Credit card fraud causes substantial losses for both merchants and consumers. The types of schemes affecting consumers range from the theft of individual credit cards to the theft of thousands or millions of consumers’ personal financial information. In either case, the person or people perpetrating the fraud may use the information to make purchases for themselves, or they may sell the information to others for that purpose. This results in consumers getting billed for products or services they did not buy, as well as inaccurate credit reporting. Federal law limits the liability of consumers whose information is compromised, provided they act quickly to report lost or stolen cards and to dispute fraudulent charges.
Types of Credit Card Fraud
Fraudulent credit card schemes include the very low-tech theft of one or more credit cards, which may then be used to make purchases or sold for an identity theft scheme. Stealing an actual card from someone’s purse or wallet may be the oldest form of credit card fraud, but newer technologies may allow fraudsters to accomplish the same objective without the need for purse-snatching.
One type of scheme, known as “skimming,” involves people who regularly process credit card payments and who keep their own records of people’s credit card numbers. They may do this with a “skimmer” device, which attaches to card-swipe machines and other devices and reads the card’s magnetic strip. ATMs and other devices may also have skimmers disguised as part of the machine.
Some hackers claim to be able to obtain credit card numbers from cards equipped with radio frequency identification (RFID) technology without needing physical contact with the card. Scanning equipment can read RFID-equipped cards while they are still in someone’s wallet or purse, as long as the equipment is within range. Several major credit card companies are phasing out magnetic-strip cards in favor of “chip and PIN” cards that use encryption keys and personal identification numbers (PINs) to prevent fraud. The U.S. is reportedly the only major market in the world that still uses magnetic-strip cards.
The theft of consumer financial information from merchants’ computer systems is perhaps the best-known type of credit card fraud because of several well-publicized and massive incidents. Hackers stole the credit card numbers of millions of customers of the retail chain Target, using malware installed on the company’s computers. These types of incidents may also result in the theft of other types of personal information, which fraudsters may use to apply for new credit card accounts in someone else’s name. Application fraud, as it is known, may result in a consumer defaulting on debts that he or she did not even know existed.
Federal Credit Card Fraud Law
The Fair Credit Billing Act (FCBA) protects consumers against inaccurate or fraudulent credit card charges and other billing errors. A consumer who receives a statement with a billing error must dispute the charge in writing by sending a notice to the address for “billing inquiries” identified on the statement. The credit card company must receive the notice within 60 days of the statement date, so time is of the essence for the consumer. Notice may be sent electronically, but only if the credit card company specifically provides a means to do so.
The credit card company has 90 days from the date it receives the dispute to act on it, either by correcting the charge or explaining to the consumer in writing why it believes the charge was not in error. The FCBA limits a consumer’s liability for unauthorized use of his or her credit card to $50.
Fraud involving an ATM or debit card is covered by the Electronic Fund Transfer Act (EFTA). A consumer is not responsible for any charges made on an ATM or debit card if he or she reports it lost or stolen before it is used. If the consumer reports the loss or theft after someone used it, his or her maximum liability depends on when he or she reports it. If the report is within two days of learning of the loss or theft, the consumer’s maximum liability is $50. After two days, but within 60 days of the date of the next bank statement, the maximum amount is $500. Beyond that time period, the consumer is liable for all losses.