retailers and cards home page

credit cards
link to the top of the content area

Fraud Types

With the introduction of chip and PIN in the UK, there has been a reduction in some types of fraud - particularly, a drop in the use of counterfeit cards in UK retailers.

Set out below is an explanation of the various fraud types and what is being done to prevent them.  An acquiring bank can provide help on how to avoid fraud, a merchant may also find the publications produced by Card Watch helpful.  This is the UK banking industry’s body which works with police, retailers and organisations to fight card crime.

Card Watch also produces the ‘Spot and Stop’ publications, which separately address card present, and card not present fraud. Follow this link to be taken to the full list of retailer publications.

Card Watch also provides interactive training for retailers about fraud prevention, which can be found by following this link.

Click on the links below to view more information about each of the following topics:

Counterfeit Fraud

In most cases, counterfeit fraud involves ‘skimming’ or ‘cloning’ magnetic stripe data from the original card that is then copied onto a counterfeit card without the legitimate cardholder’s knowledge and used in a shop or cash machine that has not upgraded to chip and PIN technology.

Where a card that appears to be chip and PIN compliant cannot be processed, a merchant should be extra vigilant and follow the instructions provided by their acquiring bank on how to process this type of transaction.

An acquiring bank will provide help on what to look for in distinguishing between a genuine and counterfeit card by following this link you can find some top tips to spot card present fraud.

Back to top

Card Not Present (CNP) Fraud

This is where a criminal has fraudulently obtained card details and used them to make a purchase.  These details are usually obtained without a cardholder’s knowledge and the first the legitimate cardholder knows about the fraud is when they receive their card statement and query the transaction with their issuer who will then start the chargeback process.

Card not present transactions are considered higher risk for the following reasons:

  • Neither the card nor the cardholder is present so the merchant is unable to check the card’s physical security features to determine if it is genuine.
  • It is harder to confirm that the customer is the genuine cardholder as these transactions are accepted without a PIN - this would be authenticated by the chip on the card or a signature on the till receipt which can be compared to the one on the reverse of the card.
  • Card issuers cannot guarantee that the information provided in a CNP transaction relates to the genuine cardholder.
  • The card issuer is only able to confirm that at the time of the transaction, the card has not been reported lost or stolen.  In addition, the issuer is confirming that there were sufficient funds available on the account for the purchase being made at the time.

The card industry has developed a number of tools that a merchant can use to help guard against CNP fraud:

  • AVS (address verification service)
  • CSC (card security code)
  • MasterCard SecureCode and Verified by Visa - for use with an internet transaction, can better authenticate that the genuine cardholder is making the transaction

These are all explained in the fraud prevention tools pages, which also detail a number of third party solution providers who can supply fraud prevention tools to help merchants identify potentially fraudulent transactions.

Back to top

Lost & Stolen Card Fraud

This fraud type can take place at retail outlets or over the internet, and occurs where the genuine cardholder has yet to report their card as lost or stolen.  The fraudster may also know the PIN where they have seen or recorded it and then stolen the card afterwards.

To help merchants, the card industry has developed the Industry Hot Card File (IHCF), which is an electronic file that lists lost & stolen UK issued cards. 

The IHCF is an electronic file for use by retailers and contains records of cards that have been reported lost and stolen. When a card is swiped as part of a transaction, at retailers using the IHCF, it is automatically checked against the file and an alert if given if the card’s details match those on the file.

For more information about IHCF please visit the Card Watch web site: www.cardwatch.org.uk and search for IHCF. An acquiring bank can also provide further details about the IHCF and how a merchant could use it when accepting card payments.

Back to top

Mail Non-Receipt Fraud

Mail Non-Receipt fraud is where a card has been stolen before it ever reaches the cardholder. The banking industry works with the Royal Mail to monitor distribution and devise new ways to securely deliver cards.  However, since the card and PIN are sent separately, this makes it more difficult for a fraudster as they have to intercept two different mailings.  In addition, some issuers ask cardholders to call them to confirm receipt of their card before they activate the card for use.

Back to top

Application Fraud

Application fraud involves a criminal obtaining enough personal information or documents to apply for a new card in the name of a fraud victim – also known as identity theft. 

Further details about identity theft can be found on the Home Office’s website at www.identitytheft.org.uk

Back to top

Account Takeover Fraud

This section is currently under construction - please check for details at a later date.

Back to top