Clarity’s fraud team has seen an increase in reports of fraudsters using multiple stolen credit/debit cards to pay off sequences of single-payment loans for the same identity. We have seen cases in which more than five different stolen cards have been used this way.
The fraudsters have hit multiple lenders with this scheme, which provides a higher return than using stolen cards to buy liquid merchandise such as laptops or gift cards online.
Beginning in 2015, card issuers in the U.S. began migrating their current magnetic swipe cards to chip embedded cards, which make it more difficult to commit fraud at the point of sale with a stolen card. Europay Mastercard Visa® (EMV®) created this microchip technology and it is used in over 36% of card-present transactions worldwide.1 As this technology (also known as “chip and signature” or “chip and pin”) continues to roll out in the U.S., we expect to see this fraud trend of monetizing stolen cards online used much more frequently.
According to Aite Group, countries that have adopted EMV® have shown up to a 50% reduction in consumer-present fraud and an 80-130% increase in consumer-not-present fraud.2
The rules of this fraud trend:
Credit card chargebacks are pretty straightforward. The consumer is limited to $50 in liability and has up to 120 days to report that the card was used fraudulently.3 This can mean that a lender could have received multiple payments from the fraudster before that first card is disputed and the scam uncovered. A successfully cleared card payment is no guarantee that subsequent payments from the same card or others presented by the consumer will clear.
The rules governing debit card disputes favor the fraudster even more when processed using a PIN. The victim of the theft has to file a dispute and the chargeback process can generally take up to 60 days. However, after just two days, the victim’s liability for the fraudulent payment jumps from $50 to $500.4 This could mean that even if a consumer realized that their card had been compromised, given how difficult banks make it to dispute debit card transactions, it might not be worth reporting for a payment of less than $500. Although that is good news for the recipient of the payment, it also masks that the fraudster used a stolen card to make the payment and may use other stolen cards in future payments.
Some of the warning signs to look for are:
- A consumer paying off loans early using a card. They are trying to get in as many loans as they can before the chargeback is reported to the lender. Look out for early payments just a few days after funding.
- A consumer using a different card for each payoff. If the consumer had access to multiple cards with available credit to cover short-term financial trouble, they wouldn’t need a loan in the first place. This is a red flag.
- Multiple cards presented for payment that do not get approval. Not every stolen card is viable and fraudsters will typically run through a list of stolen card numbers until they get one that is authorized.
In the meantime, some precautions that you can take to avoid this fraud trend include verifying that the address on the card matches the applicant (AVS check), validating the CVV code, using 3D Secure, or placing a limit on the number of unique payment devices a consumer can use (or attempt to use) to pay off their loans.
AVS is an anti-fraud service created by Visa® and currently used by Visa®, MasterCard® and American Express®. It checks whether parts of the billing address used to apply for the loan match the address on file with the card issuer. The premise underlying this method is that the fraudster does not necessarily use the identity associated with the stolen card to apply for the loan, and thus is unable to pass the verification. 3D Secure uses a cardholder-created password with the card issuer to verify the identity of the consumer and is promoted by Visa®, MasterCard® and American Express®.
If you think your company has been impacted by this fraud trend, please contact us to let us know at firstname.lastname@example.org.
1EMVCo. Worldwide EMV Deployment Statistics. Retrieved from https://www.emvco.com/about_emvco.aspx?id=202.
2 Verifi. The Impacts of EMV: Why Card Not Present (CNP) Merchants Need to be Prepared. Retrieved from https://paylinedata.com/wp-content/uploads/2014/12/Verifi_wp_Impact-EMV_Branded.pdf
3 Chargebacks911. Chargeback Time Limits Applicable to Cardholders and Merchants. Retrieved from https://chargebacks911.com/chargeback-time-limit/
4 Chargebacks911. How do Credit Card and Debit Card Chargebacks Differ? Retrieved from https://chargebacks911.com/debit-card-chargeback/.