Why No Credit Card Is 100% Safe Against Fraud

It seems that there is nothing a consumer can do to completely prevent a merchant from putting an unauthorized charge through on their account. Even if that account is closed or you’re using a “single-use” or “virtual” credit card, fraud-prevention cards with disposable credit card numbers that change after you use them once, you’re not 100% secure. How come? Well, we’ll tell ya.

This SlickDeals forum thread talks about how if a merchant manually bills an account, without sending it through their credit card processor to get appropriate authorization, the bank will pay them without question. The good thing is that charges that are received by the bank that come through without an authorization attached are very easy to initiate a chargeback on.

Once again, it is up to the consumer to examine his bills and make sure his ass is protected.

Virtual credit cards are no protection [SlickDeals] (Photo: Getty)


Edit Your Comment

  1. mrjimbo19 says:

    Ben… waiting for the haha april fools thing to happen at any time now on this one. I am not sure how to take this at all…should i just pay for everything via check and deal with it?

  2. sventurata says:

    Good post. It’s a major drag, dealing with authorizations that sneak in under the floor limit on cancelled cards (which tends to be higher internationally, so many of these originate overseas and are harder to break down).

    Usually they’re written off before transferring to the new/valid card number, but, of course, these costs impact the bank’s bottom line, and cardholders pay indirectly.

    Love the financial industry…

  3. Ragman says:

    No, they aren’t 100% safe, but they’re a far sight safer than using the actual card number. In this case, it requires that a merchant manually push the number through. More difficult than just getting online and spending like crazy. I had something similar happen to my Discover card number that got stolen from a brick and mortar store computer.

    Then again, we are SUPPOSED to be checking our CC statements for fraudulent use.

  4. SOhp101 says:

    Yeah, they’re not 100% safe, but neither is using your check or cash.

    To each his own, but I’ll stick with the plastic.

  5. A.W.E.S.O.M.-O says:

    @SOhp101: Agreed. It’s not any riskier than checks or carrying around a lot of cash, so what choice do you have? Maybe it’s just me, but I’ve had fraudulent charges on my card, and the dispute process was really easy.

    Actually, of the three payment methods, we should be most afraid of checks, but that’s a story for a different day.

  6. @A.W.E.S.O.M.-O: Frank Abagnale Jr. would agree. ;)

  7. watermelonpunch says:

    Then, last month, through no fault of my own, some store I purchased
    from was compromised, and my bank debit card had $1200 worth of
    fraudulent airline tickets charged to it. Bonus, most of that came from
    overdraft protection from my savings account! I had to wait about 3
    weeks for the $1200 to be put back into my checking account, and the
    bank would do nothing while my automatic payments were denied &
    feared that my rent check would bounce. And to add insult to injury, I
    lost interest on that money for 3 weeks.
    That’s when I found out that NO card is safe, no matter how many
    precautions you take. If you pay for something with the card –
    anywhere- the information is out there for the theives to find if they
    really want to.
    Also, I recently learned about the high rates that businesses pay in
    order to accept credit cards. They’re not allowed to charge service
    fees and they’re not allowed to tell the consumer about these rates.
    The card companies simply tell the retailers that they should pad their
    prices to handle the expense. That means plastic usage drives up the
    prices EVERYONE pays.
    I’m now back to writing a lot more checks. It just seems like the most sensible thing overall.
    I also no longer use overdraft protection – because that fraudulent charge would’ve been denied if I hadn’t had it.
    OTOH, the manager of the bank I had the problem at told me they had a
    woman who committed fraud on her employer’s bank account using the
    information she got from her paycheck. So nothing’s really safe. Though
    cc# thieves are a lot less likely to be caught & punished.

  8. nsv says:

    That does it, I’m not buying ANYTHING anymore!

  9. johnva says:

    Actually, from our perspective, they’re pretty safe. Because by law it’s not your liability if fraud occurs. As long as the credit card company eats the cost of fraud, I really don’t care that much about taking steps like using virtual credit card numbers to better protect my numbers. It’s their problem, not mine, so if they want me to help them prevent fraud they should provide me with incentives to use systems like that, like greater reward points or something.

  10. FLConsumer says:

    I’m with johnva on this. It’s the bank’s problem, not mine. If they’re serious about fraud, why don’t they implement something a bit more secure than the current system? In Europe CC+PIN transactions are the norm. Is a PIN foolproof? Absolutely not, but it stops someone from taking my card and running around town with it.

    Still safer than cash and cash doesn’t keep track of my reimbursibles for me, nor does cash give me cash back.

  11. rinse says:

    It may be the bank’s problem, but it’s still a pain in the ass for the customers to sort it all out when fraudulent charges appear on your statement. :(

    On a related note, I recently used a virtual credit card number on Amazon, and Amazon never even asked for the extra 3 digits (from the back of a credit card). So I guess the extra secret 3 digits are just formality?

  12. brian25 says:

    In Europe they also have laws that mandate that swipe readers cannot be tampered with. If they are, they literally destroy themselves.

    The PIN pads are also shielded with a shroud so no one can see what PIN number you are typing into the machine. Walgreens has started implementing these.

  13. @johnva: Actually, from our perspective, they’re pretty safe. Because by law it’s not your liability if fraud occurs. As long as the credit card company eats the cost of fraud, I really don’t care that much about taking steps like using virtual credit card numbers to better protect my numbers. It’s their problem, not mine, so if they want me to help them prevent fraud they should provide me with incentives to use systems like that, like greater reward points or something.

