With so much news about identity fraud, cyberattacks, card skimmers, and straight up theft these days, you may think that credit card fraud is a fairly modern problem. Would you be surprised to find out that the earliest instances of this type of fraud date back over a century?

We’ve previously written about the generally poor state of credit card fraud in modern times, but in order to provide a holistic view of the nearly $14 billion problem that Ellipse is helping solve, we’ve decided to provide a short primer on how the payment industry got here in the first place.

What Is Credit Card Fraud?

Fraud is defined as an intentional act that deprives someone or something of money or rights. For an act to be considered fraud, the fraudster must:

1.     understand that their act is false and,

2.     have the express intent to deceive for their benefit.

Credit card fraud is fraud that comes from the unauthorized use of one’s credit card information for accessing money or purchasing goods and services. Throughout history, credit card fraud has developed in lockstep with credit card technology.

Credit Card Fraud Across Time

The Early Days

The very first instance of credit card fraud is reported to have occurred in 1899 when the early precursors of credit cards were just emerging. The story goes: a farmer threw out his credit card and a crook allegedly picked it up and used it to buy $25 worth of train travel. It was a simpler time, which of course led to simpler fraud.

Source

As credit card technology advanced, so did credit card fraud: In the 1960s, credit card fraud was based on forging cards with the help of expensive machines and taking advantage of the banks’ new, unregulated system of credit by fraudulently acquiring cards and racking up purchases. In these days, cases of credit card fraud were still rare and mostly defrauded businesses, as not many average consumers had access to credit cards.

However, as credit cards became more common, so did instances of fraud. In 1970, Life magazine reported on the novel case of the Orlick family, who ended up on the hook for thousands — despite their credit limit of $400 — after someone physically stole their brand-new, bank-issued credit card.

Pre-Internet Credit Card Fraud

In the late ‘70s and early ‘80s, credit card counterfeiting boomed. Counterfeiters created fake cards or tampered with stolen ones to create new, fake accounts. In response, credit card technology evolved to keep up: in 1983, MasterCard and Visa introduced complex backgrounds, logo holograms, and other design elements to their cards in order to make the physical cards more difficult to reproduce.

Source

The 1980s saw a great influx in credit card usage. As credit cards began infiltrating every home in America, fraudsters began raiding mailboxes and credit card companies’ offices, even working with insiders at stores to commit fraud. For the first time, credit card fraud began to affect more than one individual at a time. One fraudster of the time obtained nearly 100 credit cards as a part of his $10 million credit racket.

While fraud was on the upswing, it was difficult for fraudsters to compromise thousands or millions of accounts at a time. Unfortunately, the means to do so was just around the corner.  

The Internet Age

In the mid ‘90s, internet phishing was born (see our previous post to learn more about phishing). AOHell, a malicious program created to defraud those with AOL dial-up accounts, was one of the first phishing scams that was widely used to steal credit card information.

By 1999, the internet was making it possible for credit card fraudsters to operate on a larger scale. In just one shocking example, a 19-year old stole 25,000 users’ card details from CD Universe.

As credit cards began to incorporate magnetic stripes in the 1990s, fraud evolved to match. Criminals began changing the magnetic coding in order to commit fraud, a trick that remained popular throughout the 2000s.

Also in the 2000s, “carding websites” — online marketplaces where people bought and sold stolen credit card information — exploded in popularity. One example of a carding scheme is the Kalashnikov carding club, which is well-known for selling victims’ card information and full identity, from their mother’s maiden name to their Facebook profile, for just $12-35 USD.

In the aughts, hackers would also begin using the internet to breach large companies’ databases and steal credit card information. Some of the most famous examples include the Card Systems Solutions breach, the TJX Companies breach, and the Heartland Systems breach.

Fraud in the EMV Era

In the 2000s, in response to increasing credit card fraud, EMV technology was born. EMV cards use an electronic “chip” and a four-digit Personal Identification Number (PIN) to securely authorize transactions. EMV became the new standard in credit card technology by the mid-2010s.

Source

Hacking to steal credit and identity information has remained popular as malware and related technologies advance. Over the last 15 years, millions of sets of payment card information have been stolen from Adobe Systems, Target Corporation, Neiman-Marcus, Home Depot, and more, in high-stakes cases that have affected consumers around the globe. Phishing also remains common to this day, with notable examples affecting banks, the United States’ defense suppliers, airlines, Sony, and more.

Identity-based credit card fraud was also taken to new levels in the 2010s. In 2016, a New York-based crime ring was revealed to have forged 7,000+ false identities in order to fraudulently obtain tens of thousands of credit cards.

Of course, good old-fashioned physical card theft still occurs. One interesting example: in 2018, a New Haven man was booked for stealing credit cards from gym lockers, racking up thousands in charges in minutes, and replacing the cards before anyone noticed.

Fraud techniques have also developed to keep up with EMV. In 2006, fraudsters successfully stole more than 1 million Euros from gas company Shell’s customers by tampering with EMV pin-entry pads. In 2011 and 2012, arrests were made in France in connection to the “Man In the Middle Attacks”, a fraud scheme that bypassed chip-and-pin technology by inserting a second chip into EMV cards. This second chip was able to copy information from legitimate transactions to create fraudulent reproductions of the cards’ information. This, along with other notable instances of EMV fraud, has led to increased security for EMV cards and attention to fraud prevention as of late.

In recent years, the world has seen as dramatic increase in CNP (Card Not Present) fraud, which occurs when stolen credit card information is used to make a transaction from a distance. This increase is due in part to the success of EMV technology at curbing CP (Card Present) credit card fraud, which occurs when a stolen or fraudulent credit card is physically presented to a merchant. The increase in CNP fraud is also due in part to the rise of e-commerce. In fact, losses from CNP fraud have grown in correlation with ecommerce. Many credit card and fraud professionals are now prioritizing the protection of cardholders in the online and digital sphere.

Source

Preventing Credit Card Fraud Today

By the 21st century, credit card fraud would become a wide-ranging, sophisticated entity, operating with increasingly dire stakes. As the world becomes more complex, so does credit card fraud. It’s safe to say that that farmer in 1899 couldn’t foresee the EMV chips, phishing attacks, or complex hacking schemes of today. Therefore, we too should expect the unexpected when it comes to the future of credit card fraud.

The newest evolution in credit card fraud protection is the patented EVC (Ellipse Verification Code) technology. EVC technology is a new type of EMV chip that displays a dynamic security code on a digital screen, replacing the less-secure printed security code on the back of most credit cards. EVC enables credit card fraud protection for the digital age, and is the latest innovation to keep you, the user, safe.