Over the twelve months to June 2024, losses from card-related fraud in Australia totalled $868 million - more than the GDP of Tonga. Most of us know someone that’s had the heart-stopping phone call from the bank, or logged in to online banking to find hundreds of dollars worth of transactions in Amsterdam. Ideally, scammers around the world would find God and repent, but until that day, here’s what to know about the most common types of card fraud.

What is credit card fraud?

Credit card fraud means using someone else's credit card without permission. Before the internet, this was only possible by lurking behind someone at an ATM, eyeballing the PIN then pinching the card. These days, scammers have an arsenal of tricks to swipe from your credit or debit card, many of which don’t even need the physical card.

Here are the five most common types of credit card frauds out there, how you can spot them and what you can do if you're caught by one.

Types of credit card fraud

The five key types of credit card fraud, according to the Australian Payments Network, are: 

  • Card-not-present (CNP) fraud 
  • Counterfeit and skimming fraud 
  • Lost and stolen card fraud 
  • Card-never arrived-fraud 
  • False application fraud 

1. Card-not-present (CNP) fraud 

What is it: Fraud that occurs without the use of the physical card, mainly online or over the phone 

Amount lost in 2023: $688 million (Source: AusPayNet)

With more and more card purchases made online, without the card itself, card-not-present fraud is only getting worse. It’s by far the biggest contributor to card fraud in Australia, making up more than 90% of total fraud.

How do scammers get your card details?

There are a couple of common ways criminals try to get people’s card information:

  • Phishing: Scammers sometimes pose as a legitimate source or individual to trick people into giving out sensitive information that could be useful for card fraud. For example, a common phishing scam is when someone creates a fake company that looks like a real one (let's say Comonwealth Bank instead of Commonwealth Bank) and sends an email asking for card details. These phishers will often have extremely similar (or even identical) logos as existing companies with similar URLs to boot, so they can be easy to fall victim to.
  • Data Breaches: Many high profile companies have had data breach scandals recently - the potential for card fraud is one of the major reasons these incidents are such a big deal. If scammers get access to a company’s sensitive data on customers, this might include card details, or passwords and personal information that could help a fraudster.

Being highly scrupulous about where you enter your details - if you aren’t sure, don’t do it - is a sensible precaution against phishing, while less reputable outlets may also be more susceptible to hacks. Unfortunately, card-not-present fraud can be difficult to prevent. Through no fault of your own, your bank or another service provider may be hacked by scammers that steal customer card details. Some credit card providers can detect suspicious activity, and may temporarily suspend your card until they can verify the purchases are legitimate, but if you think you’re being targeted, its important to waste no time getting onto your card provider right away. Most banks will allow you to dispute a transaction within a certain time period so you might be able to get your money back, but this isn’t a guarantee so it's no excuse to not be vigilant.

2. Counterfeit and skimming fraud 

What is it: Fraud that occurs when details are illegally taken to create a counterfeit credit card 

Amount lost in 2023: $7.7 million (Source: AusPayNet)

'Skimming' is when a device steals the details of your credit card from its magnetic stripe. It commonly occurs when a device is attached to either an ATM or a merchant's terminal, but it might be as simple as someone brushing past you with a skimming device. Details obtained via skimming can then be used to create a counterfeit card or commit card-not-present fraud.

After the pandemic, counterfeit card losses dropped massively. At the peak (2016), nearly $60 million was stolen from Aussies, so we’ve improved by about 80%. This progress is a credit to Australian chip-protection technology, among the best in the world. In America for example, there were more than 231,000 credit or debit cards compromised in 2024, according to the American Bankers Association.

That doesn't mean you don't need to be careful in Australia. Keep your card well within the confines of your wallet or purse and if an ATM looks like it's been tampered with, report it and move on.

3. Lost and stolen card fraud 

Lost and stolen card fraud occurs on cards that have been lost or stolen. 

Amount lost in 2023: $52 million (Source: AusPayNet)

This one should be pretty self-explanatory - if your card has been lost or stolen by a pickpocket, they are free to use that card until it's cancelled, suspended or hits the credit limit. More than $50 million was lost to stolen cards from June 2023-24, so know your card's whereabouts at all times. You could avoid the worst of the damage (or all of it) by cancelling or freezing the card as soon as you can by calling your bank. Some of them even let you do this with the click of a button in their mobile banking apps.

If you decide you don't want a credit card anymore, don't just throw it away - it’ll still be active so thieves can pluck it out of the bin and use it. Cancel it, and then cut it up to avoid getting stung.

Card-never arrived-fraud 

What is it: Fraud occurring on cards ordered by a customer that they never receive 

Amount lost in 2023: $1.7 million Source: AusPayNet)

When you make an application for a credit card, that card will nearly always be sent to you in the mail. Card-never-arrived fraud is what happens when that card is either intercepted before it arrives, or more likely that the thief simply pinched it from the letterbox.

To protect against this type of fraud, the Australian Payments Network recommends installing a lockable mailbox, or at the very least checking your mailbox regularly. 

False application fraud 

What is it: fraud occurring where the account was established using someone else’s identity or information

Amount lost in 2023: $900,000 (Source: AusPayNet)

Application fraud can be a bunch of different things. It might be that someone applies for a credit card in your name and runs up a bunch of debt, ruining your credit rating. Or maybe they apply for a card in a different name but link your bank account to the card, so you get slugged with the repayments. Someone could run up thousands of dollars on a credit card or completely tarnish your credit score before you realise you've been had. 

