Credit Card Fraud Statistics

If you've ever opened up your credit card statement and have seen charges you don't remember making, you've felt a feeling many Americans know and you're not alone. Credit card fraud is a form of identity theft involving criminal deception for the purpose of personal financial gain.

There were 650,572 cases of identity theft in the U.S. in 2019. Of those, 41 percent, or just over 270,000, were credit card fraud.

Key Statistics

Contents

Top 10 Fraud Categories in 2019[1]FTC.gov - Data Book 2019 https://www.ftc.gov/system/files/documents/reports/consumer-sentinel-network-data-book-2019/consumer_sentinel_network_data_book_2019.pdf

Rank Category Number of Reports % Reporting $ Loss Total $ Loss
1 Impostor Scams 647,472 13% $667,000,000
2 Telephone and Mobile Services 186,475 8% $30,000,000
3 Online Shopping and Negative Reviews 173,310 68% $136,000,000
4 Prizes, Sweepstakes, and Lotteries 124,841 8% $121,000,000
5 Internet Services 70,852 35% $56,000,000
6 Travel, Vacations, and Timeshares 34,695 48% $105,000,000
7 Foreign Money Offers and Counterfeit Check Scams 31,146 26% $34,000,000
8 Business and Job Opportunities 27,569 39% $85,000,000
9 Health Care 20,592 52% $8,000,000
10 Advance Payment for Credit Services 17,408 67% $23,000,000

Card-not-present fraud is the fastest growing type of credit card fraud in the US. This is fraud that occurs during a transaction where a cardholder does not present a card to a merchant in person. Skimming is the most common method for this type of fraud.

Impostor scams, where criminals pretend to be employees of the IRS or other agencies, and con or threaten people into revealing sensitive details, including banking and credit card information, is the fastest growing type in the general fraud category.[11]Think your credit card is safe in your wallet? Think again. (Sept. 2019)https://www.washingtonpost.com/business/think-your-credit-card-is-safe-in-your-wallet-think-again/2019/09/11/05e316e4-be0e-11e9-b873-63ace636af08_story.html

In just one year alone, card-not-present credit card fraud jumped from $2.3 billion in 2015 to $3.1 billion in 2016.

Total, percentage, and rate of remote card payments fraud, by card payment type and value, 2015 and 2016[21]Changes in U.S. Payments Fraud from 2012 to 2016 https://www.federalreserve.gov/publications/2018-payment-systems-fraud.htm

Card payment type Remote card payments fraud ($ billions) Percentage of total remote card payments fraud (percent)
2015 2016 2015 2016
Total cards 3.4 4.57 100 100
Credit cards 2.37 3.15 69.7 68.8
Debit cards 1.03 1.42 30.3 31.2

How Credit Card Fraud Impacts Individuals

Being a victim of credit card fraud, or any form of identity theft, can take a toll on a person. But fortunately, the financial toll it takes is usually limited. The Fair Credit Billing Act ensures that an individual will never be liable for more than $50 in unauthorized charges on your credit card due to fraud. And, if you report a lost or stolen card immediately to your issuer, you won't be liable for any fraudulent charges.[13]Pocketsense - Impact of Credit Card Fraud on Individuals https://pocketsense.com/put-credit-card-account-hold-17156.html

Where things get tricky, and where the toll goes beyond the financial, is when fraud is not spotted immediately. For example, in an account seizure, a criminal, using personal identification data from the account holder, contacts the credit card issuer and presents himself as the account holder. Giving all the right-sounding information, the criminal requests a redirection of bills, account notices and mail to a new address. The criminal will then report a lost credit card a short time later, requesting a replacement card sent to the new address on file. In this scenario, the criminal could potentially charge significant debt on your account. This can leave the account holder unaware of those charges until weeks or months later.

This can have a negative impact on the victim's credit score, which can have many indirect costs associated with it. Victims often find it difficult to secure a loan. They may be forced to pay a higher interest rate if they can secure a loan. It can also take months to get their credit score corrected. Fighting incorrect credit information as the result of fraud can also cost a victim lost time from work.

Credit card fraud is a form of identity theft. While identity theft as a whole has increased 37% from 2018 to 2019, those between the ages of 30-39 have been hit the hardest. This age group alone has experienced a more than 56% increase in cases of identity theft.

Identity Theft Reports by Age [3]The Motley Fool - Identity Theft and Credit Card Fraud Statistics for 2020 https://www.fool.com/the-ascent/research/identity-theft-credit-card-fraud-statistics/

Age Identity theft reports in 2018 Identity theft reports in 2019 Change
19 and under 14,251 14,211 -0.30%
20 to 29 76,760 110,769 44.30%
30 to 39 107,367 170,255 58.60%
40 to 49 84,165 122,752 45.80%
50 to 59 63,229 77,350 22.30%
60 to 69 42,704 44,679 4.60%
70 to 79 16,462 17,161 4.20%
80 and over 5,989 5,687 -5.00%
Total 410,927 562,864 37.00

Credit card fraud is the most reported type of identity theft in 2019. It makes up almost half of all identity theft reports, and more than doubles all other types of identity theft.

