Figures released today by the industry self-regulatory body Australian Payments Network (AusPayNet) show fraud on payment card transactions declined 15.4% in the 12 months to 30 June 2020 (FY20).
The decline, which came as spend on cards totalled $803.4 billion (up 0.5%), continues the trend recorded in the 2019 calendar year and reflects the initial impact of a coordinated industry effort to combat fraud associated with online transactions, the largest category of card payments fraud.
The FY20 drop in card fraud translates to a rate of 56 cents per $1,0000 - down from 66 cents per $1,000 in FY19.
The FY20 data released today shows overall card fraud fell to $447.2 million, down from $528.8 million (FY19), while card-not-present (CNP) fraud - affecting mainly online transactions - dropped by 14.0% to $392.4 million.
Other fraud categories also declined during FY20, with lost and stolen card fraud down 28.5% to $30.8 million and counterfeit/skimming fraud down by almost a quarter to $14.0 million, continuing the long-term downward trend for this type of fraud.
The FY20 data includes the first full year in operation of the industry CNP Fraud Mitigation Framework, which came into effect on 1 July 2019.
AusPayNet CEO Andy White said the encouraging card fraud data underscored the importance of industry collaboration in reducing the space in which fraudsters could operate.
“Until recently online fraud was growing rapidly in line with the growth in ecommerce. It’s great to see industry working together to reverse the fraud growth while ensuring e-commerce continues to grow strongly,” said Mr White.
“But there is no room for complacency. We all need to remain vigilant, especially during the Covid-19 pandemic when we’re all transacting more online,” he said.
CNP fraud, which occurs when valid card details are stolen and used to make purchases or other payments without the card being present, usually online, accounted for 87.7% of all card fraud in FY20.
The CNP Fraud Mitigation Framework encourages merchants to tighten their customer authentication and accelerate uptake of secure technologies offered by banks, card schemes and payment service providers/gateways such as real-time monitoring, machine learning and tokenisation.
“We expect to see the full benefits from the industry’s effort to mitigate CNP fraud delivered over coming years. In the meantime, the industry is also focused on fraud threats to customers from other fronts - like scams. Experience tells us when you close off one avenue for fraud, criminals waste little time looking for new ones to exploit,” Mr White said.
“Work on the TrustID framework for authenticating credentials digitally is an important initiative to address one potential source of fraud before it takes hold,” he said.
Consumers are not liable for fraud on their cards and will be reimbursed as long as they take due care. Consumers and merchants are reminded to remain vigilant online in the lead up to the Christmas holiday season.
Steps consumers can take include:
• Only providing card details on secure and trusted websites - look for the locked padlock icon and be wary of offers that look to good to be true.
• Treating unsolicited emails and text messages from people you don’t know with suspicion; don’t click on the link provided and don’t be tricked into divulging confidential data such as passwords.
• Regularly checking statements and reporting any unusual transactions to your financial institution immediately.
• Registering for, and using, their financial institution’s online fraud prevention solutions, whenever prompted.
• Doing checks to make sure the online business is legitimate
• Always keeping PC security software up-to-date and doing a full scan frequently.
Guidance for merchants:
• Use tools that help you authenticate your customers: a tool that supports risk-based authentication in the first instance, and strong customer authentication for transactions identified with a higher risk profile, is critical to reducing fraud.
• Invest in tokenisation: merchants holding sensitive account holder information can become targets for fraud. Tokenisation replaces this information with a unique digital identifier (a token).
• Regularly speak to your acquirer and gateway providers about what you can do to secure your business.