What is fraudulent credit card use? Explaining common techniques and countermeasures

更新日:

While credit cards are convenient for both customers and e-commerce businesses, they also carry the risk of unauthorized use. There are many different ways credit card fraud can be used, but most of them can be prevented with simple measures.
In this section, we will explain the occurrence and methods of fraudulent use of credit cards, as well as measures that customers and e-commerce businesses should take.

Contents

Is credit card fraud on the rise?

Credit card payment is an important payment method on e-commerce sites. According to the Ministry of Internal Affairs and Communications' " Reiwa 3rd Edition Information and Communications White Paper," when asked about "payment methods when purchasing online,'' "credit card payment'' received the highest points at 79.8%.


■Payment method when purchasing online
インターネットで購入する際の決済方法

Source: Ministry of Internal Affairs and Communications “Reiwa 3rd Edition Information and Communications White Paper” (June 2023)

On the other hand, fraudulent use of credit cards has continued to increase in recent years. The Japan Credit Association (General Incorporated Association) announced in June 2023, "Incidence of damage caused by fraudulent credit card use,'' which discloses the amount of damage caused by fraudulent credit card use discovered since 1997.
Looking at the aggregate results, the amount of damage caused by unauthorized use in 2021 was approximately 33 billion yen, but in 2022 it will be approximately 43.7 billion yen, which is more than 10 billion yen more than the previous year.

Looking at the breakdown of the amount of damage caused by fraudulent credit card use, we find that while the amount of damage caused by counterfeit credit cards has been decreasing since its peak in 2017, the amount of damage caused by credit card number theft is on the rise, and by 2022 This now accounts for approximately 94% of unauthorized uses.

When you look at these numbers, you may feel that credit cards are dangerous after all. It is true that credit cards carry such risks. However, these fraudulent uses can be prevented by knowing their methods and taking measures.
Even in the unlikely event that unauthorized use occurs, the damage can be minimized by early detection and countermeasures.

For more information on unauthorized use, please see the article below.

Trends in fraudulent use during the corona crisis, and what is fraud detection service in the first place? | SB payment service for payment agency

Common methods used in credit card fraud and preventive measures

The first step in preventing fraudulent use of credit cards is to know what the fraudulent activity is. Currently, many of the fraudulent uses that have been reported include the following:


■Examples of techniques for fraudulently using credit cards
クレジットカードを不正利用する手口の例

Phishing scam

Phishing is a fraudulent method in which a fake email is sent with the name of a financial institution, credit card company, major mail order site, etc., and a link within the email leads you to a fake website that looks just like the real thing. The attacker then tricks you into entering information such as your credit card number and PIN, and uses the information obtained to fraudulently use your credit card.
Fake emails and fake websites contain sentences that create a sense of crisis, such as "There has been an access that appears to be unauthorized,'' "Your account has been suspended,'' and "Please update your credit card expiration date.'' I am.

Precautions against phishing scams

As a preventative measure against phishing scams, when you receive an email or a link to a site asking you to enter your personal information, credit card number, etc., do not enter it immediately, but instead check to see if there is really a problem. . As a preventative measure against phishing scams, when you receive an email or a link to a site asking you to enter your personal information, credit card number, etc., do not enter it immediately, but instead check to see if there is really a problem. . Emails sent from credit card companies or financial institutions are unlikely to prompt users to enter their ID, password, credit card number, pin number, etc.
It is also important not to click on URLs posted in emails or SMS. Check the URL to see if it is the official website of the company mentioned in the text before opening it.
Additionally, if you use the same ID and password for multiple websites and online services, there is a risk that if your ID or password is stolen through a phishing scam, your ID and password will be accessed on other sites and you will fall victim to unauthorized use. It will be expensive. We recommend that you do not reuse the same ID and password, but use different ones for each website or service and manage them carefully.

