The Ultimate Guide to Credit Cards
Monday, May 20, 2024

Due Diligence Pays Dividends for Consumers Aiming to Avoid Falling Prey to Credit Card Fraud Tactics

Consumers Aim To Avoid Credit Card Fraud
Adam West

Written by: Adam West

Adam West
Adam West

Adam corresponds with finance experts to publish industry news coverage related to helping consumers achieve greater financial literacy and improved credit. He has more than 12 years of storytelling, editing, and design experience in print and online journalism and is most knowledgeable in the areas of credit scores, financial products and services, and the banking industry.

See full bio »

Edited by: Lillian Guevara-Castro

Lillian Guevara-Castro
Lillian Guevara-Castro

Lillian Guevara-Castro brings more than 30 years of editing and journalism experience to the CardRates team. She has written and edited for major news organizations, including The Atlanta Journal-Constitution and the New York Times, and she previously served as an adjunct journalism instructor at the University of Florida. Today, Lillian edits all CardRates content for clarity, accuracy, and reader engagement.

See full bio »
Advertiser Disclosure

In a Nutshell: As the COVID-19 pandemic took hold in 2020, consumers purchased more products and services on the internet. Unfortunately, that trend also motivated cybercriminals to increase their efforts. In Canada, for example, 2020 rates for ecommerce merchandise and credit card fraud surged well beyond 2019 levels. Internet fraud is ultimately a game of numbers, according to Jeff Thomson, Senior RCMP Intelligence Analyst at the Canadian Anti-Fraud Centre. If Canadian consumers adopt a few simple fraud protection habits and practices, they can help turn the tide against scammers.

As the COVID-19 pandemic affected Canada in late summer 2020, a cyberattack targeted approximately 15,000 accounts used to deliver government services to the country’s citizens.

But the fraudsters behind that attack weren’t tech-savvy criminals using the latest cyber tricks to breach the government’s strong defenses. Instead, they used a simple technique known as credential stuffing to steal information by exploiting the negligence of account creators.

After obtaining a list of usernames and passwords harvested from previous data breaches, all the scammers had to do was plug those credentials into the government’s system.

The account holders used the same passwords on the government site they had used previously on compromised sites. So the criminals drew resources from more than 11,000 accounts.

The Canadian Anti-Fraud Centre logo

According to Jeff Thomson, Senior Royal Canadian Mounted Police (RCMP) Intelligence Analyst at the Canadian Anti-Fraud Centre (CAFC), this attack demonstrated one of the ways criminals use information they gather from data breaches and the need for increased cyber security awareness

“With the credential stuffing attack, you saw the importance of using unique usernames and passwords across accounts,” Thomson said. “In general, if you do your due diligence, you can ensure a higher level of protection for everyone.”

The CAFC is a public agency jointly managed by the RCMP, Competition Bureau Canada, and the Ontario Provincial Police. As a clearinghouse for fraud, the organization allows Canadians to report fraud and cybercrime, learn about the types of fraud, and find ways to protect themselves.

Merchandise Scammers Prey on Homebound Consumers

Everywhere the pandemic intersected with ecommerce in 2020, scammers stepped up to exploit as many people as possible. One area of heightened activity was merchandise fraud, in which consumers either didn’t receive the correct order — or received nothing at all.

The merchandise fraud spike occurred even though Canadians are generally internet-savvy and accustomed to shopping online. The problem was an increase in those online transactions.

“The climate was ripe for fraud,” Thomson said. “Early on in the pandemic especially, when lockdowns were happening, and everybody was at home, you had more people turning to online shopping, including people who had never used it before.”

Screenshot of Canadian fraud loss graphic

Canadians lost nearly $90 million to fraud between January and December 2020.

While ecommerce is a chief vector for merchandise fraud, scams involving nondelivery of goods and services can occur anywhere, Thomson said. In 2019, CAFC received about 3,000 merchandise scam reports amounting to some $2.9 million in losses. By October 1, 2020, however, the yearly fraud reports were already well ahead of the 2019 rate, and total reported losses stood at more than $7.3 million.

“It’s a game of numbers,” Thomson said. “With more people going online to carry out everyday activities, you’re going to see more fraud and more victims.”

Sadly, the increase wasn’t just due to increased usage. The pandemic also prompted a significant amount of exploited commercial activity.

“Part of that big jump can be attributed to victims placing large orders for personal protective equipment that was never received,” Thompson said. “Our challenge is to get people to look for red flags and trust their gut when they suspect fraud.”

Card-Not-Present Fraud Puts Identities at Stake

One significant red flag is when something seems too good or too easy to be true, it probably is. Most people have good intentions, and that trust may come too easily, especially during times of crisis.

Another area of heightened activity for CAFC in 2020 concerns card-not-present (CNP) fraud, in which data associated with personal identity becomes a commodity.

CNP fraud typically refers to any transaction that occurs where the credit card and cardholder are not present, whether it happens online, over the phone, or even through the mail.

Screenshot of CNP graphic

Card-not-present fraud targets businesses and individual data, including credit card numbers.

It requires the harvesting of large amounts of personal and financial information, including card data and other banking information, and then purchasing goods using that compromised data.

The crime in any CNP fraud, therefore, is identity theft.

“A credit card is attached to or associated with my name,” Thomson said. “So when somebody uses that number, they’ve effectively used my identity.”

One way scammers attain card numbers is through phishing schemes, in which they trick cardholders into giving up their information. Sophisticated malware for recording keystrokes, hijacking online sessions, and even website spoofing sometimes play roles in phishing. However, scammers also find success by calling people, posing as an employee of a legitimate organization, including a bank, and asking for information.

“Take that five extra minutes to stop and think about things or talk with family members or friends,” Thomson said. “Should a bank ever ask for personal or financial information over the phone? No.”

Reject Victimization by Making Fraud Protection Routine

The credential stuffing attack against the Canadian government’s servers wouldn’t have done as much damage if account holders people had taken a few simple anti-fraud steps.

Thomson and CAFC recommend a three-pronged approach to fraud prevention: recognize, reject, and report. CAFC resources help people recognize situations that could give rise to fraud. And reporting incidents of fraud helps the Centre and its partners mitigate damage.

Users making fraud prevention part of their everyday routines is central to the rejection component. Rejecting fraud begins with checking bank statements for unauthorized activity in addition to using unique usernames and passwords across websites.

In Canada and elsewhere, consumers can access free periodic credit reports and check them for accuracy. Consumers should keep devices and software up to date and working normally to prevent more sophisticated forms of attack.

Rejection is also grounded in skepticism. Before purchasing from a new vendor, investigate the company’s history, and look for customer reviews. And no reputable bank, business, or other organization will ever suddenly pop up and ask for personal information or payment.

Fraud victims also access CAFC for insights on how to manage the damage and recover from it. Canadian consumers can protect themselves and the public from long-standing problems by using CAFC resources for fraud prevention, awareness, and education.

“With the large scale data breaches we’ve seen over the past year, and the countless phishing emails which have exploded during the pandemic, today it’s the best practice to check everything,” Thomson said.

Advertiser Disclosure is a free online resource that offers valuable content and comparison services to users. To keep this resource 100% free, we receive compensation for referrals for many of the offers listed on the site. Along with key review factors, this compensation may impact how and where products appear across (including, for example, the order in which they appear). does not include the entire universe of available offers. Editorial opinions expressed on the site are strictly our own and are not provided, endorsed, or approved by advertisers.