How major credit card networks protect customers against fraud
Key takeaways
- According to the Federal Trade Commission (FTC), credit card fraud is the most common form of identity theft
- The four major credit card networks are Visa, Mastercard, American Express and Discover
- All four major credit card networks offer $0 liability protection, AI-powered user authentication analysis, EMV chips and card identification numbers (CIDs or CVVs) to help protect against credit card fraud
Credit card fraud is the most common form of identity theft, according to the Federal Trade Commission (FTC). Nearly 390,000 cases of credit card fraud were reported to the FTC in 2021, and 441,822 cases were reported in 2022.
While statistics like these may fuel consumer fear of credit card fraud, cardholders can take comfort in the fact that the major credit card networks — Visa, Mastercard, American Express and Discover — offer $0 liability protection. That means you won’t be on the hook for purchases you didn’t make if you’re a victim of credit card fraud.
Consumers can also be assured their credit card issuers and banks are improving security measures as well. Since banks and credit card issuers absorb much of the financial liability of credit card fraud, they have a vested interest in preventing fraud before it happens. Consequently, they’re beefing up their security networks to combat credit card fraud head-on.
Of the four major credit card networks that process credit card transactions, Visa and Mastercard don’t issue credit cards directly to consumers. Instead, they work with banks, credit unions and other financial institutions that do. American Express and Discover are credit card networks that also act as card issuers.
No matter which network your credit card relies on, you can be reasonably assured that it’s safe, with numerous security measures built in. Plus, your card issuer will likely shore up any security gaps through its own fraud prevention measures. Below, we’ll discuss how the major credit card networks are working to fight against credit card fraud and how you can protect yourself.
Visa
The Visa credit card network uses what it calls Visa Advanced Authorization to fight fraudsters looking to make purchases in your name. This fraud detection system uses artificial intelligence (AI) and machine learning to analyze large volumes of data for risk whenever a transaction takes place.
Here are some of the many risk attributes Visa Advanced Authorization seeks to identify in roughly a millisecond:
- Type of transaction. Is the transaction online, contactless, in-app or via chip or magnetic stripe?
- Spending history. Is the transaction in line with the cardholder’s spending patterns?
- Unusual circumstances. Is a transaction occurring at an odd time of day or for a significant amount of money?
After analyzing all available data, the system produces a risk score that indicates the likely probability of fraud — a risk score of one represents the least risk, while a score of 99 indicates the most risk. The Visa network then sends the risk score to the cardholder’s financial institution, which decides whether or not to approve the transaction.
According to Visa, the authorization system is so effective in spotting suspicious transactions that its global fraud rate — which is less than 0.1 percent — is now two-thirds less than it was two decades ago. The sharp decline is impressive because transaction volume has gone up over 1,000 percent during the same time frame.
Mastercard
Like Visa, Mastercard prioritizes identity verification in combating credit card fraud. The company’s centerpiece for authentication is the Mastercard Identity Check program, which uses its EMV 3-D Secure technology. EMV 3-D Secure is an industry standard for helping merchants and card issuers authenticate card-not-present transactions.
The program’s primary purpose is to help merchants and their banks assess risks and ensure legitimate transactions in real-time. Through AI and machine learning, the system checks numerous transaction variables to help an issuer make an informative decision to approve or deny a transaction.
Identity Check’s variables demonstrate just how far user authentication has come. Identity Check looks at screen brightness, user gestures, transaction history and merchant and card issuer insights to authenticate a payment. If the transaction requires additional authentication to protect the buyer, Identity Check may employ biometrics — fingerprint or facial recognition — or a single-use password.
Mastercard, like the other credit card networks, uses an EMV chip and a secure tokenization system. An EMV chip is the square metallic chip on the front of your credit cards and debit cards. The chip reduces fraud by providing a unique code each time you make a purchase. Since the security code is unique for every purchase, it’s much harder for a thief to use the card to commit fraud. (EMV compliance law, enacted in October 2015, requests all U.S. merchants to update their payment systems to accept EMV cards, or they may be potentially liable for credit card fraud that originates at their business.)
Previously, Mastercard required cardholders to keep their account in good standing to enjoy $0 liability coverage for purchases made on its network. Thankfully, the company has removed that restriction and now offers cardholders complete protection. However, note that most card issuers require cardholders to notify them when fraud occurs within 30 days in order to receive $0 liability protection.
American Express
As both a credit card network and issuer, American Express directly provides payment services to cardholders and merchants. With few exceptions, it does not use third-party banks like other card issuers, which means Amex has more access to essential data to help it identify and prevent questionable transactions.
According to American Express, its network facilitates $1.2 trillion in transaction value each year. To ensure safe transactions, Amex uses fraud protection (enhanced by machine learning) that analyzes numerous variables for risk in real-time.
American Express also uses a multi-layered approach to protect consumers from fraud. The company uses EMV chips on its chip and PIN cards to provide a one-time encrypted code to instantly verify your account information. Thieves cannot make a counterfeit copy of your card since a unique code is generated each time you insert your card.
Additionally, card identification numbers (CIDs or CVVs) are credit card security codes that add another layer of security. Your CID consists of four digits printed above your account number on the face of your American Express card (for other networks, this is usually a three-digit number on the back of the card). Even if a thief has your credit card number, they won’t be able to authorize online or other card-not-present transactions without the CID.
Discover
Like the other three credit card networks, Discover’s network uses EMV chip tokenization, CIDs and AI-powered user authentication analysis to ensure transactions are coming from the account holder. However, recognizing that fraudsters are migrating to card-not-present transactions, Discover is focusing its efforts more on online credit card transaction security.
Discover’s primary weapon against fraudulent credit card activity online is ProtectBuy, which the company describes as a Three Domain Secure (3DS) customer authentication solution. With Three Domain authentication, the merchant, network and issuer join together in a secure pipeline to validate a purchaser’s identity during an online transaction.
Discover says it only challenges transactions with the strongest risk signals. This is because early on, real-time risk authentication can unnecessarily challenge many transactions, leading to irritated consumers and shopping cart abandonment. So, when a transaction warrants extra security measures, Discover texts or emails a one-time password to the cardholder. The customer can then enter the password in the ProtectBuy pop-up on the merchant’s page without entering login information or answering security questions.
Merchants that accept Discover are not required to enroll in ProtectBuy. Still, Discover encourages them to employ the feature to reduce card-not-present fraud risk and chargebacks.
The bottom line
If your credit card is issued by one of the major credit card networks, you can rest assured that you’re well-protected against the fast-growing problem of credit card fraud. But it’s important to take measures to minimize these incidents and protect yourself against repeated fraud.
Before you initiate an online purchase, verify that your browser connection is secure, avoid open Wi-Fi networks and consider using a virtual credit card number. (Visa, Mastercard and American Express offer virtual numbers, but Discover does not currently offer this benefit.) It’s also wise to set up mobile fraud alerts, review account statements and credit reports regularly and report credit card fraud if necessary.