STOCK credit card
Phishing attacks - in which cardholders receive emails, texts or even WhatsApp messages demanding an urgent response - remain the top way people fall prey to financial scams. Image Credit: Shutterstock

New York: After going over the costs of a recent road trip in an electric car, I noticed something disturbing in a list of credit card transactions: an attempted charge for a $280 stay in a hotel in Mesa, Ariz., that I had never heard of or visited.

Maybe it was dumped as part of a data breach and sold for a pittance on the dark web, or skimmed by a bit of malware when I bought stuff from some random vendor I found on Instagram. Realistically, I'll never know for sure, and many others won't either.

Credit card issuers as well as companies continue to invest in ways to flag and decline these types of transactions before they're ever a problem. And even now, they're dealing with the fallout from a pandemic-induced surge in fraud as people who normally did their shopping in person were forced to go online.

Nearly 40,000 Americans reported an instance of credit card fraud dealing with existing accounts to the Federal Trade Commission in 2022 - that's up 23 percent from the year before. And that number isn't "reflective of the national scope of the issue," says Eva Velasquez, president and CEO of the nonprofit Identity Theft Resource Center, because people often don't bother reporting these issues after sorting things out with their card provider.


Unfortunately, we're still a long way from wiping out credit card fraud, which means you still need to remain vigilant. Here's what you should know about shielding yourself from fraudsters - and what the companies behind your cards are trying to do to help

Know where you're shopping

If you happen upon sites that claim to, say, sell brand-name products for well under their normal price, steer clear. Velasquez said that deals that look too good to be true often land people in front of unscrupulous vendors who try to pull fast ones with your payment information.

"You do get a lot of instances of people falling victim" to those fraudulent retailers, said Chris Reid, Mastercard's executive vice president of identity solutions, especially since problems online increased during the pandemic.

Beware of risky clicks

Paul Fabara, Visa's chief risk officer, said phishing attacks - in which cardholders receive emails, texts or even WhatsApp messages demanding an urgent response - remain the top way people fall prey to financial scams. You don't even need to fork over your account details to get stung, he added; sometimes clicking on a link is enough, because it routes you to a shady site that attempts to install malware on your device. Instead, avoid links in messages from sources that look unusual.

Set up transaction alerts

Credit card companies and banks can send you notifications via app, email or text messages whenever one of your accounts is charged.

By turning these on, you'll get a near-instant heads-up whenever a transaction - shady or otherwise - happens, so you can quickly contact your provider when something unusual pops up. The downside is that these notifications can get annoying pretty quickly, but that's a small price to pay for catching a fraudulent transaction.

Use virtual cards and card numbers

Giving up online shopping entirely probably isn't a reasonable ask. Instead, you can use tools to limit the visibility of your credit card details.

Some credit card issuers, such as Capital One and Citi, offer "virtual" account numbers - checking out online with one of those prevents the credit card's actual account number from going anywhere. In some cases, you'll be able to set limits on the size of transactions for those virtual cards to further minimize any hassles you might encounter.

Credit Card lock
Credit card companies and merchants are looking at more unusual bits of context - like the way you hold your phone or your typing cadence - to more definitively judge whether you are, in fact, you.

Advanced steps

If you're determined to dodge fraudulent credit card charges, there are a few other things you might want to consider. They're not for everyone, but they might reinforce your financial security.

Some merchants can, for example, automatically update your Visa and Mastercard credit card on file for recurring payments when you're issued a new card.

It's ostensibly there for convenience, but Velasquez from the Identity Theft Resource Center described one case where a consumer couldn't avoid some shady recurring fees without opting out of these systems. Your mileage may vary, but you can contact your card issuer about bowing out if you'd rather handle these kinds of payment updates yourself.

A few years ago, Visa, Mastercard, American Express and Discover jointly rolled out an online payment tool called Click to Pay, which tries to make checkout faster and more secure. Purchases made with the tool are "tokenized," meaning they use disposable payment details separate from your actual credit card number. It might be worth checking out - as long as you don't mind opting in for each individual card you want to use it with.

Finally, consider reporting instances of credit card fraud to agencies such as the Federal Trade Commission. Yes, it's time-consuming and yes, you're busy. But flagging these issues helps give our lawmakers and the industry a better sense of how rampant a problem fraud is, Velasquez said.

Other lines of defense

For every fraudulent charge that shows up on your credit card statement, there are many others that never get close. Beyond the fraud protections offered by your credit card company, the payment networks operated by Visa and Mastercard continually update the tools they use to spot fraudulent transactions the moment they're made.

To Visa's Fabara, artificial intelligence has been a critical component of fraud detection for years. He says its biggest value is helping the company analyze the fire hose of transactions it deals with daily to more accurately identify legitimate charges - even if they are out of character for a cardholder. In the past, its systems outright declined more transactions it thought suspect. Now, AI helps Visa process more of the legitimate charges while weeding out fraudulent ones, he said.

Because these payment processors quickly get feedback about which charges are legitimate, the massive flow of transactions it deals with daily helps inform the way their risk assessment models work.

"At a minimum we upgrade every year," Mastercard's Reid said, referring to the models that assess the risk of financial transactions.

Meanwhile, credit card companies and merchants are looking at more unusual bits of context - like the way you hold your phone or your typing cadence, Reid added - to more definitively judge whether you are, in fact, you.

While methods of sniffing out fraudulent transactions before they're processed are getting more sophisticated, Velasquez said it seems unlikely that people will be able to fully protect themselves from card fraud anytime soon. Too often, they'll have to call their card providers after the fact - like I did with the weird hotel charge - to deal with the damage.

"There are some things that are going to be beyond an individual's control," Velasquez says. But that doesn't mean you shouldn't try.