FollowSteph Follow Steph as he posts Blog Blazer Friday

Why There's Still Credit Card Fraud

Every wonder why there’s still so much credit card fraud? About 2-3 weeks ago I saw a really documentary on Dateline about online credit fraud, well mostly about identity theft, but still very relevant. It’s what triggered this article. In any case the commentator did a great presentation, and showed how many people get taken. He was even able to show how within a day or so they set up a fake online store to accept stolen credit cards orders on the internet. They did it in a day!

So why is this still happening? Why are stolen credit cards continually used to purchase products when we know how it’s done. Why aren’t credit card companies stopping it cold, or at least bringing it way down?

The answer lies with their motivation and incentives. A while ago I wrote a glowing recommendation on a book entitled “Freakonomics“, where one of the things the book really showed you is that you need to pay close attention to motivations and incentives. And once I started to ponder about the credit card companies motivations, things became a lot clearer. The incentives and motivations just aren’t there to completely remove credit card fraud. There are of course strong motivations to keep it low, but not to completely eliminate it.



Before going into detail, let’s take a look at an example of what happens to us at LandlordMax when someone uses a stolen credit card to purchase our property management software (although it very rarely happens, no one is completely immune to it). Firstly, the fraudster goes online and makes a purchase of LandlordMax. The credit card company authorizes the transaction saying the credit card is valid and has the sufficient funds. Once we get this ok, we then proceed to finalize the transaction and send the customer their product. Everything is looking good and all parties are happy. However within the next few days, more often weeks to months, we receive a notice from the credit company that the transaction they authorized was fraudulent (more often than not it’s because of a stolen credit card). However here’s where it gets interesting, it doesn’t end there, the credit card company then takes back the funds they authorized (remember they told us it was ok to proceed).

So let’s look at the motivations. Firstly they aren’t liable for lost funds. Yes they authorized it, but they aren’t liable, the merchant is. If the card is stolen, the credit card company doesn’t lose a penny, the merchant takes all the risks and losses. Not only does the merchants lose their funds, but you also have to remember that their out of product as well. So for example, if you sold a diamond ring for $2000, not only would you have to give back the $2000 but odds are the diamond ring is nowhere to be found.

Understanding this, it quickly becomes very clear why they aren’t motivated towards a zero tolerance on stolen credit cards. It basically becomes a cost to benefit equation, they have to cleverly balance how much theft they can let go by without people losing confidence in them. To put it in other words, it costs money to detect fraudulent transactions and to be on top of criminals, exponentially more expensive as you get closer to a zero tolerance. What they have to figure out is how much theft is acceptable so that people will still have confidence in their product (and continue to use credit cards) while not paying too much to prevent this fraud. It’s a very fine line to balance. As they get ever closer to zero tolerance their costs go up with diminishing returns.

Remember the key ingredient here is that they aren’t liable for losses they authorized, the merchant is. So their only real motivation is to instill confidence in their customers (credit card holders) that using their credit cards is safe (where they get a percentage of every transaction). They don’t really have a motivation to produce a 100% safe credit card system, at least not until they’re on the hook for the losses instead of the merchants.

Without pushing the point further, don’t get me started about chargebacks. Another one of my favorite pet peeves with credit card companies. If someone ever decides to do a chargeback, of which we’ve had a grand total of 2-3 over the last 4 years which is an incredibly low percentage, not only do the credit card companies take the money back but they also charge you a significant chargeback fee! If you look at their motivation, it’s definitely towards the credit card holders and not the merchants. They have no vested interest in helping you, they don’t lose a cent, they actually make money if chargebacks go through.

So if you take a good look at what motivates credit card companies in terms of protecting people against credit card fraud, its probably not what you expected. Yes they are motivated to keep credit card fraud down, but they are definitely not motivated to completely stop it. It just doesn’t make economic sense for them. Ethically it’s a different story, but unfortunately today the economics is the reality.

Like this article?


  •     Andy Brice
    · May 1st, 2007  · 4:26 pm  · Permalink

    Its rather ironic that I see adsense ads for credit cards when above this comment box!