Spoofing

Identity theft is a method of fraudulent use in which fraudulently obtained credit card information is used to impersonate the credit card holder. Counterfeit credit cards are sometimes created and used at brick-and-mortar stores.
Your usage history may remain, such as when you don't remember the date or store you used it, or when you used it in an area you don't usually go to, such as overseas.

Precautions against identity theft

One way to prevent identity theft is to use e-commerce sites that have introduced the "3D Secure'' personal authentication system when making credit card payments online. 3D Secure is a global identity authentication common to four brands: Visa, Mastercard, JCB, and American Express. With 3D Secure, the credit card user enters a password chosen by themselves, which prevents unauthorized use by identity theft.

Internet shopping scam

Internet shopping fraud is a fraudulent method of setting up a fictitious shopping site and selling products. Since the purpose is to extract money, the product will not be shipped even if the credit card payment is made.
There may also be lies or unnatural parts such as incorrect Japanese expressions on the website, product prices that are extremely low compared to market prices, or fictitious company names and contact information.

Preventive measures against internet shopping fraud

In order to avoid falling victim to these online shopping scams, when entering your credit card information on a website, etc., you need to make sure that the site is safe. When determining whether a site is malicious, pay attention to the following points:

・Is there something strange about the URL? (There are spelling mistakes, it looks like the URL of a major company, etc.)
・Are there any typos or unnatural Japanese in the text on the website?
・Are there any differences in the notation or content on the website from the official website?
・Whether the company name and address listed on the website actually exist

If you are unsure whether a site is suspicious or not, it is best to avoid accessing it and contact the support center of the company in question.

Skimming

Skimming is a method of fraudulent use that uses a scanner at stores to read magnetic data on credit cards. The scanned credit card information is used for online shopping or to create counterfeit credit cards.
In addition to places with locker rooms such as gyms and saunas, places where there are many people coming and going such as hotels and golf courses, and places where people are hard to reach such as ATMs at convenience stores are likely to be skimmed.

Precautions against skimming

The first step to preventing skimming is to thoroughly manage your PIN. Set a number that cannot be guessed by a third party, and check your surroundings to make sure that no one can see your number when entering it. Avoid entrusting your credit card information, including accounting, to third parties.
If possible, it is preferable to use a credit card with an IC chip rather than a magnetic stripe card. Credit cards equipped with IC chips have the advantage that their information is encrypted, making them less susceptible to skimming. Also, when using your credit card at an ATM, it is important to remember to only use it in locations that have anti-skimming measures, such as ATMs with surveillance cameras.

Credit card theft or loss

Stolen or lost credit cards can also lead to fraudulent use. Credit cards are stolen through acts of theft such as pickpocketing, carjacking, and car break-ins, and then used fraudulently.
They are more likely to be stolen in crowded places such as events, on public transportation, and in large parking lots where people can't see them.

Preventive measures against credit card theft or loss

To prevent your credit card from being stolen or lost, always carry your wallet containing your credit card with you and keep it under strict control at all times. Avoid storing it in a place where others can easily take it out. Even if you just want to leave your seat for a while, it's important not to leave your wallet or bag containing your credit card unattended in your car or at a restaurant.
Also, many people have multiple credit cards, but please be aware that having more credit cards than you can manage increases the risk of loss or theft. We recommend that you limit the number of credit cards you own so that you can quickly notice if they are lost or stolen, and you can closely manage your usage details.

Dating site scam

Dating site fraud is a method of posing as a user of a specific dating site, inviting the user to the site, making the user register, and then stealing credit card information by offering to purchase points through credit card payments.
In the case of this method, in addition to the fact that the victim is at fault for using the dating site, it is also difficult to prove the fraud, and there are many cases where the victim is unable to consult with those around them or the police and ends up in tears. .

How to detect credit card fraud early?

