AusPayNet fraud data highlights overall card fraud rate returning to near pre-pandemic levels, despite decrease in domestic CNP fraud rate

MEDIA RELEASE

19 December 2023

AusPayNet fraud data highlights overall card fraud rate returning to near pre-pandemic levels, despite decrease in domestic CNP fraud rate

Data released today by the payments industry self-regulatory body Australian Payments Network (AusPayNet) shows a 35.6% rise in fraud on payment card transactions in the 12 months to 30 June 2023 (FY23) to $677.5 million.

Total spending on Australian cards during the same period rose by 15.4% to $1.055 trillion. As a result, the fraud rate for FY23 increased to 64.2 cents per $1,000 spent, up from 54.7 cents in FY22, and returning to nearly the same levels as the pre-pandemic FY19 figure of 66.1 cents per $1,000 spent.

The data also confirms that card-not-present (CNP) fraud remains a prevalent concern, constituting 90% of all fraud on payment cards. CNP fraud trends align with the rapid rise of e-commerce, with criminals using phishing, online shopping scams, data breaches, and e-skimming to obtain card data.

CNP fraud involving Australian merchants processing Australian cards (domestic CNP fraud), covered under AusPayNet’s CNP Fraud Mitigation Framework (CNP Framework), increased by 14% to $313 million, lower than the 26% growth in equivalent CNP spend. This meant that the fraud rate for transactions covered by the CNP Framework actually fell 9%, from $1.21 per $1,000 in FY22 to $1.10 per $1,000 in FY23. Notwithstanding this, AusPayNet will engage industry on potential ways of addressing the quantum of domestic CNP fraud during the next annual review of the CNP framework.

Given the trend in domestic CNP fraud, the main driver of the increase in the overall fraud rate was CNP fraud on Australian cards used at overseas merchants (international CNP fraud). While this only accounts for less than 15% of overall spend on Australian cards (according to RBA Payments Statistics), it contributes half of all CNP fraud, and saw an increase in the fraud rate of 16%, from $8.13 per $1,000 spent in FY22 to $9.50 per $1,000 spent in FY23.

AusPayNet CEO Andy White stressed the criticality of ongoing industry collaboration in ensuring a resilient, reliable, and safe Australian payments system: "The nexus between fraud, scams, and cybercrime continues to create a complex challenge for the payments industry. While initiatives like the CNP Framework are crucial pieces of the puzzle, they alone will not stop fraud and scams.

“The National Anti-Scam Centre and proposed industry scam codes are important in enhancing cross-sectorial collaboration and data sharing. By working with the telecommunications industry and digital communications platforms, we can disrupt phishing attacks and online buying and selling scams. The criminal justice system also has a key role in disrupting and preventing the organised crime syndicates perpetrating these crimes, and they will need to be appropriately resourced and supported by strong public-private relationships to respond to what is largely a transnational criminal threat."

AusPayNet’s Economic Crime Forum (ECF) brings together industry, law enforcement and government stakeholders to coordinate joint responses to economic crime, including scams, fraud, money laundering, and banking-related cyber incidents.

AusPayNet is also represented on the Advisory Board for the Government and ACCC’s National Anti-Scam Centre, which seeks to make Australia a harder target for international scammers.

In response to recent cyberattacks and data breaches, consumers and merchants are reminded of the steps they can take to protect themselves from ID theft, phishing, fraud, and scams, including:

  • Only providing card details on secure and trusted websites – look for the locked padlock icon and be wary of offers that look too good to be true
  • Treating unsolicited emails and text messages from strangers with suspicion – don’t click on the link provided or be tricked into divulging confidential data such as passwords
  • Regularly checking statements and immediately reporting any unusual transactions to their financial institution
  • Registering for, and using, their financial institution’s online fraud prevention solutions, whenever prompted
  • Undertaking checks to ensure the online business with which they’re transacting is legitimate
  • Using credit checking and monitoring services
  • Always keeping PC security software up-to-date and doing full scans regularly.

It is also suggested that merchants:

  • Use tools that help you authenticate your customers: a tool that supports risk-based authentication in the first instance, and strong customer authentication for transactions identified with a higher risk profile, is critical to reducing fraud
  • Invest in tokenisation: merchants holding sensitive account holder information can become targets for fraud. Tokenisation replaces this information with a unique digital identifier (a token)
  • Regularly speak to your acquirer and gateway providers about what you can do to secure your business.

The figures released today are available on the AusPayNet website. More information on AusPayNet’s CNP Framework can also be found on the AusPayNet website.