The growth in use of credit and debit cards has been met with a rise in fraud and theft. To improve the customer experience, merchants often relax security standards during transactions. As an example, a merchant may require only a credit card number, expiration date, and security code, but not evidence of possession of the actual credit card before allowing a transaction. As a result, a user may possess the physical credit card even though information associated with the credit card has been stolen.