Unauthorized use of credit cards causes damage not only to customers, but also to e-commerce businesses that operate stores. If such fraudulent use occurs on an EC site, it will not only cause economic damage, but also greatly damage the reputation of the store. It is important for both customers and e-commerce businesses to take countermeasures based on the examples of credit card fraud that I introduced earlier, and to have a system in place to quickly detect fraudulent usage in the unlikely event that it does occur.
Next, let's talk about how to detect fraudulent use of credit cards early.


■How to early detect fraudulent credit card use
クレジットカードの不正利用を早期発見する方法

Check usage details regularly

It is important to check your credit card statements regularly to detect fraud early. Credit card statements are called usage statements for customers, and sales statements or transaction statements for e-commerce business operators.
If you are a customer, you can check it on your credit card company's My Page, and if you are an EC business operator, you can check it on the website of the payment service you are using. It may seem a little cumbersome, but it's a good idea to make it a habit to set a date and time to check your statement, such as "every Sunday night."

In addition, the name of the store where you actually made your purchase may differ from the name of the store on your usage statement, whether it is an EC site or a physical store. This happens because the store name used as the store name is different from the name of the management company that handles payments, but customers tend to feel suspicious.
You can check it by comparing the date and the usage amount, but as an EC business operator, we recommend that you notify the company name and store name that will be posted on the usage statement on the payment screen, etc., so as not to cause such anxiety.

Check the usage details of the family card

Customers should also be careful when using family cards. The family card usage history will be included in the principal member's credit card usage statement. Therefore, if you issue an additional family card, the credit card usage history of the family will remain without your knowledge.
If you have issued a family card and there is a history that you don't know about the date or amount, check to see if the family card has been used.

Credit card companies may contact you regarding fraudulent use.

Credit card companies monitor credit card usage 24 hours a day, 365 days a year. When we find a transaction that is suspected of being fraudulent, we may contact the customer or EC business operator by phone for confirmation.
What transactions are suspected to be fraudulent is on a case-by-case basis. For example, if you usually only use your credit card around where you live, but suddenly it is used overseas, or if you use it mostly at supermarkets and convenience stores, you may receive expensive bags or jewelry. and so on.

What to do if the customer notices unauthorized use

What should I do if credit card fraud is discovered? First of all, I will introduce the countermeasures taken by the customer.

Contact your credit card company and apply for a chargeback

If you notice fraudulent use, contact your credit card company first. The sooner you respond, the less damage you can do.
If a reported transaction turns out to be fraudulent, the credit card company will issue a "chargeback" to reverse the fraudulent transaction.

Please refer to the column below regarding chargebacks.

What is chargeback? Explains measures against fraudulent use of credit cards

Reissue your credit card

If fraudulent use of a credit card is found, the credit card company will cancel the credit card. Since this is not a temporary issue due to payment delays, etc., you will not be able to use that credit card after that. Therefore, the credit card needs to be reissued.
Of course, you will not be able to use credit card payments until you receive your new credit card.

file a police report

If your credit card is lost, stolen, or if you notice unauthorized use, you should report the loss or damage to the police. Once you receive a receipt number from the police, contact your credit card company again. When you provide your credit card number to your credit card company, they will proceed with the process of reissuing your credit card and applying for loss/theft insurance.
Please note that if you do not report the item to the police or provide your credit card company with the receipt number, you may not be covered by loss/theft insurance.

However, it should be noted that it is difficult for the police to deal with cases such as unauthorized use of credit cards or fraud on the Internet because they do not meet the victim face-to-face.
Additionally, if you have used your credit card but have not received your product, we recommend that you contact the Consumer Affairs Center.

What to do if an EC merchants notices unauthorized use

Even if an EC business operator such as an EC site notices unauthorized use of a credit card, the first thing to do is to contact the credit card company.
However, the subsequent processing will differ depending on whether the fraudulent use was detected before or after the product was shipped. We will explain what to do in each case.

