How to protect against debit and credit card fraud

To protect against card fraud, we should all remain vigilant when using our cards and report anything we think is suspicious.

Keeping our PIN number safe and using the card freezing and blocking options in mobile banking apps can limit losses from in-person card theft.

Similarly, we can protect against online and telephone scams by only dealing with trusted organisations and being careful who we discuss our details with.

Credit: wk1003mike/Shutterstock.com

How much is lost to card fraud?

Figures from UK Finance show there were more than 2.8 million instances of card fraud in 2020 with a total loss value of £574.2m. However, a total of £983m of potential fraud was stopped by card companies and banks.

These figures shifted slightly from the previous year. The volume of cases was up by 3% while the total value was down by 7% and the amount stopped by companies fell by 2%.

There are five different types of card fraud tracked by UK Finance:

So, we're significantly more likely now to be a victim of remote purchase fraud than any other type of debit or credit card fraud.

Remote purchase (card-not-present) fraud accounted for 2.4 million cases in 2020, with an overall value of £452.6m.

Online fraud accounted for £262.3m of this, while mail or telephone order against retailers in the UK accounted for £63.7m.

Read more about fraud and how likely it is to happen to you.

Different types of card fraud

Credit and debit card fraud is split into five categories by UK Finance, but there are various styles of card fraud that it's worth being aware of.

Here are eight types of card fraud techniques to know about:

1. Card theft - A victim's card is physically stolen and used by a thief.
2. PIN and card theft - A victim is watched inputting their PIN number and the card is subsequently stolen.
3. Clone cards - Also known as "skimming", a fraudster fits a device on to a card reader to capture card information.
4. Stolen details during transactions - Card details are stolen over the internet, by telephone or mail order.
5. Intercepted cards - A new card is intercepted by a scammer before it reaches the customer's address.
6. ID theft - Fraudsters open a new credit account in someone else's name or take over an existing account by convincing a lender they are the victim.
7. ATM tampering - A device is installed at an ATM that simultaneously skims details of the card and allows the scammer to record a victim entering their PIN.
8. Authorised push purchase (APP) fraud - Scammers pretend to be legitimate services and request payment by card.

As we can see, some of these are variations on the same scam, but it's worth knowing the different terminology in case we need to discuss an issue with our bank or the police.

Once we understand the risks, we can also take steps to protect ourselves against them.

Protecting yourself against card fraud

One of the best pieces of advice for protecting ourselves from card fraud is simply to be vigilant. It's also useful to approach every transaction with a degree of suspicion.

There are a few safety tips that apply to every type of card fraud:

1. Keep your details safe, whether that's memorising your PIN number instead of writing it down or being cautious about who you give your card number to when shopping.
2. Keep the card itself in a safe place and always know where it is. If you can't find it, see if you can enable a "card freeze" on your mobile banking app.
3. Check statements when they're sent through the post or via email, checking whether all the transactions are genuine.
4. Access credit reports to see whether any credit applications or defaults have affected them.

There are also specific protective measures if we're paying in-person, online or via the telephone as we explore below.

One further point: additional cardholders on credit cards can run up legitimate debts in the main cardholder's name. We look at that in our guide to spouses running up debt in your name.

In-person card fraud

Several fraud types we've discussed above try to get hold of our debit or credit card and our PIN number.

While there are different ways fraudsters go about this, there are some steps we can take to protect our card and protect our PIN:

1. Always shield the PIN when paying in a shop or withdrawing from an ATM.
2. Look out for people loitering around cash points or payment terminals.
3. Pay attention to any unusual devices on or near the payment point.
4. Try not to let anyone walk away with a card while making a payment.

Thanks to the increase in the limit for contactless payments, it's now possible to spend up to £100 in a single transaction without entering a PIN number. Although banks require us to put our PIN after a few transactions to verify our identity, this still leaves a hefty sum that could be spent fraudulently if our card is stolen.

Some banks allow us to set our own contactless limit, closer to the previous limit of £45 if we prefer.

As we mentioned above, it's also quick and easy to freeze our cards if they are stolen, meaning the thief wouldn't be able to use either the contactless element or chip and PIN to spend our money.

It's our responsibility to keep our cards and PIN numbers secure.

For example, a lender might consider we've been negligent if we write the PIN number down and keep it near the card or if we change our PIN to something easy to remember that is also easy to guess (like our date of birth). Equally, we should never share our PIN with someone else.

Online card fraud

Card fraud committed online makes up a huge chunk of the losses to remote purchase fraud, with those losses totalling £376.5m in 2020 (83%).

As we explain in our guide to online scams, there are some typical hallmarks of this type of fraud including unsolicited contact and unrealistic offers.

To protect from this type of fraud:

1. Never respond to offers that seem too good to be true and never try to purchase them with your debit or credit card.
2. Don't give card details to retailers without a track record of providing service.
3. Ensure the internet connection is secure and don't shop on unsecured wi-fi.

Thanks to the implementation of Strong Customer Authentication (SCA), when we shop online we will often receive a one time passcode (OTP) to help verify the purchase.

Read more about how to stay safe online, including how to keep your personal details safe on social media.

We've also got more on our rights while shopping online to help understand what responsibilities reputable retailers have once we've made a purchase.

Phone card fraud

Telephone card fraud occurs when we give our card details to someone over the phone.

