A business guide to common types of credit card fraud (UK)

Over the past decade payments have progressed away from cash transactions and towards card payments, and even online payments where a card isn’t present at all. Although this move has yielded increased convenience and speed, it’s also allowed new types of payment fraud to evolve. For business owners now offering flexible ways to pay, from tapping a card to clicking a button, the risk of credit card fraud is a very real concern.

In this guide, we’ll explore the common types of credit card fraud in the UK that can affect businesses. From what credit card fraud is, to common types and methods of mitigation.

What is credit card fraud?

Credit card fraud is when theft or fraud occurs by an unauthorised person using your credit card. This may be someone using your credit card without your knowledge to purchase goods or services, move funds or sell your details to other criminals. Credit card fraud is a form of identity theft and in the UK, credit card fraud is a criminal offence.

How common is credit card fraud?

According to UK Finance, fraud losses on UK-issued cards totalled £556.3 million in 2022, a 6% increase from 2021. An analysis of European Central Bank data figures carried out by the Social Market Foundation (SMF) also found that the UK has the highest bank card fraud rate in Europe.

It’s clear that credit card fraud is a growing issue, however, security and prevention measures are also advancing at speed in order to tackle the problem. The Office of National Statistics also reported that in 2022, victims were fully reimbursed in 73% of incidents of bank and credit account fraud.

Different types of credit card fraud

To recap, we know that credit card fraud is when someone unauthorised uses your card or card details to make a purchase or take funds. Now, let’s look further into how this happens and what the different types of credit card fraud are:

• Card not present (CNP) fraud - this is when the physical card is not actually present during the fraudulent transaction, this can occur online or over the phone using your credit card details.
• Credit card application fraud - fraudulent use of your details (usually illegally obtained) to open a new credit account in your name.
• Lost or stolen cards - when your credit card has been stolen or lost and someone illegally uses it to make purchases without your permission or knowledge.
• Credit card skimming - occurs when using an ATM or at a point of sale that has been compromised by fraudsters, they take your credit card data and PIN number.
• Phishing - when someone poses as a bank or other financial institution via email or telephone asking for your credit card details and personal information.
• Account takeover - Cyber criminals use stolen passwords and usernames to take over your online bank account and make purchases or move funds.
• Cloned cards - when your credit card is illegally replicated and used for unauthorised purchases.
• Social engineering fraud - this is an umbrella term for the techniques and scams used by fraudsters to obtain your personal information and credit card details, this is done via manipulation over social media, email or telephone to trick someone into giving over their details.

You can check out our fraud prevention guide for more information on how to protect yourself and your business from phishing attempts specifically.

Ways businesses can mitigate against credit card fraud

No business can ever be completely safe from credit card fraud, however, there are a few measures you can take to reduce the chances of fraudulent transactions in your business.

Here are six ways to help protect your business:

• Consider more secure payment methods - For example, businesses can move towards using more secure payment methods like payment links, instead of MOTO payments (mail order telephone order), otherwise known as taking payments over the phone. Payment links tend to be more secure because most pay-by-link transactions use 3D secure authentication, whereas MOTO payments typically don't have this extra layer of security.
• Verify your customer’s identity - If a customer ever requests to change their credit card details, take extra care to validate the existing information to ensure you are speaking to the credit card holder. One way to do this is via requesting a valid ID.
• Be vigilant of customer behaviour - Make sure you and your staff are aware of potentially suspicious behaviour and have an escalation procedure in place if circumstances require. For example, be extra vigilant if a customer is in a rush and in urgent need of the goods, have sent a courier or taxi to pick up the goods, where first time customers have made multiple larger orders in quick succession, multiple cards have been declined or the customer is requesting that the transaction amount be lowered. These behaviours aren’t always cause for alarm, but it is worth being vigilant against potentially suspicious transaction circumstances.
• Investing in fraud protection - Review and audit your business’ level of risk. Does your business mostly take CNP payments or payments over the phone? Taking payments where a physical card isn’t present has the potential to increase risk - these tools work by reviewing real time transactions and flagging any potential risk at the time of the transaction.
• Staff training - Train your staff to recognise potential fraud and how to appropriately flag and escalate it if needed. Training doesn’t have to cost the world, Natwest offers free resources for businesses and their staff on various types of fraud, including accepting card payments. The National Cyber Security Centre (NCSC) also offers a free e-learning pack to help businesses and staff improve their cyber awareness.
• Understanding the potential credit card fraud your business is most likely to face - The type and size of business you run or work in can determine the sort of potential fraud your business is most likely to face. These factors can influence the level of sophistication and specific type of fraud. For example, if you run a retail business, you may be more likely to experience fraudulent chargebacks. Understanding the potential risks is pivotal in allowing you to mitigate them more effectively.

If you want to find out more, we’ve also put together a handy checklist for merchants on how to safeguard against fraud.

Card security features

Card issuers and networks have also developed a number of ways to increase their security:

• CVV (card verification value) - The three digits on the back of the payment card. In order to make the payment, the person has to physically have the card to obtain these numbers, or have access to the bank account associated with the card..
• 3D secure authentication - Also known as 3DS, this is an extra security layer that appears before a purchase can be completed. In some scenarios the customer will be prompted to enter a code or password, in others 3DS runs in the background without needing additional information to be inputted.
• Address verification service (AVS) - The billing address provided by the customer is compared to the address that the credit card is registered to, ensuring they match.

How do credit card companies investigate fraud?

If credit card issuers suspect a fraudulent transaction they may cancel the card in question and send a replacement while they investigate. This will also happen if a case of credit card fraud has been reported. Investigations can take up to 90 days and usually consist of the credit card company contacting the merchant, looking at geolocation data, timestamps, IP addresses, behavioural indicators and previous account activity to determine whether fraud has been committed.