FY24 card fraud snapshot

A Credit card icon on a blue circuit board background

 

19 November 2024

By Toby Evans, Head of Economic Crime, AusPayNet and 
David McGregor, Security Standards Manager, AusPayNet


This year’s International Fraud Awareness Week takes place from 17 to 23 November, with a theme of ‘The face of fraud is changing - collaboration is more important than ever.’

The rapid growth of fraud and scams has eroded trust in our digital economy, and it is in the interests of sectors within the fraud and scam lifecycle (including telecommunications, digital platforms, banks, payment service providers, and e-commerce merchants) to be part of a collaborative ecosystem response. 

Australia has developed an economy wide approach to combatting scams, which appears to be achieving results. Some Members are reporting up to 50 per cent reductions in scam losses year-on-year. Mitigants such as payment holds and blocking, biometric technologies, confirmation of payee and the targeting of mule accounts are making an impact on curbing high-value scams and, in particular, investment, bank impersonation and account takeover scams. As a result, Members report that the face of fraud is changing, with criminals pivoting towards other lower-value e-commerce card fraud and scams.

 

FY24 Australian Payment Fraud Statistics

Total spending on Australian-issued cards is now over $1.1 trillion, with total card-related fraud at $868 million, a fraud rate of 77.6c per $1,000 spent. Our latest payment fraud statistics show that for FY24, Card-Not-Present (CNP) fraud accounts for 92 per cent of all card fraud. CNP fraud is where an individual uses card information to complete a transaction without a physical card. CNP transactions include retail e-commerce, digital services and subscription services. In FY24, the total value of CNP fraud on Australian-issued cards used domestically and overseas increased 29 per cent, to $785 million.

Domestic fraud on Australian-issued cards:

  • Rose 12 per cent to $351 million.
  • This increase is less than 17 per cent growth in card spend.
  • The rate of domestic CNP fraud dropped 3.7 per cent, falling from $1.07 to $1.03 per $1,000 spent. 

Overseas fraud on Australian-issued cards:

  • Rose 20 per cent to $434 million.
  • This increase exceeded the 13 per cent growth in card spend.
  • The overseas CNP fraud rate is significantly higher than the prior 12-month period, rising 31 per cent from $9.50 to $12.45 per $1,000 spent.

Overseas CNP fraud on Australian-issued cards overtook domestic CNP fraud for the first time since 2017. The graphs below demonstrate that card fraud mitigants in Australia are working. Fraud on domestic and overseas-issued cards used to make purchases at Australian merchants has declined and stabilised since the introduction of the industry’s CNP Fraud Mitigation Framework (CNP Framework) in 2019. The CNP Framework has promoted strong customer authentication (SCA) and greater use of multi-factor authentication and tokenisation tools. However, spend on overseas merchants is outside the remit of the CNP Framework, and these merchants are increasingly being targeted for fraudulent activity. 


Why the increase?

The growing trend of overseas CNP fraud coincides with the emergence of scam compounds throughout Southeast Asia. The United Nations Office on Drugs and Crime (UNODC) reports that many compounds have pivoted to e-commerce and other credit card fraud, including SMS SIM box phishing, to obtain card details. Throughout FY24, Australians saw an increasing level of SMS phishing attempts, whether these be toll, postal or billing scams. Australian law enforcement responded with a day of action, disrupting approximately 30 SIM boxes controlled by mules arriving from Asia. These SIM boxes held around 300 SIM cards, and each SIM card could send an SMS every two seconds across the country. This disruption saw a reduction in SMS phishing and identified key strategic intelligence for the National Anti-Scam Centre (NASC) and telecommunications industry to close down vulnerabilities. 

Source: Australian Federal Police

 

According to the UNODC, scam compounds are growing to industrial park proportions, particularly in Myanmar and Cambodia. Criminal operations are luring people with promises of high-paying employment, only to be subjected to forced labour and human trafficking. The challenge is that these scam compounds are located within newly created economic zones, disguised among other businesses including online gambling, and protected by sophisticated corruption and organised crime structures.

Map of Locations of known or reported compounts and related special zones in Cambodia, Lao PDF and Myanmar 2023

Source: UNODC


The compounds have divisions dedicated to all areas of the scams' life cycle, including victim identification, data mining, social engineering, and money laundering. For card fraud, while consumers are tricked into authorising the initial transaction, scammers will use stolen credentials to make further transactions on international merchants that do not implement SCA. Scammers will on-sell fraudulently obtained items and digital subscriptions or use the unauthorised transactions to socially engineer consumers to fall victim to higher-value remote access or bank impersonation scams. 


Effective mitigants

Further amplifying the severity of this challenge, overseas CNP spending accounts for about 3 per cent of Australian card spend; however, it accounts for 51 per cent of all card fraud. 


Stopping card fraud is essential for two reasons: 

  • Maintaining consumer trust in the digital economy
  • Reducing the risk of card fraud victims falling to other higher-value scams, such as bank impersonation or remote access scams. 

Unfortunately, unlike Australia, overseas merchants do not tend to implement SCA. We call on them to do so. While there is no one tool to stop all fraud and scams, SCA is a key mitigant for curbing card fraud. SCA uses multiple factors to verify a card user's identity and determine whether they are authorising a transaction. Often, the reasons why e-commerce merchants have concerns about SCA is implementation costs or cart abandonment rates due to increased transaction friction.

Overseas e-commerce has become popular with Australians, whether online advertising, e-shopping or digital subscription services. In Australia, customers have become accustomed to friendly risk-based frictions, such as payment holds or added security questions, for certain at-risk transactions. Fraud prevention and driving trust in the digital economy are key aspects of a positive customer experience. An appropriate level of friction in the process – safety by design – can therefore provide a safer and more secure transaction process. We are working closely with card schemes, financial institutions, NASC and law enforcement agencies to understand the problem, explore new strategies and enhance existing security measures.

Information on AusPayNet's Economic Crime Forum can be found on our website.

* The payment fraud statistics in this blog post are sourced from Reserve Bank of Australia and AusPayNet data.