What Is COB Fraud?

COB fraud—short for “change of billing address fraud”—is a type of fraud in which the perpetrator changes the address listed on file at the victim’s financial institution. This move allows the fraudster to then make purchases using the victim’s credit card information, and receive the purchased goods at an address of their choosing.

For fraudsters, COB fraud is an important step in the process of credit card theft. Without this step, getting goods delivered to an address other than the original one on file could trigger fraud detection alerts by the merchant or payment processor.

Key Takeaways

  • COB fraud—or change of billing address fraud—is a type of crime in which the perpetrator changes the victim’s billing address.
  • COB fraud is done to allow the fraudster to make online purchases using the victim’s credit card, delivering the goods to their own address.
  • COB fraudsters sometimes carry out this change by using personal information stolen using another type of fraud, such as by redirecting the victim’s mail and intercepting sensitive documents.

How COB Fraud Works

Credit card thieves generally try to profit from their theft in one of two ways. Either they can sell the stolen credit card information on the black market, or they can use it themselves to make credit card purchases.

Thieves will often opt for making online purchases with their stolen credit cards and then have them delivered to their preferred location. However, this runs the risk of the transaction being flagged for potential fraud, since the thief’s location of choice will be different than the billing address of the original cardholder.

If the thief tries to process a transaction without first changing the billing address, the mismatch between the billing and delivery addresses might trigger an investigation or a freeze on the card. To avoid this, a common strategy is for thieves to contact the card issuer and try to change the billing address by impersonating the cardholder. In doing so, the thief might make use of personal information they have been able to obtain about the cardholder, such as their full name, address, and date of birth.

To help prevent this type of fraud, credit card users should regularly review their statements for any suspicious transactions and should also remain on guard for any mail indicating that their billing address has been changed. If suspicious activities are detected, users should quickly contact their credit card issuer and consider placing a freeze on their cards until the matter has been resolved. Thankfully, credit card companies and merchants now have sophisticated software to help detect these kinds of fraudulent activities in real-time and are often able to take action on behalf of legitimate customers.

Methods of COB Fraud

One of the ways would-be thieves can collect personal information as part of COB fraud is by rerouting the victim’s physical mail to a different address. By doing so, the fraudster can then receive sensitive documents, such as utility bills or bank statements, which they can then use to change their victim’s billing address.

A recent consumer warning from the American Association of Retired Persons (AARP) warned that it is relatively easy for fraudsters to reroute mail in this manner. Surprisingly, "the U.S. Postal Service does not require any identification," according to AARP. Instead, all that is needed is for the fraudster to know the victim’s address and to forge their signature. The victim is then mailed a notice confirming the change of address, but this notice might be easily mistaken for junk mail and ignored. For this reason, the AARP recommends that consumers scan their mail for change of address notifications before discarding them, and to quickly inform their financial institutions if any suspicious changes are found.