    It’s only ‘not your liability if fraud occurs’ if the account holder reports the fraud within a finite time period. If not, the charges are completely the account holder’s responsibility. And if the account holder does report it in time and the CC issuer eats the cost, don’t you think they just charge the customers some more silly fees to make up for it. Never forget, they are in business to make money. But your idea of incentives for customers to use more secure systems (like virtual CC numbers) is a very good one.

  14. aikoto says:

    Notice that he’s a Bank of America customer. I think that’s highly relevant in this case.

  15. PencilSharp says:

    Considering you would go through about 5 more circles of hell with a stolen checking account number vs. a stolen credit card number, that would be a nyet, comrade.

  16. ratnerstar says:

    New study finds that it’s impossible to complete remove risk from life. Film at eleven.

  17. The only time I tried to use a Virtual Account Number, it didn’t work, so I never tried again.

    This is reason #347831 to ALWAYS CHECK YOUR STATEMENT. Preferably every day. Seriously.

  18. steveliv says:

    because I pay off my balances in full every month, and always check my statements, using a credit card is the best thing for me. I’m not even counting how easy it makes tracking expenses. i’ve had a fraudulent charge on my amex, but a quick call had them removed and a new card issued. just make sure they close the card # due to fraud/theft, otherwise charges on the old number will follow you.

  19. nsv says:


    The PIN pads are also shielded with a shroud so no one can see what PIN number you are typing into the machine.

    I do this with my wallet. Always. It looks subtle, since my wallet is already in my hand, I’m just resting my hand on the keypad. It works better than trying to cover the keypad with my free hand, and is less likely to tick off the next person in line, who might think that you are hiding your pin from them, specifically.

    (Yes, that happened to me. People are strange.)

  20. Imaginary_Friend says:

    Virtual account numbers are still your safest bet, imo. I use them for every transaction possible. 3 Reasons why you might want to use a Virtual Account Number:

    *You’d like to buy something from an unknown internet retailer. If the merchant has an unscrupulous employee who steals your card info and tries to go on a shopping spree, s/he will be SOL since the number is only good for one transaction.

    *You’d like to buy something from a known retailer, but don’t want your true credit card number stored on their servers. Even diligent sites like Amazon get hacked.

    *You are forced to do business with a problem merchant — like a gym, a cell phone company, a webhosting company, or a magazine subscription service — that requires a reoccurring payment. No more surprise charges since you control the amount they are paid. It’s much nicer to dispute a bill when the money hasn’t been yanked out of your account.

    VANs and credit cards with pins are great, but it’s still up to you to monitor your statements and credit reports.

  21. Roy Hobbs says:

    @johnva: The credit card company does not eat the cost of the fraud. The merchant does. I’m speaking from long experience here.

  22. AMetamorphosis says:

    @Roy Hobbs:

    Ultimately we as the consumers eat the costs of fraud as it is passed to us in higher interest rates.

  23. AMetamorphosis & Roy Hobbs:
    One thing’s for sure – the credit card company does NOT eat the cost of fraud. It’s passed to the merchants, who then pass it on to their customers in the form of higher prices for goods. VISA told a company I worked for, specifically, to raise their prices to offset the fees of accepting VISA for some transactions. Meaning the customers ultimately pay.

  24. Orv says:

    Last time my credit card was used fraudulently, American Express caught it before I did and called me. I was pretty pleased.

  25. FLConsumer says:

    @rinse: I had a fraudulent charge on my card last year with that VIP Tune scam. Took less than 3 minutes (including hold time) to resolve. Wachovia overnighted a brand new card to me and that was it. Trying to find my car keys in the morning after a long night out is more difficult than that.

    @AMetamorphosis: You only pay interest rates if you don’t pay your bill off. Don’t buy crap you can’t afford and you won’t find yourself with pesky interest rates.

  26. The consumer is the one who eats the cost of fraud because the
    merchants raise prices on goods & services for EVERYONE to offset
    the fees they get when customers using credit cards.

  27. npiaseck says:

    @rinse: No, the 3 or 4 extra digits (sometimes called the “security code,” “CVN code,” “CVV2 code,” or something similar) is not required for the merchant to process a transaction. Usually, the merchant has the option of specifying that the number was supplied, that the number was unreadable, or that the number was not supplied.

    It is intended as a way for online merchants to help verify that the customer is physically holding the card in his hand while they’re sitting at their computer. This is because the CVN code changes every single time you are issued a new physical card–whether you ordered a replacement for a worn-out card or whether you were reissued a new card after an old one expired–and PCI rules require that online merchants not store this number.

    It’s just another tool in the merchant’s toolbox for detecting fraud and reducing the losses that they may receive from chargebacks. An incorrect CVN code will never cause a decline from the issuing bank, although the merchant may choose to treat it as one.

  28. ihateTLG says:

    Everyone, BE AWARE!
    TLG*GREAT FUN Phone 877-763-4140 CT
    is a FRAUD!
    I just got charged and called HSBC Business Credit Card. They said to call that number, so I did…. A woman simply said “Not a working number” with a friendly voice. I called back HSBC Business Credit Card and finally they put “Fraud” alert on this charge and disputing $11.99. They still said I need to pay $11.99, but there is no way I am going to pay for this. I googled TLG*GREATFUN and there are over 37,000 articles, alerting consumer this is a FRAUD. How come big institution like HSBC can not be paying more attention to these matters? If TLG*GREATFUN is FRAUD, why is HSBC accepting charge of $11.99? HSBC rep said ” Because it is not a big charge, ma’am. ” Then, they cancel my credit card without my permission, (I have had FRAUD charge in the past, and this is the first time they cancel my card) then HSBC told me it will take 7-10 business days to get new c.c. to me. I have a business to run… and 7-10 business days is just not acceptable. Of course I was on the phone for over 50 minutes and talked to 6 different people. This is not RIGHT.