When unauthorized use is discovered before shipping the product

If unauthorized use is discovered before the product is shipped, the first thing to do is to put the product on hold and contact the customer.
Instead of just emailing, talk to them directly on the phone to make sure they're real people. If you can contact them by phone, please check to see if it is the person who made the payment, and if it is the person who made the payment, please change your payment method.
If we are unable to contact the customer, we will cancel the order. We will cancel the authorization if it is before the payment request, and cancel the payment request if it is within 14 days after the payment request. Authorization is an abbreviation for authorization, which is the process of confirming whether payment can be made with the customer's credit card. Since a payment request cannot be canceled after 14 days after the request, the e-commerce business must refund the amount directly to the customer.

For more information on credit card refunds, see the article below.

What is a credit card refund? Explanation of Refund Processing Mechanism and Refund Method | SB Payment Service

When unauthorized use is discovered after the product has already been shipped

If fraudulent use is discovered after the product has been shipped, it will be extremely difficult to retrieve the shipped product. If the chargeback requested by the customer is approved, the product price cannot be collected. The product and all the costs and labor involved in shipping it become a loss for the EC business operator.

Measures against unauthorized use necessary for EC businesses

Chargebacks are a great system when it comes to protecting vulnerable customers. However, e-commerce businesses are always exposed to the risk of fraudulent use of credit cards and associated chargebacks.
However, credit cards also offer services to protect not only customers but also e-commerce businesses. By combining the services described below, it is possible to strengthen the defense against unauthorized use and operate the store safely and securely.

Use ASP fraudulent order alerts

If you use an ASP (application service provider) to build your EC site, the ASP may have a fraudulent order alert function.
This is a database of the details of past fraudulent use, and when an order suspected of fraudulent use is received based on customer information, delivery address information, etc., an alert is issued..
Although it cannot be concluded that it is a fraudulent order, it is possible to alert the e-commerce business operator. Checking with the customer will help clarify whether or not it is fraudulent.

Use security code

A security code is generally a 3-digit or 4-digit number printed on the back or front of a credit card. This security code is not included in the magnetic information recorded on the credit card, so it cannot be stolen by skimming. This information is only available to those who have a genuine credit card. This helps prevent credit card fraud.
If you require the entry of a security code on the online shop order screen, you will be able to reduce the risk of unauthorized use.

The security code is explained in detail in the following article.

What is a credit card security code (CVV2/CVC2)? | SB Payment Service

Take advantage of 3-D Secure

3D Secure (personal authentication service) is a mechanism that uses the password registered by the customer with the credit card company to authenticate the person. Although the name differs for each brand, it is generally called "3D Secure". 3D Secure is the name of the personal authentication service provided by Visa.
This password is information known only to the credit card holder. Therefore, even if information such as credit card numbers and expiration dates are stolen by tricks such as skimming, it is possible to prevent "spoofing" by others.

The identity verification service is explained in detail on the following page.

3D Secure is explained in detail in the following article.

What is 3D Secure? Advantages and disadvantages, explanation of payment procedure | SB payment service

Use AI fraud detection system

AI fraud detection is a fraud detection system operated by SB Payment Service that utilizes AI (artificial intelligence). The majority of fraudulent use involves theft of credit card information through phishing and skimming. On the other hand, their methods have become increasingly sophisticated, making it extremely difficult for e-commerce businesses to notice them in their daily operations.

Therefore, SB Payment Service has built and operates a system that uses AI to score various factors that suggest fraudulent use for each payment, and uses AI to calculate and judge the score. By verifying a huge amount of payment data, amounting to hundreds of millions of transactions a year, and learning a wide variety of fraudulent usage patterns, we are able to detect fraud with even higher accuracy.
SB Payment Service's AI fraud detection system is available in three plans: Free Plan, Standard Plan, and Advanced Plan, and if you use the Free Plan, you can install it without incurring any costs. It also works with various EC construction packages, making it easier to consider implementation. By using this in conjunction with other measures, it will be possible to build a safety net that provides peace of mind for e-commerce businesses.

