When a credit card is lost or stolen, it remains usable until the holder notifies the issuer that the card is lost. Most issuers have free 24-hour telephone numbers to encourage prompt reporting. Still, it is possible for a thief to make unauthorized purchases on a card until it is canceled. Without other security measures, a thief could potentially purchase thousands of dollars in merchandise or services before the cardholder or the card issuer realize that the card is in the wrong hands.

The only common security measure on all cards is a signature panel, but signatures are relatively easy to forge. Some merchants will demand to see a picture ID, such as a driver's license, to verify the identity of the purchaser, and some credit cards include the holder's picture on the card itself. However, the card holder has a right to refuse to show additional verification, and asking for such verification is usually a violation of the merchant's agreement with the credit card companies. Self-serve payment systems (gas stations, kiosks, etc.) are common targets for stolen cards, as there is no way to verify the card holder's identity.

A common countermeasure is to require the user to key in some identifying information, such as the user's ZIP or postal code. This method may deter casual theft of a card found alone, but if the card holder's wallet is stolen, it may be trivial for the thief to deduce the information by looking at other items in the wallet. For instance, a U.S. driver license commonly has the holder's home address and ZIP code printed on it. Visa Inc. offers merchants lower rates on transactions if the customer provides a zip code.

In Europe, most cards are equipped with an EMV chip which requires a 4 digit PIN to be entered in to the merchants terminal before payment will be authorised. However, a PIN isn't required for online transactions.

Requiring a customer's ZIP code is illegal in California, where the state's 1971 law prohibits merchants from requesting or requiring a card-holder's "personal identification information" as a condition of accepting the card for payment. The California Supreme Court has ruled that the ZIP code qualifies as personal identification information because it is part of the cardholder's address. Companies face fines of $250–1000 for each violation.[6] Requiring a "personal identification number" (PIN) may also be a violation.

Card issuers have several countermeasures, including sophisticated software that can, prior to an authorized transaction, estimate the probability of fraud. For example, a large transaction occurring a great distance from the cardholder's home might seem suspicious. The merchant may be instructed to call the card issuer for verification, or to decline the transaction, or even to hold the card and refuse to return it to the customer. The customer must contact the issuer and prove who they are to get their card back (if it is not fraud and they are actually buying a product).

Stolen credit cards

Credit and Debit Cards

The sheer number of credit and debit cards on the market can make selecting the right ones appear daunting. But everyday purchases can really pay off if you earn frequent-flier miles or other bonus points through loyalty programs. Articles on how to select cards and how to use them

On Focus

Credit Card Magazine