Always such a wealth of info here. Anyone have advice on how to prevent cc fraud?

We average a new corporate credit card every six months due to fraudulent charges. Almost made it a year this time and some jackalope helped himself to some military boots and some health supplements.

The problem seems to be rampant and I wonder how prosecutable these things are? I mean, the cc companies just send you a new card at the drop of the hat and refund the money. If this happens this much for us and our corporate card, I can't imagine hoe rampant a problem this is.

I'm getting tired of always having to update info for revolving accounts and wonder if there is a better way?

Based on my experience, having an incident like this every six months is far too often to be happening by chance. I suspect one or more of your vendors has a security problem. I would do a review of the security protocols of any of your recurring payments. You might also try getting multiple corporate cards and stratify your payments to identify which accounts are compromised the most.

What prototoast said ... every six months is insane and there's a distinct possibility someone you regularly use your card with has been compromised for (apparently) a very long time. Then again, how big is your corporation? Any chance someone internally is the root of the problem?

I have access to corporate cards for three separate small businesses. In the past decade these credit cards have had to be replaced less than five times for all three businesses combined.

I had this issue until I gave up on Bank of America. The last time they wouldn't overnight a new card, and it took 8 days to get here by mail. Now have a card through Fidelity that puts 2% into my investment account, and one through Amazon that has particularly good rebates on Amazon purchases. It's been 3-4 years without a fraud.

We've had some fraud before - we were actually on the phone with the bank while the fraudster was on another line trying to change our passwords. They didn't let them.

We use Capital One and Chase and since that long-ago incident, we have always been contacted by the bank for suspicious charges and have never had a successful one since. They seem to be pretty good a detecting it as it happens.

I think it depends on how many companies you buy from. I have a bunch of accounts unfortunately and it has caused issues in the past. Add into it using it on trips, lots of problems there. I've had it happen at a gas station, a fast food place. A Best Buy once. And I hadn't been to a Best Buy in months. I had someone use my card to buy airline tickets and a hotel in NYC, from Ghana!!!
When the guy checked in the hotel let me know, they locked his room, NYPD arrived and questioned him. Turns out they use a card once or twice and toss it cause it'll get noticed. The guy paid a travel agent in Ghana to get to the US for vacation. It happened 2 months ago when someone bout an Xbox or $399 from Microsoft.

Answers? Nope, got none. Wish I did. But even when you figure one way to stop it, they will find another. It will never end.

Using PayPal for recurring payments lets you change a card number in one place but not accepted everywhere. It would be nice if CC companies let you create virtual numbers tied to one account.

Using PayPal for recurring payments lets you change a card number in one place but not accepted everywhere. It would be nice if CC companies let you create virtual numbers tied to one account.

They did, in the past. Pop up window on your computer, you could limit amount and/or time. Great for one time etail purchases, subscription vendors that you wanted to have control over, etc. I haven't seen this in quite a while though...

Looks like Citi and CapOne might still offer them. Article (https://www.creditcards.com/credit-card-news/bank-of-america-discontinuing-shopsafe/).

Looks like Citi and CapOne might still offer them. Article (https://www.creditcards.com/credit-card-news/bank-of-america-discontinuing-shopsafe/).

I have CapOne as my main card. It's sounds odd, but I have been super impressed by them. It's odd because CCs should just work with no issue.

For online purchases, they have a virtual card so it's not your actual credit card being used.

When I go to a bar (back in the dark ages), I'd get alerts for what they thought were errant duplicate purchases. In fact, it was just me getting beer after beer (I NEVER let bartenders hold my card. Ever.).

I used to get alerts everytime I was out of town using my card. American Express used to shut my card down if I didn't let them know I would be travelling.

This is a corporate card for my business that is used between three individuals.

One trigger now might be the fact that we are building a new office and buying furniture and items for the new practice which are not regular purchases for us.

My frustration is that it seems to happen so frequently. Sure we catch it and they refund it, but the hassle is tremendous. This is my fifth corporate card in three years. It is a citi premier Mastercard, if that matters any.

A couple immediate issues spring to mind:

1) If this is repeatedly happening over a long time period (ie, years) then there's clearly an issue somewhere in the security of the card number with either existing vendors or recurring payments.

