26 September 2024
Data released today by Australian Payments Network (AusPayNet), the payments industry self-regulatory body, showed a 22% increase in the payment card fraud rate to 70.2 cents per $1,000 in calendar year 2023, the highest rate recorded since 2018.
The AusPayNet figures show a 32% increase year-on-year in the total value of fraud to $762 million. This increase outpaced the growth in the total value of card transactions, which rose by 8% to $1.1 trillion.
Card-Not-Present (CNP) fraud, primarily occurring in online transactions in which a card is not used physically, continues to dominate the overall fraud picture, accounting for 90% of all card fraud in Australia in 2023.
CNP fraud grew by 33% to $688 million, on total CNP spending of $320 billion, up 24% on the previous year and reflecting sustained growth in online shopping since the pandemic.
The growth in CNP fraud was fuelled by a sharp rise in offshore CNP fraud, involving Australian-issued cards used on overseas merchants. For the first time since 2017, offshore CNP fraud overtook domestic CNP fraud, with losses in this category increasing by 51% to $362 million. The offshore CNP fraud rate was $10.93 per $1,000 spent, over 10 times higher than the domestic rate of $1.06 per $1,000 spent (down from $1.11 in 2022).
Containment of domestic CNP fraud is attributed to the Australian industry-wide CNP Fraud Mitigation Framework implemented in 2019. Among other things, the strategy has encouraged strong customer authentication when handling online card transactions and greater use of multi-factor authentication and tokenisation.
AusPayNet CEO Andy White said: “There is good news and bad news in this data. While it is encouraging to see domestic CNP fraud continue its decline, the sharp rise in overseas CNP fraud is a growing concern. Essentially, 3% of card spend is now accounting for 48% of all card fraud.
“Australians are increasingly drawn to overseas merchants for online shopping and to purchase digital services. Many overseas merchants do not implement Strong Customer Authentication (SCA) that allows customers to confirm if they are authorising a transaction. Similarly, criminals are stealing card credentials via a variety of cyber and phishing tactics, including via websites or SMS phishing, and take advantage of overseas merchants not deploying SCA.”
“Stopping card fraud is important, as we know that criminals use this information to also commit higher value scams such as bank impersonation and remote access scams.
“The nexus between fraud, scams, and cybercrime, as well as its global nature, makes addressing offshore fraud difficult. However, AusPayNet is actively working with card schemes, financial institutions and merchant bodies in Australia to identify strategies to counteract offshore fraud.
“In collaboration with the National Anti-Scam Centre, we're expanding efforts to take down fraudulent websites, including those involved in online shopping and phishing scams while police have been disrupting transnational organised crime engaging in SMS phishing.
“We remain focused on making Australia a much harder target for fraudsters and better protecting consumers from the growing threat of overseas CNP fraud. At the same time, we would urge consumers to be cautious when responding to email or online advertising links to online shopping sites, especially overseas” he said.
The figures released today are available on the AusPayNet website. More information on AusPayNet’s CNP Fraud Mitigation Framework can also be found on the AusPayNet website.