According to recent reports from the Australian Payments Network’s “Australian Payments Fraud Reports”, consumers are spending more money than ever using payment cards, with the overall value of card transactions in Australia up 5%. Unfortunately, card fraud is also rapidly increasing, with fraud of all types also up 5%. And with the strengthened protections from EMV/chip technology in place, the criminals continue to move their focus online, with card-not-present (CNP) fraud increasing 38% and accounting for 85% of all payment card fraud in Australia.
The Australian Payments Network (AusPayNet) is fighting back and recently announced the start of an industry consultation on a new framework to prevent online card fraud. The CNP Fraud Mitigation Framework is a collaboration of card issuers, retailers, payment gateways, payment service providers, regulators and industry bodies, and aims to take a united approach to address this growing problem.
Official technical guidance and best practices will be released in the final report following industry review, but some of the key elements suggested within the framework include:
- Targets for card issuers to reduce fraud levels across their customer base
- Notifications to consumers for any online card transactions over $100
- Merchants who record fraud above a certain level will be required to use multi-factor authentication (MFA)
- Boosting the use of tokenisation and compliance with the Payment Card Industry Data Security Standard (PCI DSS)
- Encouraging use of biometrics when authenticating card-not-present transactions
Most online fraud is due to payment card numbers being compromised in large scale data breaches. Cyber criminals are targeting computer systems of large merchants and service providers where payment card information is stored. By implementing security controls from the PCI DSS, like MFA, and remediating potential vulnerabilities, organisations should be able to successfully protect their systems and prevent criminals from accessing sensitive information.
Criminals also continue to use sophisticated malware and phishing attacks to target consumers. It is therefore important for all organisations to provide frequent education and awareness training that teaches consumers how to identify potential phishing attacks, to only make purchases on secure websites, to ensure their computers and devices are up to date with system patches and anti-virus software, etc. The more educated the population, the better they are equipped to help reduce your overall risk and potential for card fraud.
Some additional guidance from the Customer Relationship Manager team below:
[Bradbury]: Creating a framework, which is implemented by merchants, to reduce fraudulent card transactions will be great for consumers and merchants. Card fraud costs merchants millions of dollars a year in lost income due to chargebacks, totaling $561M in 2017 for Australia. Credit and debit card fraud is so common now that consumers often carry a backup card with them.
In mid-August this year, my personal credit card was compromised and I found out while at the supermarket checkout. My card was declined, due to the bank suspending my card, but luckily I carry a spare credit card. I later learned that, in just about 3 minutes, thieves had put 20 transactions on my credit card from five different countries (The Netherlands, The United States, Great Britain, Mexico, and Australia) which triggered the bank to suspend the card. Dealing with situations like mine, consumers waste time getting transactions reversed off their card, whilst waiting five days for the replacement card to arrive, and then reentering all the scheduled future payments into the bank portal as they had been automatically deleted. The new framework will, therefore, not only save millions of dollars but it will also save time by better protecting the consumers.