Australia’s online fraud bill comes in at $455 million

A marked shift to mobile-based online and tap purchases for credit and debit transactions by consumers could finally be forcing down Australia’s stubbornly high online fraud rates with the latest payment fraud statistics showing a marginal drop to $455 million for the 2018-2019 financial year.

Annual numbers on Wednesday released by AusPayNet, the peak payments industry body charged with monitoring fraud, show the key measure nudged down for only the second time since statistics started being kept – but only by a paltry 5 percent, compared to $479 million in the previous period.

A fall in online card fraud rates has been widely expected in the banking and payments industry after banks were put on notice by the Reserve Bank of Australia that another regulatory spanking would come their way unless they took immediate measures to force down the stinker of a number.

A real worry for issuing banks and card schemes like Mastercard, Visa and American Express is that regulations governing card fraud liability could be quickly changed to stop them from shifting fraud losses back merchants.

At current levels, that would amount to a sting of around $100 million each for the Big Four, a chunk of cash sizeable enough to card heads very nervous about already diminishing margins.

The payment’s industry’s response the RBA’s clear present threat was to come up with a framework that sets out a tranche of compliance and security work that merchants need to comply with, especially around how they keep card numbers and transactions secure from hackers.

Known card number hoarders include the travel and hotel industries that heavily steer consumers towards making credit card or so-called scheme debit card payments for deposits, bookings and pre-authorisations that can later be put through against outstanding charges.

And it’s an active market for hackers too. The massive 2018 Marriott data breach exposed around 8.6 million card numbers, while the year previously 145 million peoples’ financial data jumped the fence when credit reporting giant Equifax has hacked.

Many banks privately argue that incidents like the Marriot hack demonstrate why online liability must primarily vest with merchants, a position that regulators and online traders say is simply unfair liability shifting.

The question Australian banks and merchants will be asking themselves is what the marginal drop in online fraud means, and there’s a few valid takes insiders provided on background.

The first is that that the new AusPayNet compliance regime isn’t yet active in the latest statistics, having only gone live on 1st July 2019.

That said, payments sources iTnews spoke to suggested there could be some initial effect as fraud countermeasures were likely put in before the compliance deadline and would have had to have been tested.

But the more likely reason, some suggested, is that there has been an epic shift to making payments ‘from glass’, ie from mobile handsets where consumer and bank security settings are far more robust thanks to regular software updates and card number tokenisation.

Tokenisation is a biggy, because it means the merchant doesn’t get the card number and it isn’t being input in the clear on the screen.

The big mover on that front has been the CBA finally offering Apple Pay that will have shifted millions of Australians onto an innately more secure payments platform than before.

The fact that NAB followed suit would not hurt either.

The CBA also recently upgraded its core customer banking App to start using opt-in location based scanning for transactions made from CBA accounts, part of a broader push to upgrade its real-time monitoring that now quarantines suspicious transactions on the fly and immediately flicks customers an query to validate or kill the transaction.

The question many are now asking is whether the 5 percent drop is finally the start of a downward trend on fraud losses or fortuitous blip from Australia’s biggest bank caving into Apple.

 AusPayNet is talking-up the small fall, saying that “in the face of a 4.2 percent boost in total card spending to $799.4 billion, overall card fraud dropped by 6.9 percent to $527.8 million.”

“Fraud involving CNP transactions remains by far the largest category of fraud. eCommerce volumes have grown rapidly, and this space has attracted criminal groups as security technology makes other types of card fraud less attractive,” said AusPayNet CEO Andy White.

White described the counter fraud framework as “a whole-of-industry approach" that brings together stakeholders to reduce the space available for CNP fraudsters.

“We look forward to tracking the impact of this initiative in coming years,” White said.

So does the Reserve Bank and ASIC. Add a zero at the end of the five percent and you could call it real progress.