In the eyes of scammers and thieves, credit cards are the holy grail. Data from the Australian Payments Network shows that over the 2017-18 financial year, credit card fraud grew by 4.8% to $565 million – more than five times the amount lost to other scams put together.
What is credit card fraud?
Credit card fraud, by definition, is the fraudulent use of a credit card done so through the theft of the cardholder’s personal details. Thanks to the invention of the internet and the endless supply of eCommerce sites that came with it, credit card scammers now have an easier time than ever pinching your details.
In simpler times – before the internet exploded into society – you might’ve visualised credit card fraud as a man dressed in all black stealing your card from your wallet. But these days scammers have an arsenal of tricks to swipe from your credit card, and most don’t even need your physical card to do it at all.
Here are the five most common types of credit card fraud out there, as well as how you can spot them and what you can do if you’re caught by one.
Types of credit card fraud
The five key types of credit card fraud, according to the Australian Payments Network, are:
- Card-not-present (CNP) fraud
- Counterfeit and skimming fraud
- Lost and stolen card fraud
- Card-never arrived-fraud
- False application fraud
Card-not-present (CNP) fraud
What is it: fraud that occurs without the use of the physical card, mainly online or over the phone
Amount lost in 2018: $477,920,701
Card-not-present transactions are becoming more and more popular as customers turn away from using their physical cards and simply enter their details to make a purchase. For example, an online purchase made ordering something on eBay is a CNP purchase, even if you’ve still read your details off the card. To be considered ‘card-present’, the card details have to be captured at the point of sale, like being pressed into a contactless reader, inserted into a merchant’s terminal or used at an ATM.
Card-not-present fraud is the biggest contributor to overall credit card fraud, accounting for 85% of all fraud on Australian cards (this also includes debit cards). It increased in size by nearly 8% over June 2017-18 and occurs mainly when credit card details are stolen to make purchases. AusPayNet CEO Dr Leila Fourie says CNP fraud has become so popular now due to both the growth of eCommerce and the increased security around other types of fraud.
“Combatting CNP fraud is now a key priority across the entire e-commerce community and we’re delighted with the strong progress made this year on a framework for mitigating CNP fraud. We expect this whole of industry approach will help reduce CNP fraud, in the same way chip technology is tackling skimming fraud,” said Dr Fourie.
“Malware and phishing attacks are becoming increasingly sophisticated, so treat unsolicited emails and text messages from people you don’t know with suspicion. Don’t click on the link provided and don’t be tricked into divulging confidential data such as your password.”
So be careful with those credit card details online and don’t speak too loudly when reading them out over the phone. In fact, just be careful about who you allow to read the back of your card in general, since thieves are having an absolute field day with our details online. Once they have your card details they may be able to spend to their heart’s content until:
- They hit your credit limit
- Your account runs out of money
- You contact your bank and tell them to cancel the card ASAP
Some credit card providers can detect suspicious activity on your credit card (e.g. a few multi-thousand-dollar transactions are suddenly being made in Lagos) and may temporarily suspend the card until you confirm whether the activity is really you. This can be a pain when using the card while you’re travelling overseas, but so long as you inform your credit card provider of your travel plans beforehand, you shouldn’t trigger any unnecessary card suspensions.
Counterfeit and skimming fraud
What is it: fraud that occurs when details are illegally taken to create a counterfeit credit card
Amount lost in 2018: $14,935,409 (Source: AusPayNet)
‘Skimming’ is when a device steals the details of your credit card from its magnetic stripe and commonly occurs when a device is attached to either an ATM or a merchant’s terminal. Skimming can also occur when someone brushes past you with a skimming device. Details obtained via skimming can then be used to create a counterfeit card or to take part in some good old card-not-present fraud.