2) CP purchases are much more difficult to spoof now that EMV is the US card standard, but that means fraud has migrated to the CNP world. If you're using the card a lot for online purchases -- especially from places you're not familiar with -- their systems could be compromised, and the ability to use that card info online is far easier than in a Card Present situation these days.

tl;dr: It shouldn't be happening this often, and when it does your card issuer should be more on top of spending patterns and purchases to have more predictive means for catching and stopping this than you hunting it out yourself.

CC fraud is a huge problem (as are other types of fraud) and really the only way to stop it is to shut down the card.

I keep a couple cards for different purposes. I have a card I use for online purchases, and another one for "in-person" use.

With some commercial/corporate card programs, there are online tools that let you manage the credit limits as needed. I have not found that yet with a consumer card. It would be nice to just "turn on" the card when you need to use it, and then "turn it off" after the payment is processed.

side note: I am dealing with unemployment benefits fraud right now. Seems someone applied for unemployment benefits in my name, and had my SSN (probably due to the Equifax breach couple years ago)

Luckily, the state contacted my employer and let them know I still was working.....still, credit freezes, police reports, getting credit reports to confirm no other fraud, etc.....what a pain.

Generally, if the card number was stolen online and resold, the buying party first tries to make a small purchase at a McDonalds or someplace for $10 to make sure the card works. Once they confirm the number is good, they try to go on a multi-item shopping spree generally costing $200+-//// if they aren't doing this, the card is not being stolen online and it is something else they are stealing the card strip when you swipe it. .

If you use the card and swipe at a gas stand, or ticket vendor, they perps may have put a skimmer along the swipe.

In London TFL, the perps jammed the chip reader on a Heathrow express machine at Paddington, and the machine would tell you to default swipe the card. When you swipe, they have a skimmer along side which also read your card strip. I had this happen to me last year and a couple days later I was supposedly on a shopping spree in Tel Aviv. . . .

I notice it happens when you leave your card number in websites for auto-check out, ala amazon.com.

I always input my card manually and never save them on the website checkout list of cards. Paypal is the only one where I leave cards, as they get your money back PRONTO.

I had cards in Amazon, and someone hacked and order a boat load of stuff to my house. Apparently they weren't able to change the delivery address as I had that option check marked. I got home from a work trip to a wonderful pile of items.

I had cards in Amazon, and someone hacked and order a boat load of stuff to my house. Apparently they weren't able to change the delivery address as I had that option check marked. I got home from a work trip to a wonderful pile of items.

I tried that story when I went a bit overboard on ebay once. SWMBO didn't believe it. :)

I have not experienced credit card fraud in the last few years except about 5 years ago, when I left my credit card in a Pizzeria Uno when someone charged about $500 in one day without my permission. The card company covered it,

About 4 years ago, someone hacked into the Office of Personnel Management (OPM) and stole the identity of all the government employees and contractors (including me). We have received credit monitoring services since. No problems.

Every few years, I receive a new credit card in the mail because someone compromised a bank's list of credit cards, and I receive a new card with a new number.

None of that freaked me out like the time about a year ago, when I received an email addressed from my own office email account address that told me that my computer had been taken over and all of my files had been compromised. All I had to do was send $10,000 in bitcoin to some address. We had our network people look into it and it turned out to just be a hoax. We took it seriously because others had received the same message.

A bit OT, but what's with the current signature verification at checkout? I can seemingly scribble anything I feel like on that screen pad and it's approved. Does anyone recall the last time a checkout person asked to see your back-of-card signature to compare?

Stop issuing physical cards and go digital. I haven't used cash or my physical CC in months since my bank supports Apple Pay now with my existing bank account and credit card. Super slick and I bet there is an enterprise level solution for this coming.

I also keep a low limit to get notified of charges on my cards - $100. The immediate email notified me of a fraudulent charge 2 years ago. Have not had any issues since. I charge a lot online.

Jeff

A bit OT, but what's with the current signature verification at checkout? I can seemingly scribble anything I feel like on that screen pad and it's approved. Does anyone recall the last time a checkout person asked to see your back-of-card signature to compare?

Signature is a relic of the mag stripe days, particularly for cards that don't want to do an EMV pin certification.

It'll go the way of the dinosaur soon enough, but is mostly there as a CYA in case you contest a charge and they want to do a signature comparison on the receipt.

Card present fraud with chip cards is essentially nonexistent and takes a lot of rule bending for people to get away with it at the point of sale.