  •     Patrick McKenzie
    · May 1st, 2007  · 8:55 pm  · Permalink

    Actually, chargebacks are a net negative for the credit card company in almost every case. They require multiple phone calls by a trained human to resolve. Each of those costs about $11 worth of overhead for a US-based CS employee, and $6 (and rising) for one from India. (These are approximate numbers based on my recollections of working in CS at a company which had a not-quite-Mastercard-sized CS department.) The $15 chargeback fee is NOT a profit center, let me tell you.

  •     Steph
    · May 4th, 2007  · 10:53 am  · Permalink

    Hi Andy,

    It is isn’t it! Gotta love contextual advertising.

  •     Steph
    · May 4th, 2007  · 10:54 am  · Permalink

    Hi Patrick,

    That’s probably very true. However my question then is why is this offset to the merchant and not covered by the credit card company…

  •     Boris Yankov
    · May 5th, 2007  · 5:58 am  · Permalink

    Steph, the charge to the merchant is for the very reason of incentives. It increases merchant’s motivation to prevent charge-back, either by providing better service/product or by giving refunds when the customer is not satisfied.

  •     Lance
    · July 24th, 2007  · 10:35 am  · Permalink

    If you want to aviod charge backs, just make sure the address you ship your product to matches what is on the credit card. Since you have a internet business, that is the only way you are protected from chargebacks. If you show proper shipping documentation to the billing address the chargeback will be reversed. Also when you process a credit card all the authorization code means is that there are available funds on the credit card, hence if you have my credit card number, the sale is going to go through, and when i get my bill at the end of the month, i’m going to dispute the transaction. So when taking the sale making sure you take precautions on who you are doing business with. Credit card fraud is very high in this day in age.

  •     Steph
    · July 24th, 2007  · 9:43 pm  · Permalink

    For us personally, because we have such a low credit card fraud rate, it’s almost not worth the cost of paying for the service to match the address with the credit card.

    But for almost every other merchant, regardless of that, what is proper shipping documentation? In this day and age, many of the fraudulent purchases also have bogus shipping addresses. If it’s a 100% online transaction (downloadable only) then that can be faked. The only protection is when you need to physically mail something, which is only about 10% of our orders.

    So for us here, the question is do we pay for a service where it’s almost break even with the fraud loss… Once you factor in the development costs, maintenance, and potential loss sales, it’s probably not worth it.

    The big issue for me though is that it’s frustrating when the motivation for the credit card is not really aligned to fully protect people and companies from credit card fraud. It’s only there as much as they can maintain their credibility, not any more. And this is why credit fraud is so rampant and will not go away. Until they are directly responsible for the loss, the motivation is just not there to eliminate it, only reduce it.

  •     Quinton
    · February 15th, 2008  · 4:01 am  · Permalink


    Would that $11 not be better spent preventing the fraudulent purchase in the first place?

    The vast majority of these chargebacks are preventable, but again it is the seller that has to try and prevent them, not the credit card companies.

  •     Steph
    · February 15th, 2008  · 3:36 pm  · Permalink

    Hi Quinton,

    I would disagree with you has to who’s responsibility is to prevent fraud. The bank and not the seller should be responsible for preventing fraud. Of course if the seller is being stupid than that’s another story. But in general it should be the bank.

    Here’s why. How as a seller can I know which cards are fake and which one’s aren’t? I don’t have nearly the amount of information at my hands that the credit card companies do. But not only that, I can’t possibly be asked to keep up with all of the credit card features out there. There’s just no way.

    But what’s worse is that the credit card companies themselves have authorized the purchase. Once they do that the onus should then be put on them, not the seller. The seller has done everything asked of them, and done it right. The credit card company has said yes, this is valid. You’re then giving away your product. And then a month later the credit card company takes back it’s money, to something they approved!

    Now as a seller I’m out both the money and the product. That’s horrible, especially when the credit card company gave me the authorization to process the credit card. They said it was valid and the funds were there.

    Where else is this even legal? If you go to a store, purchase a product, can the store just come to your home and take it back from you a month later? I’d like to see that. With credit card companies this is normal.