That near $15 million figure ($23 million when you take overseas fraud into account) might seem like a lot but has actually fallen quite significantly in recent years thanks to increasingly advanced protection offered by chip technology. Over the 17-18 financial year, skimming fraud fell from $42.3 million to $23 million – a record low – and only accounts for 4% of all card fraud now. This is a credit to Australian chip-protection technology, which is among the best in the world. But in America, there are 60 million compromised credit cards and three-quarters of these are estimated to be due to skimming and POS (point-of-sale) breaches, according to Gemini Advisory.
That doesn’t mean you shouldn’t be careful in Australia though. Keep your card well-within the confines of your wallet or purse, and if an ATM looks like it’s been tampered with, report it and move on.
Skimming is also different from phishing, which is when you hand your card details over to someone under the guise of someone or something else. For example, a common phishing scam is when someone creates a fake company that looks like a real one (let’s say Comonwealth Bank instead of Commonwealth Bank) and sends an email asking for card details. These phishers will often have extremely similar (or even the same) logos as existing companies with similar URLs to boot, so they can be easy to fall victim to.
According to Scamwattch, phishing is the most common kind of fraud in the country, with just under 25,000 reports occurring in 2018.
Lost and stolen card fraud
What is it: fraud occurring on cards that have been lost or stolen
Amount lost in 2018: $47,478,058 (Source: AusPayNet)
This one should be pretty self-explanatory – if your card has been lost or stolen by a pickpocket, then they are free to use that card until it’s cancelled, suspended or it has hit the credit limit. Nearly $50 million was lost to stolen cards from June 2017-18, so know your card’s whereabouts at all times. You can avoid the worst of the damage (or all of it) by cancelling or freezing the card as soon as you can by calling your bank. Some of them even let you do this with the click of a button in their mobile banking apps.
If you decide you don’t want a credit card anymore, don’t just hurl it into the trash. Thieves can still take it and use it since it’ll still be active. Cancel it, and then cut it up to avoid having your card stolen from the bin.
This is not ideal for stopping credit card fraud.
What is it: fraud occurring on cards ordered by a customer that they never receive
Amount lost in 2018: $6,231,308 (Source: AusPayNet)
When you make an application for a credit card, 99% of the time that card will be sent to you in the mail. Card-never-arrived fraud is what happens when that card is either intercepted before it arrives, or if your card thief simply pinched it from your letterbox, which is more likely.
To protect against this type of fraud, the Australian Payments Network recommends installing a lockable mailbox, or at the very least checking your mailbox regularly.
False application fraud
What is it: fraud occurring where the account was established using someone else’s identity or information
Amount lost in 2018: $2,393,902 (Source: AusPayNet)
Application fraud can be a bunch of different things. It might be that someone applies for a credit card in your name and runs up a bunch of debt, ruining your credit rating. Or maybe they apply for a card in a different name but link your bank account to the card, so you get slugged with the repayments. Someone could run up thousands of dollars on a credit card or completely tarnish your credit score before you realise you’ve been had.
Back in 2014, an analysis of credit card applications by Veda found $1.6 billion worth of applications for credit were red-flagged as potentially fraudulent. Most credit card providers take application fraud very seriously and have a string of checks and balances to make sure this doesn’t happen, but that doesn’t mean the occasional fraudster doesn’t slip through the proverbial cracks. Make sure you keep track of your bank accounts, keep sensitive information hidden and most importantly, take any kind of fraudulent activity seriously and report is as soon as you can.
Debit card vs credit card fraud
We’ve been calling it ‘credit card fraud’ throughout this article, but a lot of these types of frauds can also apply to debit cards. Scammers can still swipe your debit card details through skimming, through untrustworthy websites or by simply swiping it from your pocket or off the ground. But there is a key difference here.
Credit cards are a line of credit product, which means the money being spent willy-nilly by a thief isn’t technically yours – at first. If you report the fraudulent activity as quick as you can, banks can cut them off and often will declare these transactions invalid, meaning you don’t have to repay anything. Credit cards can also have extra fraud protection technologies that debit cards don’t always have.