One thing I unfortunately learned recently is that there's a difference between asserting a charge is "fraudulent" and "Challenging a charge," at least in the eyes of Barclays Bank (which I called Amateur Bank). If you know who has made the charge, then you are just "challenging a charge" and it's not fraud. Challenges and frauds are handled different ways by different departments--and they might as well be different companies that don't talk to each other. In my experience AmEx is one-and-done with suspicious activity. So you do get what you pay for, with AmEx fees. If you have the option, it helps to sign up for immediate text notification of any card activity. On some cards you can also set dollar amounts for notification, and for verification.

(...) We average a new corporate credit card every six months due to fraudulent charges. (...)

We had fraudulent charges roughly every 6 months with Capital One until we got our chip cards a couple of years ago. No cases of fraud since.

Stop issuing physical cards and go digital. I haven't used cash or my physical CC in months since my bank supports Apple Pay now with my existing bank account and credit card. Super slick and I bet there is an enterprise level solution for this coming.

Apple pay is still tied to a CC or bank acct #..which can be hacked.
For anything purchased online, it's tied to a CC# or bank account. Even paypal and such is CC or bank account referenced.

For FTF? Use cash. For online? Use CC#, have a low $ amount that causes a red flag..review the CC purchases/statement frequently..call when ya gotta.

What I don't get is how, w/o my expiration date or CCV number, if they have my card number, how they use it..some bean bag in Kentucky used my number to but $1200 worth of tires. Plus the company that got smacked was the tire company, who lost the $. Local PD/DA wouldn't prosecute...

One problem is that a lot of small businesses, like restaurants for example - still want to take your credit card info over the phone, card number, expiration date, security code, zip code. assuming some of them scribble those details down somewhere, and fraudsters have everything they need to cause trouble for you.

Even bigger establishments, i recently used my corporate business card to sign up for some professional development courses and the only way to do so was to call the {big] national organization and read some administrative assistant my CC details.

those kind of "loose" transactions still occur a lot, chip card or not and will continue to cause issues until something new is figured out, i think.

Apple pay is still tied to a CC or bank acct #..which can be hacked.
For anything purchased online, it's tied to a CC# or bank account. Even paypal and such is CC or bank account referenced.

For FTF? Use cash. For online? Use CC#, have a low $ amount that causes a red flag..review the CC purchases/statement frequently..call when ya gotta.

What I don't get is how, w/o my expiration date or CCV number, if they have my card number, how they use it..some bean bag in Kentucky used my number to but $1200 worth of tires. Plus the company that got smacked was the tire company, who lost the $. Local PD/DA wouldn't prosecute...

I think you will be happy on the Island of YAP where you can purchase RAI and be very happy knowing it will take 20 adult men to move your money.

One card I have processed 3 fraudulent charges from the same vendor (all in the same amount). My daily reporting allowed me to notify them and shut down the card.

They then processed two more transactions from the same vendor after the shut off !!!

The replacement cards were lost in shipping and when the new set arrived they immediately started processing auto renewals on the new account (a feature I never authorized).

Suffice it to say I am pretty much done with that card.

BK

If multiple people have access to the card number, I would bet you have an internal issue - likely negligence around malware on a computer that is grabbing the card number.

It's possible that one of your vendors has a security issue but that is less likely.

Occams razor for this one. You don't have a fraud on your own personal card every 6 months and I'd bet you use that card way more at a way more diverse set of vendors.

Signature is a relic of the mag stripe days, particularly for cards that don't want to do an EMV pin certification.

It'll go the way of the dinosaur soon enough, but is mostly there as a CYA in case you contest a charge and they want to do a signature comparison on the receipt.

Card present fraud with chip cards is essentially nonexistent and takes a lot of rule bending for people to get away with it at the point of sale.
+1

To get the cheapest interchange rate, the rules say the merchant needs to collect a signature...so they collect a signature.

Signature is a relic of the mag stripe days, particularly for cards that don't want to do an EMV pin certification.

It'll go the way of the dinosaur soon enough, but is mostly there as a CYA in case you contest a charge and they want to do a signature comparison on the receipt.

Card present fraud with chip cards is essentially nonexistent and takes a lot of rule bending for people to get away with it at the point of sale.

Gotchya!
Really...you may want to get a little more current than 2018!