Back in 2014, an analysis of credit card applications by Veda found $1.6 billion worth of applications for credit were red-flagged as potentially fraudulent. Most credit card providers take application fraud very seriously and have a string of checks and balances to make sure this doesn't happen, but that doesn't mean the occasional fraudster doesn't slip through the proverbial cracks. Make sure you keep track of your bank accounts, keep sensitive information hidden and most importantly, take any kind of fraudulent activity seriously and report is as soon as you can.

Debit card vs credit card fraud

We've been calling it 'credit card fraud' throughout this article, but a lot of these types of frauds can also apply to debit cards. Scammers can still swipe your debit card details through skimming, through untrustworthy websites or by simply swiping it from your pocket or off the ground. But there is a key difference here. 

Credit cards are a line of credit product, which means the money being spent willy-nilly by a thief isn't technically yours - at first. If you report the fraudulent activity as quick as you can, banks can cut them off and often will declare these transactions invalid, meaning you don't have to repay anything. Credit cards can also have extra fraud protection technologies that debit cards don't always have. 

Debit cards, on the other hand, are a direct link to your money. A thief can clean you out of your entire savings account before you even realise it, although there's a good chance suspicious activity on your account will still be reported. A lot of debit cards still have a zero liability policy, which means you will still be reimbursed. But if the money is already gone, it could be weeks or even months before the card company investigates your claim and returns the money. 

How to avoid credit card fraud 

There are many different types of credit and debit card fraud, which means there are also many ways to avoid it. Doing any of the following could help keep you safe from fraud. 

Keep your anti-virus software up-to-date 

Keeping the anti-virus and security software on your computer up to date can be an easy way to protect yourself from fraud if you do a lot of your banking or shopping online. Just make sure it's a licensed, trusted anti-virus software: there are fake anti-virus programs that masquerade as real ones only to do the very thing you tried to stop by stealing your details. 

Some anti-virus programs offer paid versions, which can be worth investing in to keep your details protected. 

Don't trust suspicious sites 

Don't enter credit card details on any site that isn't listed as 'secure': you can check for this by looking for the security certificate in the top left corner of the URL (there should be a little lock icon) or by looking for a 'https://' at the beginning. The S means there is added security and reduces the likelihood of fraud. 

Also, be wary of sites that don't let you use secure payment methods like PayPal. Customer reviews online can also be a good indication of how trustworthy a website can be. 

Be sceptical of strange messages

We've touched on this already, but phishers can trick you into giving your details to fake companies or people that look real. If you ever get an email or text message from an official-looking website asking you to click on a link and hand over your details, delete it straight away. And if you get a phone call asking for the same, hang up. In general, avoid reading your credit card details out loud over the phone, especially not to someone you weren't expecting. 

Review each statement when it comes 

If your card has been used by someone who isn't you, reading your monthly statement is a sure-fire way to pick up on it. This goes for other bank statements too - noticing any suspicious activity that's slipped past your bank's fraud detection services can cut off further fraud before it happens. 

Check your credit report too 

If someone's been applying for credit in your name or quickly running up a bunch of debts, doing a free check of your credit report can also clue you in. You can then contact your credit issuer or credit reporting bureau to get them to investigate the activity and have it removed from your credit history. 

Don't throw away important documents

Ever receive those financial documents in the mail that never get opened and immediately get tossed in the bin? If you've ever done this, it's possible (although unlikely) that fraudsters can access this information and use it to commit credit card fraud. If you do decide to get rid of them, things like bank correspondence, government letters and personal documents should be either shredded or otherwise rendered unreadable before they're tossed. 

It never hurts to play on the safe side. 

Lock your mailbox 

Another way to play on the safe side is to put a lock on your mailbox, as recommended by the Australian Payments Network. This can prevent 'card-not-received' fraud by stopping thieves from pinching your credit card before you ever see it. It can also stop them from gaining access to some of those letters we just talked about throwing away. 

Other ways to prevent credit card fraud include: 

  • Covering your PIN at an ATM 
  • Checking ATMs for signs of damage or tampering 
  • Locking or cancelling a card as soon as you notice it's missing 

What to do if you're the victim of a credit card scam 

The good thing about credit and debit cards is most of them have a zero liability policy, which means they don't hold you liable for "unauthorised transactions". These policies are enforced by the card issuer, like Visa, Mastercard or American Express, and essentially means your money is protected as long as: 

  • You have used reasonable care in protecting your card from loss or theft; and
  • You promptly reported loss or theft to your financial institution.

This is why it's so important to notify your financial institution about card fraud as soon as you can, allowing you to completely nullify the effects of the fraud. 

Report scams if you seen em' 

If you've been scammed, or see something you think is a scam or will lead to credit card fraud, there's no shortage of people you can get in touch with: 

  • You can call your local bank or police station 
  • You can get in touch with ACORN (Australian Cybercrime Online Reporting Network) 
  • You can report it to Scamwatch by the ACCC

Reporting potential credit card fraud before it happens could save someone else thousands of dollars. 

Savings.com.au's two cents 

Credit card fraud hurts thousands and thousands of Australians every year to the tune of hundreds of millions of dollars. It's easy to think you’re too clever to be caught out by a scam, but in truth credit card fraud can happen to anyone, often through absolutely no fault of your own. In saying that, there are precautions you can take. Keep your details secure and stay on top of when and where your credit card is being used and by whom. When you're on the internet, the more careful you are about where you enter your credit card details, the better.

This article was initially published in 2019 by William Jolly.

First published on July 2019