behavior as well as individual transactions in order to flag likely fraud. Profiles include such information as IP address
  • Fraud detection and response business processes such as:
  • Contacting the cardholder to request verification
  • Placing preventative controls/holds on accounts which may have been victimized
  • Blocking card until transactions are verified by cardholder
  • Investigating fraudulent activity
  • Strong Authentication measures such as:
  • Multi-factor Authentication, verifying that the account is being accessed by the cardholder through requirement of additional information such as account number, PIN, ZIP, challenge questions
  • Out-of-band Authentication, verifying that the transaction is being done by the cardholder through a "known" or "trusted" communication channel such as text message, phone call, or security token device
  • Industry collaboration and information sharing about known fraudsters and emerging threat vectors

By Governmental and Regulatory Bodies:

  • Enacting consumer protection laws related to card fraud
  • Performing regular examinations and risk assessments of credit card issuers
  • Publishing standards, guidance, and guidelines for protecting cardholder information and monitoring for fraudulent activity

By cardholders:

  • Reporting lost or stolen cards
  • Reviewing charges regularly and reporting unauthorized transactions immediately
  • Installing virus protection software on personal computers
  • Using caution when using credit cards for online purchases, especially on non-trusted websites
  • Keeping a record of account numbers, their expiration dates, and the phone number and address of each company in a secure place.

Additional technological features:

  • EMV
  • 3-D Secure

Read more about this topic:  Credit Card Fraud