Payment card fraud on the rise
by Ernie Davitt, National Affairs Editor, ASM
Australia’s banking industry says that despite a fall in the credit card fraud loss rate, the total rate of fraud, which includes both cheque and payment cards, has increased because of ‘skimming’, writes ASM National Affairs Editor Ernie Davitt.
Bankers have seized upon the credit card decline to say this indicates that industry efforts to prevent this criminal activity are starting to take effect.
The latest Australian Payments Clearing Association (APCA) Payments Fraud data show there was a significant fall in the credit card fraud loss rate last year but debit card fraud loss rates increased due to skimming incidents.
Steven Münchenberg, Chief Executive of the Australian Bankers Association (ABA), said it was “pleasing to see in the data that banks’ security enhancements on credit cards, such as the roll out of chip and PIN, are starting to take effect”.
“Chip cards store encrypted information, which helps significantly in protecting the card against counterfeiting. A chip transaction generates a unique identifier and because each transaction generates a different identifier, this makes the counterfeit production of the card more difficult. In other parts of the world, it has proved very effective in fraud prevention.
“Customers should be reassured that account holders are not liable for losses resulting from unauthorised transactions where it is clear that the user has not contributed to the loss. This is enshrined in the Electronic Funds Transfer (EFT) Code of Conduct.”
Mr Münchenberg noted that debit cards would be moving to chip technology with roll out starting in 2011 and being completed over three years to make EFTPOS transactions more secure.
During the reporting period, there were well-publicised skimming attacks in NSW and WA which impacted on the data. Police advised that a large and sophisticated international organised crime network was responsible. The criminals targeted EFTPOS terminals at retail outlets and installed skimming devices to obtain personal information. Police have made some arrests in relation to these crimes.
A Task Force comprising banks, police and retailers was formed to help protect consumers and encourage merchants to take extra security precautions with their EFTPOS terminals. Fraud protection guidelines for merchants were produced by APCA.
The APCA data also showed there was an increase in card-not-present fraud – that is, when customers used credit cards to make purchases online or via the phone.
“Online shopping offers variety, discounts, choice and convenience. Shoppers should take some simple security steps such as making every effort to confirm the validity of the website, whether it is based in Australia or overseas, and the nature of the products they are purchasing,” Mr Münchenberg said.
“Criminals are known to advertise non-existent goods online, preying on the desire of online consumers to obtain a bargain.”
Although card-not-present fraud has increased, the APCA results showed substantial improvements in other categories of credit card fraud, with fraud rates having decreased on lost or stolen cards, fraudulent applications and counterfeit.
The main findings from the APCA payments fraud data show that over the past year (2009):
■ total fraud (cheque and payment cards) has risen from 8.3 cents to 9.4 cents in every $1000 transacted.
■ cheque fraud rates increased slightly to 1.2 cents in every $1,000. The incidence is around 1 in every 200,000 cheques.
■ debit card fraud increased from 5.8 cents to 9.4 cents in every $1,000 transacted. The incidence has risen from 1.6 to 2.5 in every 100,000 transactions.
■ credit and charge card fraud decreased from 60.4 cents to 57.2 cents in every $1,000 transacted. The incidence has risen from 24 to 32 in every 100,000 transactions.
Banks and customers working together can make it harder for criminals to commit fraud. Some security tips are listed here which can mitigate against fraud when customers are using their cards, including when purchasing goods or services using the phone or the internet, or withdrawing cash at an ATM.
Banks work closely with state and federal police to assist in the investigations leading to the prosecution of criminals who misuse personal financial information to commit crimes.
Australia’s major banks and the Australian Federal Police (AFP) work together in a Joint Banking and Financial Sector Investigation Team, consisting of bank staff seconded to the AFP to help police investigate cybercrime. Formed in May 2004, the team was the first public/private sector partnership of its type in Australia.
Mr Münchenberg said customers trusted banks to keep their savings safe, provide finance when people needed it and not to leave customers out of pocket if they became unwitting victims of fraud.
“So it’s important to understand that banks are always working to improve security enhancements to protect customers. But there are also some steps people can take to make the criminal’s job harder and to help spare people the inconvenience of becoming a victim of criminal or fraudulent activity,” he said.
“Smart and safe internet use can minimise customers’ exposure to becoming victims of crime.
“Beware of hoax emails purporting to be from your bank, asking for you to update your personal information such as PINs and internet banking logon details.
“This information should remain confidential. Your bank will never email you to ask you for this confidential information.”
Mr Münchenberg said recent security enhancements included advances in monitoring customer and transaction patterns to provide intelligence on criminals and their activities, advances in the encryption of customer data, use of on-screen keypads designed to prevent the incidence of keystroke logging fraud, use of security tokens and SMS alerts to telephones.
Recently, there have been some cases of criminals skimming accounts. Often, it is the bank which detects suspicious activity, or it is contacted by its customer who has noticed an unauthorised transaction.
The bank takes immediate action to protect the customer’s account, preventing further transactions and beginning an investigation, Mr Münchenberg said.
“Account holders are not liable for losses resulting from unauthorised transactions where it is clear that the user has not contributed to the loss. There is usually an investigation by the bank to determine how the fraud has occurred,” he said.
This article was first published in Australian Security Magazine (Sep/Oct 2010)