Top Five Types of Identity Theft, 2019[28]Facts + Statistics: Identity theft and cybercrimehttps://www.iii.org/fact-statistic/facts-statistics-identity-theft-and-cybercrime

Number of reports Percent of total top five
Credit card fraud—new accounts 246,763 45.7%
Miscellaneous identity theft 166,875 30.9
Mobile telephone—new accounts 44,208 8.2
Business or personal loan 43,919 8.1
Auto loan or lease 38,561 7.1
Total 540,326 100.0%

Here’s what thieves do once you’ve stolen information

Source[12]What ID thieves do with the financial data they stealhttps://www.creditcards.com/credit-card-news/how-id-thieves-use-stolen-data-travelers-1701.php

How Credit Card Fraud Impacts Businesses

How credit card fraud impacts a business depends on the type of business affected, and the type of fraud that occurs.

In card-present fraud, the card issuer bears the loss. In card-not-present fraud, the merchant bears the loss. The loss from this type of credit card fraud can have a significant impact on retail businesses which often have small profit margins.

A statistic that is often overlooked is the cost-per-dollar-of-fraud to a business. For example, for every one dollar in value of fraud, merchants can lose up to $2.40 because of the cost of chargebacks, fees, and replacement of the merchandise lost.[14]The Impact of Credit Card Fraud on Your Business https://blog.clear.sale/the-impact-of-credit-card-fraud-on-your-business

Repeated chargebacks could cause increased risk of a business' merchant account being terminated due to a high chargeback rate. Inability to accept credit cards as payment can damage a business' reputation and hurt consumer confidence in that business.

Global losses due to credit card fraud for businesses that sell online jumped from $23.97 billion to $27.85 billion globally. $9.47 billion, one third of global losses for 2018, were from the US. [22]Credit Card Fraud: How to Protect Your Business https://www.businessknowhow.com/money/credit-card-fraud.htm

The United States has about 32.5 million businesses within its borders.[29]What counts as a 'business'? It might not be what you think it is https://www.bizjournals.com/albany/news/2019/04/11/number-of-businesses-in-the-united-states.html These can be anywhere from a large company employing hundreds or even thousands of employees to non-employer businesses. This category includes small sole-proprietorships or individuals operating as independent contractors. Credit card fraud per US business averages out to $291.38 per business for 2018.

Types of Credit Card Fraud

Phishing

Phishing Redirection Attempts detected by Kaspersky Labs[23]ThreatList: Phishing Attacks Doubled in 2018 https://threatpost.com/threatlist-phishing-attacks-doubled-in-2018/142732/#:~:text=Researchers%20with%20Kaspersky%20Lab%20said,users%20were%20attacked%2C%20researchers%20said.

Year Number of Attempts
2018 482,500,000
2017 246,500,000

Phishing is a method of sending emails claiming to be from reputable businesses in an attempt to get sensitive data, such as personal info like credit card numbers or passwords. It’s a type of social engineering that uses deception to get someone to do what they wouldn’t normally do.

Phishers don't always go after credit card information directly. But, of all of the platforms and environments phishers operate in, more than half involves either the retail or financial sectors where there are large storehouses of credit card data.

Source[15]With 1.2 million phishing attacks, 2016 was a success for cybercriminals https://www.helpnetsecurity.com/2017/03/01/phishing-attacks-2016/

Not only are phishing attacks on the rise (95.7% between 2017 and 2018, and the second most common type of fraud discovered through the Coronavirus pandemic), but they are becoming more sophisticated. Initially, phishing attacks were fairly easy to spot because of the insecure nature of the sites people were redirected to. These sites initially did not have the security that a normal retail or credit card processing site would have and would make the savvy consumer wary. 

However, the number of phishing sites now employing encryption (signified by the https://..) is rising. This means more and more illegitimate sites look legitimate at first glance. 

Fraudulent Credit Card Applications

One of the most insidious types of credit card fraud is when a criminal obtains enough information about someone to obtain a fraudulent credit card in that person's name. 

Often, the victim doesn't know about the crime taking place until weeks, months, or even a year or more later. As time passes, fraud involving already existing accounts drops, but because of the nature of new accounts fraud, the misuse period can go on much longer.

In 2018, the Federal Trade Commission reported a 24 percent increase in the number of consumers who experienced credit card fraud involving accounts opened in their name without their permission.[30]Imposter Scams Top Complaints Made to FTC in 2018 https://www.ftc.gov/news-events/press-releases/2019/02/imposter-scams-top-complaints-made-ftc-2018 Known as the “Impostor Scam,” the FTC reported that this form of fraud jumped from 461,639 reported cases in 2017 to over 550,000 reported cases in 2018. Consumer losses to this type of scam in 2018 totalled $488 million.[31]The Big View: All Sentinel Reports - Federal Trade Commission https://public.tableau.com/profile/federal.trade.commission#!/vizhome/TheBigViewAllSentinelReports/StatebyState

The banking industry is implementing the use of artificial intelligence to spot patterns fraudsters use that humans can't see. The industry is also implementing standards like EMV to reduce credit card fraud. However, banks are also under pressure from consumers to make opening new accounts quick and easy. Finding the proper balance between these competing needs will influence future trends in fraud statistics.