    Btw, this is also the reason there are a lot of class action lawsuits right now from merchants against the big credit card companies. And this is also why there is still a lot of credit card fraud, and why it won’t go away anytime soon. It’ll only get worse until consumer confidence erodes to the point where the credit card companies have to do something.

  •     Quinton
    · February 15th, 2008  · 3:59 pm  · Permalink

    Hi Steph

    I think you may have misunderstood my post, I totally agree with you.
    I meant that the $11 would be better spent by the banks to prevent the fraudulent purchases in the first place.

  •     Steph
    · February 15th, 2008  · 4:27 pm  · Permalink

    Ah. I read “The vast majority of these chargebacks are preventable, but again it is the seller that has to try and prevent them, not the credit card companies.” to mean that the seller (ie the store) should be responsible for preventing fraud.

    My apologies.

  •     jim
    · March 28th, 2008  · 4:48 pm  · Permalink

    Even though the credit card companies have fraud depts, their focus is on protecting the consumer not the merchant. The merchant gets stuck both ways. In my discussions with VISA they expect the merchant to protect themselves from fraud and if they don’t meet less than 1% fraud to sales ratio, they pull the merchants ability to take a credit card .

    If it was such a prevalent mode of purchasing by the consumer and sales by the merchants, it would be great to have all merchants for one day not take a credit card but do a cash only day.

  •     Steph
    · March 29th, 2008  · 9:52 am  · Permalink

    Hi Jim,

    I agree. And what’s even more interesting is that credit card companies has more information on whether a particular transaction is fraudulent or not than a merchant can ever expect to know. For example a merchant doesn’t have the recent history of transactions, they don’t know the spending habits, etc. The best they can really do is a few verifications and authorization from credit card company.

    From a merchant’s perspective, I believe that if the credit card company authorizes the credit card, with all the information required, the the burden of fraud should be shifted to their shoulders.

    What would happen if this were the case is that the credit card companies would say no more often. That or they would increase their security. In either case everyone wins. Yes the consumer may have to use alternative modes of purchasing, but they would quickly put pressure on the credit card companies to increase their security.

  •     Robert Nederal
    · September 25th, 2008  · 9:16 am  · Permalink

    Another interesting question is why loss liability rules are different between Card Present and Card Not Present cases.
    As far as I understand, card issuers are liable (i.e. cover) losses for lost/stolen Card Present transactions, while it is merchants that are liable in Card Not Present scenario.
    Why the difference?

  •     Steph
    · September 29th, 2008  · 9:15 pm  · Permalink

    Hi Robert,

    Why should the merchant ever be liable unless they’re negligent? If they allow the transaction, at the very least they should recover the merchants costs.

    Otherwise it’s a big conflict of interest. What’s their motivation for security other than credibility? Not being on the hook sure does alleviate a lot of risk…

Write a reply:



LandlordMax Property Management Software

LandlordMax is the EASIEST
Property Management
Software available!
Try it for free!

Real Estate Pigeon

Real Estate Pigeon
The place to ask and answer
all your real estate questions

Blog Blazers: 40 Top Bloggers Share Their Secrets to Creating a High-Profile, High-Traffic, and High-Profit Blog!

Blog Blazers is a book that
features secrets from the
Top 40 Bloggers on the web

How to Generate Traffic to Your Website ebook

How to Generate Traffic to
Your Website
is an ebook for
to you achieve success


More resources from Stephane Grenier:
For people who work on the web
Blog Blazers
How to Generate Traffic to Your Website
The EASIEST Property Management Software available!

Copyright @2003-2024
LandlordMax Property Management Software

Disclaimer: This is a personal blog about my thoughts, experiences and ideas. The contents of this blog are for informational purposes only. No content should be construed as financial, business, personal, or any other type of advice. Commenters, advertisers and linked sites are entirely responsible for their own content and do not represent the views of myself. All decisions involve risks and results are not guaranteed. Always do your own research, due diligence, and consult your own professional advisors before making any decision. This blog (including myself) assumes no liability with regard to results based on use of information from this blog. If this blog contains any errors, misrepresentations, or omissions, please contact me or leave a comment to have the content corrected.