Transactional fraud is a prevalent type of financial crime that occurs when a stolen card or details are used to transact unauthorisedly. For example, a lost or stolen card could be used to make purchases by a criminal. Alternatively, card details could be obtained illegally, hacking or purchasing them. The criminal would then use them to make transactions that benefit them but disadvantage the account owner without permission.
As online and remote payments have become more popular and widespread, the risk of transactional fraud has increased for merchants and individuals. Personal data, including card numbers, are widely available on the dark web and obtained through hacking and similar illegal activities. According to various sources, online payment fraud losses over the next five years will amount to some $343 billion globally, increasing yearly. This is a massive problem for companies, banks, and consumers, and all stakeholders must be aware of the risks involved while taking steps to mitigate them. This should also be a priority as rising fraud cases can put o consumers from purchasing or buying any services online.
What are the laws in the US?
Under US federal law, it is illegal to use, attempt, or conspire to use a credit or debit card in a transaction without permission. The law specifies that a person knowingly engages in marketing with interstate or foreign commerce, using a counterfeit, fictitious, altered, forged, lost, stolen, or fraudulently obtained a card to obtain money, goods, services, or anything else of value and can face the consequences. It also covers those who intend to sell or transport a fictitious, counterfeit, altered, forged, lost, stolen, or fraudulently obtained card.
Those receiving such details or a card can also find themselves in trouble at a federal level. The penalties for these crimes depend on factors such as the offense's severity, value, or frequency, but they cannot exceed a $10,000 fine or ten years in prison.
What are the laws in California?
In the US state of California, transactional fraud, otherwise known as credit card fraud, is covered by multiple articles of state law. It is illegal for anyone to commit fraudulent transactions with a credit, debit, or access card, to obtain money, goods, or services to which they are not legally entitled.
Penal code sections:
- 484e PC deals with stolen credit cards and makes it against the law for a person to have in their possession or sell the card or information about it without the full consent of the account holder.
- 484f PC refers to those who forge credit card information, either altering existing information, signing someone’s name in a transaction, or creating false information without the knowledge and consent of the account holder.
- 484g PC applies to anyone using a card or account for fraudulent activities. For example, it is illegal for an individual to use a card they know is fake, expired, or otherwise not valid to purchase any goods or services.
- 484h PC specifically applies to transaction fraud carried out by a retailer in cases where they knowingly accept payments from a card that is stolen, revoked, fake, or otherwise not valid. It also applies to those who forged transaction details when in fact, one did not happen in an attempt to gain financial benefits.
- 484i PC is related to the counterfeit of financial cards. Under this provision, it is illegal for anyone to make, manufacture or otherwise create or possess a counterfeit card. This also applies to equipment that can be used for these purposes.
- 484j PC applies to those who knowingly publish or communicate someone’s credit card information with the intent or knowing it will be used to defraud the owner. This includes PINs, card numbers, security numbers, and other private information.
When comparing the two, it is clear that transactional fraud is illegal at the federal and state levels. However, federal law provides an overview of what is unlawful; at a state level, more attention is paid to minor details. This means that those operating in California must be aware of what the law specifies regarding the obligations of consumers and merchants when processing card payments or any other form of remote payment.
What can companies do?
Companies must make efforts to combat transactional fraud. This is because failure to do so can result in criminal and administrative penalties, business closures, and future issues operating in other sectors and industries. It also causes significant reputation damage, which is almost impossible to shake off. Last but not least, it can result in stricter regulation and supervision, creating more substantial compliance and regulatory burden for merchants, thus increasing costs.
Another little talked about transactional fraud risk is the chargeback and chargeback administration fees. A chargeback is where the card owner contacts their bank to dispute a charge made to a merchant or service provider. This money is then taken forcibly back from the merchant’s bank and given to the account holder. These transactions are made when a consumer finds out they have been a victim of fraud or other unauthenticated behavior. Sometimes, consumers themselves can commit chargeback fraud and make illegal requests for refunds while giving their false bank information.
Retailers are under pressure to ensure their chargeback ratio does not exceed 1% of all transactions. If it does, they can find themselves facing bank account closure, putting a stop to business activity. Of course, there will always be cases where consumers mistakenly open chargeback cases- maybe they don’t recognize the merchant's name or forgot they made a purchase- but merchants also have to stay on top of the situation.
Several tools, measures, and approaches can be used to mitigate risks. For example, comprehensive digital tools explicitly designed to combat transactional fraud or practical steps to be implemented across operations. Examples include enriching customer data, linking phone numbers, checking IPs, verifying email addresses, and keeping all of this up to date.
Checking that customers have a social media presence is also something that can be done to ensure that the person setting up an account is a real person. It is also worth keeping a record of devices consumers use to log in so that if there is a change, it can be verified to ensure it is not a fraud. These suggestions and others, such as fraud scores, machine learning, and other digital solutions, are the best way to tackle the issues related to transactional fraud.