This can be because we're trying to purchase something we believe is legitimate or because a scammer is trying to frighten us into transferring money to a so-called "safe" account.

Again, there are some key ways we can avoid telephone scams:

1. Don't assume calls are genuine, even if the scammer has plenty of information.
2. Don't provide card details or other personal details on the phone when receiving an unexpected call.
3. If in doubt, hang up the phone and call a publicly advertised number for the organisation (on another phone if possible).

Although telephone card fraud is less of an issue now that online payments have taken off so much, there will still be circumstances where we need to make card payments over the phone.

In those instances, it's important to be certain who we're speaking to before we give out any personal details.

How your card provider protects you

All credit and debit cards offer some basic level of security against fraud.

For example, cards come with chip and PIN and all providers will monitor our accounts for suspicious or unusual activity.

Here are some fraud prevention measures to be aware of.

Active fraud protection

Debit and credit card companies monitor the use of our credit cards, usually checking for remote transactions and foreign transactions.

As well as the introduction of SCA and OTPs mentioned above to help providers be proactive against fraud attempts, they will also block or check any activities that seem suspicious.

Note: These processes can themselves lead to scam attempts if a customer receives an unexpected call and is persuaded to hand over their details, so keep an eye out for this.

3D Secure

3D Secure (3DS) is connected to Strong Customer Authentication because it is the system card providers use to ensure transactions meet SCA requirements.

The original 3DS is due to be phased out in 2022 as 3DS2 is introduced to improve the customer purchasing experience, although users won't see any difference when they pay.

3DS2 requires 2 factor authentication, meaning customers will be asked for two out of three pieces of information to successfully complete their transaction.

These will usually be:

• A biometric record like a fingerprint or Face ID
• Something the customer has such as their phone
• Something the customer knows such as a password

In practice, this often means that card providers will send a code via SMS and the user inputs that on to the site they're dealing with - proving they're in control of a second piece of personal property in the form of a mobile phone.

3DS2 doesn't have to be used for low value transactions or for low risk transactions where the Payment Service Provider (PSP) has low fraud levels, but expect 3DS2 to be a feature of shopping online for most transactions.

Identity theft services

Identity fraud occurs when a fraudster uses our personal information to open a financial agreement like a credit card.

Credit card providers offering identity theft services usually provide a dedicated helpline for victims and those concerned they might be a victim. This is a free service and shouldn't be confused with paid ID theft insurance.

Protection on purchases

While protection on purchases isn't specifically connected to combating fraud, it's worth being aware of the two schemes that can allow us to get our money back from a retailer if something goes wrong.

Section 75 is a piece of legislation that allows customers to claim a refund on purchases between £100 and £30,000 because the credit card company is deemed equally liable for the purchase along with the retailer.

As we explain in our guide to section 75, this is a useful tool for credit card owners, but success isn't guaranteed.

An alternative that is not legally binding and can be used on debit cards as well as credit cards is chargeback. Again, this can help get our money back in the event of a dispute, yet it shouldn't be relied upon.

Bear in mind that some card providers will offer extra protection on purchases, but these don't necessarily offer much beyond what is already available.

What to do if you fall victim

Falling victim to card fraud, whether it's due to someone stealing a card or through an online scam, can be terrifying. However, there are steps we can take to limit the damage.

1. Contact the card provider to report the theft. Many providers have dedicated fraud helplines, but the main switchboard will usually route us to the right team.
2. Report an online fraud to Action Fraud via their website or on 0300 123 2040.

Taking steps to secure our card if possible by freezing it as soon as we understand something has gone wrong can limit our losses.

In terms of getting a refund, things are more complicated.

As far back as 2014, the Financial Conduct Authority (FCA) was saying that one in ten customers should not be held liable when they lose money as a result of fraud.

If a provider decides a customer is not to blame for the fraud committed against them, refunds may be given, yet providers can argue that customers have been grossly negligent if they have:

• Kept their PIN number written down
• Given their card to someone else
• Provided details over the phone to someone who wasn't an official representative
• Input details to an insecure payment form

As we've discussed above, customers need to take all preventative measures to protect themselves, with payment providers eager to avoid paying out if possible.

Even under the (now-defunct) APP Voluntary Code, more than half of those who lost money to fraud were not reimbursed by their card providers because they were judged to be negligent or somehow complicit.

Summary: Remain vigilant

Card fraud is unfortunately a huge part of modern life and, despite security measures put in place by banks and card providers, many of us will still find ourselves dealing with the fallout from a stolen card or fraudulent online transaction.

Remaining vigilant to the possibility that something isn't right can be one of the best ways of stopping card fraud. For example:

1. Don't use ATMs or payment terminals if something doesn't look right
2. Don't provide details over the telephone unless you're certain about who you're talking to
3. Don't purchase online with companies who don't use secure payments or have dubious reputations
4. Don't trust in something that could be too good to be true
5. Don't be afraid to say no or hang up the phone if someone tries to persuade you to make a card payment you're uncertain about

As the figures suggest, the value of losses to card fraud costs customers hundreds of millions every year. While some of these losses will be refunded, many of them will not be and that leaves customers out of pocket.

Being a victim of card fraud is not something to be ashamed of. Scams and techniques are constantly evolving and more people will have come close to falling victim to a scam than would like to admit it.

Reporting scams and helping card providers work out methods to combat them in the future can be a way of making your terrible experience something that other people don't have to go through.