How to Prevent & Protect Against Latest Credit Card Frauds

The success of Chip and PIN has made counterfeit cards harder to create.
Card-not-present is now the fastest-growing type of card fraud.
There are actions that businesses and cardholders can take to prevent and detect fraud attempts.

Card-not-present — This is where criminals are focusing most of their energy. Transactions occur via phone, mail, internet or other electronic means, and all that bad actors need is a card number, CVV, expiration date and address.
Account takeover — Masquerading, phishing and smishing are used to get personal information and create new accounts. Criminals are increasingly targeting mobile wallets for in-person and card-not-present transactions.
Card theft — With business travelers on the move again, the opportunity to physically steal cards has returned. Even though Chip and PIN adoption has taken oﬀ in the U.S., many terminals are set up to bypass PINs, meaning that fraudsters can often start to use a stolen card immediately.

Review transactions and report suspicious activity

Gain full visibility into transactions by using all the applications and alerts at your disposal, and report anything suspicious immediately.
Make sure you’ve reconciled all transactions before you pay, requesting receipts for payments made via peer-to-peer money transfer apps.
Build an audit program where you review either a sample set or specific types of transactions to help spot misuse at an early stage.

Set up appropriate controls

Establish merchant category codes and define who gets a card in your organization, as well as what they can do with it.
Build in checks and balances by segregating card request and approval duties, with a minimum of two program administrators.
Cancel department cards every time a cardholder leaves the company.
Ensure credit limits are appropriate to each role.

Pay attention to prevention

Don’t give power to fraudsters by using the same passwords across everything. Criminals can take advantage by using automation to match compromised data with commonly used passwords.
·Consider expanding your use of tools like mobile wallet — virtual payments are safer because they generate a one-use number for each transaction.

55.4%

of companies experienced fraud in the last 12 months.³

82%

of people reuse passwords, contributing to data breaches.⁴

Sources:

³Internal polling from Bank of America Commercial Card Recharge Q3 Webinar, September 27, 2023.

⁴IBM Security and Ponemon Institute, “Cost of a Data Breach Report,” July 2021.

Be vigilant and proactive

Set up mobile alerts — what makes a business card different from a personal one is that you may only use it several times a year, so real-time visibility is key.
Look at statements and report any suspicious activity as soon as you spot it.

Make the most of Chip and PIN protections

Use Chip and PIN wherever you can — most merchants now have terminals with chip technology.
Know your PIN and minimize declined transactions by recovering forgotten PINs with tools available on our mobile application.

Aim for accuracy

Don’t let transactions get declined due to incorrect data.
Verify name, address and CVV (3-digit code) for online transactions to ensure that a purchase goes through.

Bank of America’s three-step approach

With a team of professionals dedicated to preventing and addressing fraud — from manning phones and undertaking investigations to examining transaction activity and spotting patterns — we’ve developed a tried-and-tested process:

Identify

Our fraud rules target suspected misuse and criminal activity, and we use advanced tools and technologies to ﬁnd breaches.

Analyze

Fraud analysts review transactional patterns that may indicate criminal activity or misuse.

Contact

When fraud is suspected, analysts contact clients to validate transactions. If a transaction is fraudulent, the account is closed, a replacement card is reissued and claims are processed quickly.

Current threats — Watch out for “man in the middle” ploys

This is an eﬀective method of taking over an account because criminals pretend to belong to familiar, trustworthy institutions like Bank of America.

Step 1

Perpetrator 1 calls cardholder from spoofed number and impersonates BofA. At the same time, Perpetrator 2 calls BofA and impersonates cardholder.

Step 2

Perpetrator 1 asks cardholder for authentication information and relays this to perpetrator 2.

Step 3

Perpetrator 2 uses the real-time authentication information from perpetrator 1 to pass BofA security checks.

Step 4

Perpetrator 2 authenticates card to add to mobile wallet.

Know the red flags

Bank of America will never text, email or call you directly asking for personal account information.
Be suspicious of unexpected communication or situations where you're pressured to act immediately.
Don't trust caller ID. When in doubt, hang up and call the number on the back of your card.

Back to Homepage

Explore more

5-minute read

4-minute read

Important Disclosures and Information

Bank of America, Merrill, their affiliates and advisors do not provide legal, tax or accounting advice. Consult your own legal and/or tax advisors before making any financial decisions. Any informational materials provided are for your discussion or review purposes only. The content on the Center for Business Empowerment (including, without limitations, third party and any Bank of America content) is provided “as is” and carries no express or implied warranties, or promise or guaranty of success. Bank of America does not warrant or guarantee the accuracy, reliability, completeness, usefulness, non-infringement of intellectual property rights, or quality of any content, regardless of who originates that content, and disclaims the same to the extent allowable by law. All third party trademarks, service marks, trade names and logos referenced in this material are the property of their respective owners. Bank of America does not deliver and is not responsible for the products, services or performance of any third party.

Not all materials on the Center for Business Empowerment will be available in Spanish.

Certain links may direct you away from Bank of America to unaffiliated sites. Bank of America has not been involved in the preparation of the content supplied at unaffiliated sites and does not guarantee or assume any responsibility for their content. When you visit these sites, you are agreeing to all of their terms of use, including their privacy and security policies.

Credit cards, credit lines and loans are subject to credit approval and creditworthiness. Some restrictions may apply.

Merrill Lynch, Pierce, Fenner & Smith Incorporated (also referred to as “MLPF&S" or “Merrill") makes available certain investment products sponsored, managed, distributed or provided by companies that are affiliates of Bank of America Corporation (“BofA Corp."). MLPF&S is a registered broker-dealer, registered investment adviser, Member SIPC, and a wholly owned subsidiary of BofA Corp.

Banking products are provided by Bank of America, N.A., and affiliated banks, Members FDIC, and wholly owned subsidiaries of BofA Corp.

“Bank of America” and “BofA Securities” are the marketing names used by the Global Banking and Global Markets division of Bank of America Corporation. Lending, derivatives, other commercial banking activities, and trading in certain financial instruments are performed globally by banking affiliates of Bank of America Corporation, including Bank of America, N.A., Member FDIC. Trading in securities and financial instruments, and strategic advisory, and other investment banking activities, are performed globally by investment banking affiliates of Bank of America Corporation (“Investment Banking Affiliates”), including, in the United States, BofA Securities, Inc., which is a registered broker-dealer and Member of SIPC, and, in other jurisdictions, by locally registered entities. BofA Securities, Inc. is a registered futures commission merchant with the CFTC and a member of the NFA.

Investment products:

Are Not FDIC Insured

Are Not Bank Guaranteed

May Lose Value

How to protect your card program from fraud

Key takeaways

Here are three leading fraud trends to be aware of:

Fraud prevention is a team effort

What can businesses do?

What can cardholders do?

Explore more

Imposter scams are on the rise: Here’s how to manage the risks

Cyber security while traveling