Overall fraud rate
Card-not-present (CNP) fraud
Domestic CNP fraud
CNP fraud, overseas cards and overseas merchants
Taking on economic criminals
Card fraud in other categories
20 December 2023
By Toby Evans, Head of Economic Crime, AusPayNet
AusPayNet’s latest fraud data reveals that overall, fraud on payment cards in Australia in the 12 months to 30 June 2023 (FY23) returned to a similar level to the FY19 (pre-pandemic) level. But while card fraud remains an ongoing challenge for Australian consumers and businesses, the industry’s card-not-present (CNP) Fraud Mitigation Framework (CNP Framework) continues to have a stabilising effect on domestic CNP fraud: on Australian cards used at Australia-based merchants.
This blog takes a closer look at the FY23 fraud statistics, to understand the work the Australian industry must undertake to address the growing threat of economic crime.
In FY23, fraud on payment card transactions rose 35.6 per cent to $677.5 million. Total spending on Australian cards rose 15.4 per cent to $1.055 trillion during the same period. Accordingly, the overall fraud rate for FY23 was 64.2 cents per $1,000 spent, up from 54.7 cents in FY22. This brings the fraud rate back to approximately the same level as the FY19 (pre-pandemic) figure of 66.1 cents per $1,000 spent. More granular figures for several card fraud categories are shared later in this blog post.
CNP fraud describes where a criminal uses card information to complete a transaction without a physical card (such as online or telephone transactions) and without the authority of the card holder. It also includes transactions where a card would ordinarily be presented (for example, an instore retail purchase) but a merchant allows that transaction to proceed based on having a card number only.
CNP fraud accounts for approximately 90 per cent of all fraud on payment cards in Australia. In FY23, the total value of CNP fraud on Australian-issued cards used domestically and overseas increased 34 per cent to $608 million. During that period, total CNP spend increased from $255 billion to $329 billion (a 26 per cent increase), which coincides with the ongoing surge of e-commerce since the pandemic.
The CNP Framework was implemented on 1 July 2019. The Framework requires merchants that consistently exceed agreed fraud threshold targets to strengthen customer authentication and apply other measures. It also encourages secure technologies, such as real-time monitoring, machine learning, and tokenisation.
The Framework targets fraud involving Australian merchants processing Australian cards (domestic CNP fraud). In FY23, domestic CNP fraud losses increased 14 per cent to $313 million - lower than the 26 per cent surge in CNP spending on Australian cards. The fraud rate for domestic CNP fraud decreased by 9%, from $1.21 per $1,000 spent in FY22 to $1.10 in FY23.
While the figures illustrate the CNP Framework’s continuing positive impact on domestic CNP fraud, the industry remains focused on driving better results for Australians. AusPayNet will engage industry on potential ways of addressing the quantum of domestic CNP fraud during the annual review of the CNP framework.
According to the RBA’s Payments Statistics, CNP transactions involving:
account for less than one-seventh of the overall card spend. However, fraud associated with overseas cards or overseas merchants accounts for half of all CNP fraud in Australia.
The CNP fraud rate for overseas merchants processing Australian cards increased 16 per cent, from $8.13 per $1,000 spent in FY22 to $9.50 in FY23. Fraud losses increased 63 per cent to $295 million, while spending on Australian cards with overseas merchants grew 39 per cent in FY23.
The data illustrates that the domestic fraud rate (of $1,10 per $1,000 spent) is significantly lower than the rate of fraud for CNP transactions involving overseas cards and overseas merchants.
This data is shared with Australian issuers and acquirers to enable them to understand, and consider potential mitigants for, these threat vectors.
The data highlights the impact of overseas CNP fraud on overall card fraud levels in Australia. The nexus between fraud, scams and cybercrime is creating a complex challenge for the payments industry. With the ongoing surge of ecommerce, an ever-increasing number of Australian consumers opt to make purchases from overseas merchants. Organised criminal operations, often coordinated offshore, obtain card data and perpetrate CNP fraud using a variety of channels, including:
According to the ACCC’s Scamwatch, phishing is the most reported scam of 2023, and online shopping scams the third most reported. While these scams are often low value, intelligence from AusPayNet’s Economic Crime Forum (ECF) reveals that criminals will use stolen data to socially engineer consumers to fall victim to higher value scams, such as bank impersonation scams or other investment scams.
The National Anti-Scam Centre and proposed industry scam codes are important in enhancing cross-sectorial collaboration and data sharing. By working with the telecommunications industry and digital communications platforms, we can disrupt phishing attacks and online buying and selling scams. The criminal justice system also has a key role in disrupting and preventing the organised crime syndicates perpetrating these crimes, and will need to be appropriately resourced and supported by strong public-private relationships to respond to what is largely a transnational criminal threat.
Fraudulent applications are applications for card accounts made by criminals using either a fictitious identity or another person’s identity, or using false information during the application process.
In FY23, fraudulent applications fell 13 per cent. In the wake of recent data breaches, the industry has been increasing the sophistication of its customer verification processes, including ongoing enhanced customer due diligence, and biometric verification for new accounts.
Lost and stolen card fraud increased by 53 per cent to $48 million, returning to pre-pandemic levels. However, the most substantial increase in this category was in fraud that occurred outside of the country, with a 136 per cent increase in fraud involving Australian cards lost or stolen overseas. This increase is likely attributable to Australians returning to international travel, following the reopening of borders.
Counterfeit/skimming fraud increased by 73.3 per cent to $8.3 million, but this is well below the $18.6 million pre-pandemic figure. The actual number of counterfeit/skimming transactions decreased 58 per cent, meaning that the loss per transaction rose from $88/transaction to $362/transaction.
The increase in counterfeit/skimming is also likely attributable to the reopening of international borders, which enabled the return of overseas travel and the re-entry of transnational organised criminals engaging in card skimming. Law enforcement has successfully disrupted several international crime syndicates returning to Australia. This has involved international cooperation, demonstrating the importance of such cooperation in the prevention of economic crime.
Fraud involving cards never received increased by 22.4 per cent to $1.7 million, but this figure remains well below pre-pandemic levels of fraud of this kind.
Other card fraud increased by 61 per cent to $10.7 million. This is a generic category of fraud, which includes account takeovers. Account takeover – also known as identity takeover – describes where malicious actors use stolen card details or credentials to access an account. They can then remotely provision a virtual card onto their mobile device of choice and use it for device-present payments.
UK Finance observed a 124 per cent increase in account takeover fraud throughout 2022, suggesting this type of fraud may be the primary cause of the increase in ‘other card fraud’.
More information on AusPayNet’s ECF can be found on AusPayNet’s website.
More information on steps consumers and businesses can take to protect themselves from ID theft, phishing, fraud and scams can be found in this media release.