Credit Card Fraud
What is Credit Card Fraud?
Credit Card FraudUnauthorized use of payment-card data — from card-present skimming to card-not-present online theft and BIN attacks — to extract money from cardholders or merchants.
Credit card fraud covers any unauthorized transaction with a credit, debit or prepaid card. The most common modern variants are card-not-present (CNP) fraud where attackers reuse stolen PAN/CVV pairs on e-commerce sites, BIN attacks that guess valid card numbers using known issuer ranges, magstripe and shimming skimmers on ATMs and pumps, point-of-sale RAM-scraper malware (BlackPOS, RawPOS, FrameworkPOS used in the 2013 Target breach of 40 million cards), and account-takeover-driven theft after phishing. Carding markets like the now-defunct Joker's Stash sold millions of dumps and CVV records. Defences include EMV chip+PIN, 3-D Secure 2 (EMV 3DS), tokenization, PCI DSS controls, machine-learning fraud scoring, and FIDO-based step-up authentication.
● Examples
- 01
Attackers reusing stolen Visa numbers from a breach to make small e-commerce purchases.
- 02
BIN attack generating thousands of card numbers and probing a merchant gateway for valid ones.
● Frequently asked questions
What is Credit Card Fraud?
Unauthorized use of payment-card data — from card-present skimming to card-not-present online theft and BIN attacks — to extract money from cardholders or merchants. It belongs to the Attacks & Threats category of cybersecurity.
What does Credit Card Fraud mean?
Unauthorized use of payment-card data — from card-present skimming to card-not-present online theft and BIN attacks — to extract money from cardholders or merchants.
How does Credit Card Fraud work?
Credit card fraud covers any unauthorized transaction with a credit, debit or prepaid card. The most common modern variants are card-not-present (CNP) fraud where attackers reuse stolen PAN/CVV pairs on e-commerce sites, BIN attacks that guess valid card numbers using known issuer ranges, magstripe and shimming skimmers on ATMs and pumps, point-of-sale RAM-scraper malware (BlackPOS, RawPOS, FrameworkPOS used in the 2013 Target breach of 40 million cards), and account-takeover-driven theft after phishing. Carding markets like the now-defunct Joker's Stash sold millions of dumps and CVV records. Defences include EMV chip+PIN, 3-D Secure 2 (EMV 3DS), tokenization, PCI DSS controls, machine-learning fraud scoring, and FIDO-based step-up authentication.
How do you defend against Credit Card Fraud?
Defences for Credit Card Fraud typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Credit Card Fraud?
Common alternative names include: Card fraud, CNP fraud, Carding.
● Related terms
- attacks№ 804
Payment Fraud
Any deceptive scheme that diverts money through the payment system, covering card, wire, ACH, real-time-payment and digital-wallet abuse.
- attacks№ 164
Chargeback Fraud
Often called 'friendly fraud': a cardholder makes a legitimate purchase, then disputes the charge with their issuer to obtain both the goods and a refund.
- attacks№ 068
ATM Jackpotting
An attack in which the cash dispenser of an ATM is forced to spit out all its cash, either via physical access to the top box or via a network compromise.
- attacks№ 821
Phishing
A social-engineering attack in which an attacker impersonates a trusted party to trick a victim into revealing credentials, transferring money, or running malware.
● See also
- № 443Gift Card Fraud