AI fraud detection is explained in detail on the following page.

More information on how to prevent fraudulent use can be found in the article below.

SB Payment Services takes countermeasures against credit card fraud with "AI fraud detection" - providing a wide range of fraud prevention measures before, during and after payment | Japan Net Economic News

Fraudulent measures that EC businesses that introduce credit card payments should know | SB Payment Service

Introduction of recommended solutions for fraud prevention

If the abuse continues, please consider the following solutions.

O-PLUX

O-PLUX

Feature 1: Can be used for all fraudulent order countermeasures

Feature 2: Trial available for 10,000 yen

O-PLUX is the detection system for countermeasures against fraudulent orders with the No. 1 introduction rate.
Protect your EC site from all fraudulent orders such as chargebacks, malicious resales, and unpaid deferred payments.
It can be linked with almost all carts, and there are plenty of linking methods, so you can introduce it without development.
It is possible to use it with the cost and rules according to each EC site, such as the number of orders reviewed per month.

Fees From 4,000 yen per month Correspondence cart almost any cart
Case studies Over 110,000 total sites Case studies KEYUCA / Sunstar / JINS
Reference: Kakko Co., Ltd.

Why SB Payment Service is chosen

Fraudulent use of credit cards is becoming more sophisticated year by year, and the total amount of damage caused by fraudulent use is increasing.
SB Payment Service complies with PCI DSS (Payment Card Industry Data Security Standard), an international security standard for credit cards, and provides the various fraud prevention solutions mentioned above. For these reasons, we are the choice of many e-commerce businesses.
SB Payment Service's mission is to protect customers and e-commerce businesses from fraudulent credit card use. We will continue to take various measures to prevent unauthorized use.
If you are an e-commerce business that would like to strengthen your measures against fraudulent credit card use, please contact us.

Security and payment option services are explained in detail on the following pages.

FAQ

Q.
Please tell me how to fraudulently use my credit card.
A.
The main methods of fraudulent use include "phishing," which leads users to a fake website from a fake email to enter their credit card number and PIN, "spoofing," which uses fraudulently obtained credit card information to pretend to be the member themselves, and impersonation. There are "Internet shopping fraud" that sells products on EC sites, and "skimming" that reads magnetic data on credit cards with a scanner.
Q.
Is there a way to check if my credit card has been fraudulently used?
A.
Regularly checking your credit card and family card statements is important for early detection of fraudulent use. If you are a customer, you can check your usage details from your credit card company's My Page or dedicated app, and if you are an EC business operator, check your sales details and transaction details on the website of the payment service you are using.
Q.
What should I do if my credit card is used fraudulently?
A.
When a customer becomes aware of unauthorized use, the customer promptly contacts the credit card company, applies for a "chargeback" to cancel the unauthorized transaction, and requests the reissuance of the credit card. If the EC business operator notices unauthorized use, please contact the credit card company first. If fraudulent use is discovered before the product is shipped, we will put the product on hold and contact the customer to change the payment method or cancel the order.

If you have any other questions, please check the FAQ.

Security is explained in detail in the article below.

監修者情報

SBペイメントサービス編集部

SBペイメントサービスはソフトバンクグループの一員として決済事業を担い、2004年に設立以降、幅広い業界の事業者に決済システムの導入を行っている。
当社のコラムでは、決済分野だけでなく、ECサイト運営やビジネスに役立つ情報を継続的に事業者に発信している。


Bulk introduction of online payments suitable for business 


Compatible with Over 40 types payment brands!

Introduction of related services

  • Online Payment Service

    Compatible with any business or device,
    Provide a safe and smooth online payment experience

    View service information
  • Payment services for in-stores

    Supports a wide range of payment methods and supports store management.
    Contribute to smartness

    View service information
  • Can be linked
    EC cart package

    Supports over 20 types of EC carts.
    Payment can be implemented with little development burden

    View compatible systems

About SB Payment Service


TOP