Credit Card Fraud

The term “credit card fraud” refers to a range of acts involving theft or misuse of credit card information, many of which are prohibited by state and federal criminal fraud statutes. The purpose of a credit card fraud scheme is frequently to obtain goods for “free” or withdraw money from a bank or other financial institution. Credit card fraud frequently involves elements of both bank fraud and wire fraud, and it is a common feature of identity theft schemes.

Credit Card Fraud Defined

The general term “payment card” includes numerous types of payment methods that are represented by plastic cards carried by consumers. Credit cards allow consumers to purchase goods and services with a line of credit from the card’s issuer. Debit cards serve a similar function to personal checks, allowing consumers to pay for goods and services from a bank account. In either case, the merchant or service provider is paid directly by a third party, typically the bank or company that issued the card.

Several pieces of information are essential to use a payment card:  the cardholder’s name, the card number, the card’s expiration date, and a verification number or code. This information is displayed on the card and may also be encoded on a magnetic strip. Debit cards also often include a personal identification number (PIN), which the cardholder can use to withdraw cash. Credit card fraud involves the theft or misuse of this information for financial gain.

Credit Card Theft

One possible form of credit card fraud involves the theft of actual payment cards, such as by pickpocketing. This method is risky for the person doing the pickpocketing, and it is also unlikely to yield many returns compared to more advanced forms of credit card fraud. Most credit transactions now occur via computer, with the cards themselves merely allowing merchants to access a cardholder’s information. Credit card fraud has therefore largely moved online.


Several recent incidents of credit card fraud on a massive scale used consumer information obtained by breaking into secured computer systems. One of the largest cybersecurity breaches in history occurred in late 2013, when hackers stole the personal information of millions of consumers who had used credit cards at the retail store chain Target. This information was allegedly sold to others, who attempted to use it to make fraudulent credit cards.


In some instances, legitimate credit card transactions result in the theft of consumer information. This process, often known as “skimming,” may occur with the complicity or direct involvement of employees who process credit card transactions, such as if they transcribe a card’s security code and then retrieve the credit card information from the merchant’s payment system. People may even place devices known as skimmers, which copy a card’s information when the consumer swipes it, on automated devices like ATMs and pay-at-the-pump gas stations.

BIN Attacks

A rather elaborate method of obtaining credit card numbers involves generating multiple possible credit card numbers based on one or more known numbers. The individual digits in credit card numbers have specific meanings. The first digit indicates the credit card. For example, all Visa card numbers begin with “4.” The first six digits are known as the Bank Identification Number (BIN) or Issuer Identification Number (IIN). The remaining digits identify individual accounts. If a fraudster has a valid credit card number, they can try to generate valid credit card numbers based on the BIN and the expiration date.

Non-Criminal Credit Card Fraud

Some acts might be considered credit card fraud while not rising to the level of violating any criminal statutes. These might include merchant agreements that contain language buried deep in the fine print permitting repeat billing of a credit card, with no easy method for canceling the rebilling. Civil statutes, such as those prohibiting deceptive trade practices, might protect consumers in such instances.