Card Not Present now three quarters of all fraud

The Australian Payments Clearing Association (APCA) releases card fraud statistics every six months for the preceding 12m period. Lockstep monitors these figures, condenses them and plots the trend data.

Here’s the latest picture of Australian payment card fraud in three major categories over the past six financial years.

Card fraud by skimming and counterfeiting is holding steady, thanks to the security of EMV chip-and-PIN cards. Card Not Present (CNP) fraud is the preferred modus operandum of organised crime, and continues to grow unabated. The increase in CNP fraid from last financial year was 46%; CNP now represents 71% — or nearly three quarters — of total annual card fraud.

What’s to be done about this never ending problem?

  • The credit card associations’ flagship online payment protocol “3D Secure”, rolled out selectively and tentatively overseas, is loathed by customers and merchants alike. 3D Secure is virtually unknown in Australia.
  • There have been various attempts to stem the tide of stolen cardholder details that fuels CNP fraud. Examples include ‘big iron’ software changes like “Tokenization” and the PCI-DSS security audit regime, which has proven expensive and largely futile. Arguments raged over whether Heartland Payments Systems (which suffered the world’s biggest card data theft in 2009) was “really” PCI-DSS compliant. It’s become so arbitrary that by the time the Sony PSN was breached last year with the loss of up to 70 million credit cards (nobody really knows how many) the question of whether Sony was PCI compliant never even came up.