All machine learning systems require time to learn. In other words, AI/machine learning technology has to acquire enough data in order to feed into pattern-matching algorithms used in detecting fraud. But once this has been achieved, a refined machine learning system can detect up to 95 percent of all fraud and minimize the cost of manual reconciliations.[26]Demystifying Machine Learning for Banking https://feedzai.com/wp-content/uploads/2017/03/DML-Final.pdf It can also minimize fraud investigation time by 70% and improve detection accuracy by 90%.[27]Next-Generation Fraud Management Solutions https://www.capgemini.com/in-en/wp-content/uploads/sites/6/2017/07/next-generation_fraud_management_solutions_for_banks_and_capital_market_firms.pdf

Card-Not-Present (CNP) Fraud

The scary reality of card-not-present fraud is that it's not only increasing, it's projected to increase exponentially. And that's not very surprising given the recent pandemic that has shot the number of card-not-present transactions through the roof.

Amount of Card Not Present Fraud[24]Digital card-not-present fraud to hit $130B by 2023 https://www.retaildive.com/news/digital-card-not-present-fraud-to-hit-130-billion-by-2023/545171/ [25]What is Card-Not-Present Fraud? https://creditcards.usnews.com/articles/what-is-card-not-present-fraud#:~:text=A%202018%20study%20from%20the,billion%20during%20the%20same%20period.

Year Amount
2015 $3.4 billion
2016 $4.57 billion
2018-2023 (6 year projection) $130 billion

CNP fraud involves the consumer not presenting a physical card to a merchant at the point of sale. As consumers, we're most familiar with this type of transaction every time we buy from Amazon. We enter our credit card information on an online form and a few clicks later, we receive a message that our purchase is on its way to us.

CNP fraud is unique because its increase has largely been driven by the decrease in card-present fraud. Card-present fraud, while still a serious problem, has been on the decline because of EMV technology. The magnetic strip on traditional credit cards has static data. It remains unchanged with every transaction, and is therefore easy to duplicate. Every time a card containing an EMV chip is scanned, it creates a unique transaction code that can not be used again making it much more secure for in-person transactions.

Criminals discovered it is much easier to obtain a 16-digit credit card number, expiration date, and CVV code for a credit card than to try in vain to duplicate EMV technology.[19]Investopedia - Card Not Present Fraud https://www.investopedia.com/terms/c/cardnotpresent-fraud.asp With EMV not used for online transactions, that's where they shifted their efforts.

Source[18]Credit card fraud and ID theft statistics https://www.creditcards.com/credit-card-news/credit-card-security-id-theft-fraud-statistics-1276.php

With the implementation of EMV in 2015, card-present fraud losses dropped from $3.6 billion to $1.7 billion, a drop of 49%. Card-present fraud more than doubled from $3.1 billion to $6.4 billion.

Credit Card Fraud in Recent Years

The number of reports of credit card fraud has continually risen since 2014. There have been a few noticeable spikes between the years 2014 to 2016 and again from 2018 to 2019. Both of these spikes have been the result of high-profile data breaches. 

Source[3]The Motley Fool - Identity Theft and Credit Card Fraud Statistics for 2020 https://www.fool.com/the-ascent/research/identity-theft-credit-card-fraud-statistics/

In 2014, Target had 70 million customer accounts compromised in a 5-month period.[5]Target says up to 70 million more customers were hit by December data breach https://www.washingtonpost.com/business/economy/target-says-70-million-customers-were-hit-by-dec-data-breach-more-than-first-reported/2014/01/10/0ada1026-79fe-11e3-8963-b4b654bcc9b2_story.html Home Depot had 56 million customer cards compromised in a similar 5-month period the same year.[6]Home Depot's 56 Million Card Breach Bigger Than Target's https://www.wsj.com/articles/home-depot-breach-bigger-than-targets-1411073571 Restaurant chain P.F. Changs and SuperValu Grocery Stores were also compromised in 2014.[7]Supervalu gets hacked ... again https://money.cnn.com/2014/09/30/technology/security/supervalu-hack/ [8]PF Chang's hack hit 33 restaurants for 8 months https://www.pcworld.com/article/2461240/pf-changs-hack-hit-33-restaurants-for-8-months.html Neiman Marcus had 1.1 million customer accounts compromised in 3 months.

But by far the most devastating US data breach was the July 2019 Capital One breach, with more than 100 million customers' information compromised. That included credit card application information as well as the data of 80,000 secured credit card holders.[20]CNET - The 2019 Data Breach Hall of Shame https://www.cnet.com/news/2019-data-breach-hall-of-shame-these-were-the-biggest-data-breaches-of-the-year/

This breach came during a massive wave of other data breaches of dozens of other companies exposing everything from online video game player information (which also houses credit card data) to healthcare data.

Sources