Data released today by the industry self-regulatory body Australian Payments Network (AusPayNet) shows a 9.2% rise in fraud on payment card transactions in the 12 months to 30 June 2021 (FY21) alongside an increase in online spending during COVID-19 lockdowns.
With total spending on cards rising 5.4% to $847.3 billion during the same period, the fraud rate in FY21 was 57.8 cents per $1,000 spent, up from 55.8 cents per $1,000 in FY20, but well below the rate of 73.8. cents in FY18.
Card-not-present (CNP) fraud - mainly affecting online transactions - rose 12.3% to $442.0 million in FY21 as e-commerce surged during successive periods of COVID-19 lockdowns in various parts of the country. In FY21, CNP fraud accounted for 90% of all fraud on Australian cards.
Lost-and-stolen card fraud dropped 9.2% to $28.0 million, and counterfeit/skimming fraud fell 37.3% to $8.9 million, an acceleration of a long-term downward trend for this type of fraud.
AusPayNet CEO Andy White said rising e-commerce volumes underscored the need for industry coordination to target the activities of fraudsters.
“Online transactions continue to grow strongly and inevitably this attracts the attention of organised fraud groups,” Mr White said.
“Industry-wide efforts to mitigate CNP fraud will remain critical, but we all need to remain vigilant when transacting online,” he said.
CNP fraud involves valid card details being stolen and used to make purchases or other payments without the card being present at the point of sale, usually online. Consumers are not liable for fraud losses on payment cards and will be refunded, as long as they take due care with their confidential data.
The end of FY21 coincided with the conclusion of the second full year of operation of the industry’s CNP Fraud Mitigation Framework. Under the Framework, merchants who consistently exceed agreed fraud threshold targets are required to introduce strong customer authentication. The Framework also encourages secure technologies such as real-time monitoring, machine learning and tokenisation.
“We expect to see the full benefit of the CNP framework as we emerge from the pandemic,” Mr White said.
Release of the latest payments fraud data comes soon after the inaugural meetings of AusPayNet’s Economic Crime Forum (ECF). As the successor to the Fraud in Banking Forum, the ECF brings together industry stakeholders to coordinate joint responses to economic crime including scams, fraud, financial crime, and banking-related cyber incidents.
"Alongside our focus on CNP fraud, last month we launched our scams strategy. Over the coming year we look forward to working with industry to reduce the impact of scams on vulnerable businesses and individuals,” Mr White added.
Consumers and merchants are reminded how they can be vigilant online in the lead up to the Christmas holiday season.
Steps consumers can take include:
• Only providing card details on secure and trusted websites - look for the locked padlock icon and be wary of offers that look too good to be true
• Treating unsolicited emails and text messages from people they don’t know with suspicion - don’t click on the link provided and don’t be tricked into divulging confidential data such as passwords
• Regularly checking statements and immediately reporting any unusual transactions to their financial institution
• Registering for, and using, their financial institution’s online fraud prevention solutions, whenever prompted
• Undertaking checks to ensure the online business with which they’re transacting is legitimate
• Always keeping PC security software up-to-date and doing full scans regularly.
Guidance for merchants:
• Use tools that help you authenticate your customers: a tool that supports risk-based authentication in the first instance, and strong customer authentication for transactions identified with a higher risk profile, is critical to reducing fraud.
• Invest in tokenisation: merchants holding sensitive account holder information can become targets for fraud. Tokenisation replaces this information with a unique digital identifier (a token).
• Regularly speak to your acquirer and gateway providers about what you can do to secure your business.