Debit cards, on the other hand, are a direct link to your money. A thief can clean you out of your entire savings account before you even realise it, although there’s a good chance suspicious activity on your account will still be reported. A lot of debit cards still have a zero liability policy, which means you will still be reimbursed. But if the money is already gone, it could be weeks or even months before the card company investigates your claim and returns the money.
How to avoid credit card fraud
There are many different types of credit and debit card fraud, which means there are also many ways to avoid it. Doing any of the following could help keep you safe from fraud.
Keep your anti-virus software up-to-date
Keeping the anti-virus and security software on your computer up to date can be an easy way to protect yourself from fraud if you do a lot of your banking or shopping online. Just make sure it’s a licensed, trusted anti-virus software: there are fake anti-virus programs that masquerade as real ones only to do the very thing you tried to stop by stealing your details.
Some anti-virus programs offer paid versions, which can be worth investing in to keep your details protected.
Don’t trust suspicious sites
Don’t enter credit card details on any site that isn’t listed as ‘secure’: you can check for this by looking for the security certificate in the top left corner of the URL (there should be a little lock icon) or by looking for a ‘https://’ at the beginning. The S means there is added security and reduces the likelihood of fraud.
Also, be wary of sites that don’t let you use secure payment methods like PayPal. Customer reviews online can also be a good indication of how trustworthy a website can be.
Be sceptical of strange messages
We’ve touched on this already, but phishers can trick you into giving your details to fake companies or people that look real. If you ever get an email or text message from an official-looking website asking you to click on a link and hand over your details, delete it straight away. And if you get a phone call asking for the same, hang up. In general, avoid reading your credit card details out loud over the phone, especially not to someone you weren’t expecting.
Review each statement when it comes
If your card has been used by someone who isn’t you, reading your monthly statement is a sure-fire way to pick up on it. This goes for other bank statements too – noticing any suspicious activity that’s slipped past your bank’s fraud detection services can cut off further fraud before it happens.
Check your credit report too
If someone’s been applying for credit in your name or quickly running up a bunch of debts, doing a free check of your credit report can also clue you in. You can then contact your credit issuer or credit reporting bureau to get them to investigate the activity and have it removed from your credit history.
Don’t throw away important documents
Ever receive those financial documents in the mail that never get opened and immediately get tossed in the bin? If you’ve ever done this, it’s possible (although unlikely) that fraudsters can access this information and use it to commit credit card fraud. If you do decide to get rid of them, things like bank correspondence, government letters and personal documents should be either shredded or otherwise rendered unreadable before they’re tossed.
It never hurts to play on the safe side.
Lock your mailbox
Another way to play on the safe side is to put a lock on your mailbox, as recommended by the Australian Payments Network. This can prevent ‘card-not-received’ fraud by stopping thieves from pinching your credit card before you ever see it. It can also stop them from gaining access to some of those letters we just talked about throwing away.
Other ways to prevent credit card fraud include:
- Covering your PIN at an ATM
- Checking ATMs for signs of damage or tampering
- Locking or cancelling a card as soon as you notice it’s missing
What to do if you’re the victim of a credit card scam
The good thing about credit and debit cards is most of them have a zero liability policy, which means they don’t hold you liable for “unauthorised transactions”. These policies are enforced by the card issuer, like Visa, Mastercard or American Express, and essentially means your money is protected as long as:
- You have used reasonable care in protecting your card from loss or theft; and
- You promptly reported loss or theft to your financial institution.
This is why it’s so important to notify your financial institution about card fraud as soon as you can, allowing you to completely nullify the effects of the fraud.
Report scams if you see em’
If you’ve been scammed, or see something you think is a scam or will lead to credit card fraud, there’s no shortage of people you can get in touch with:
- You can call your local bank or police station
- You can get in touch with ACORN (Australian Cybercrime Online Reporting Network)
- You can report it to Scamwatch by the ACCC
Reporting potential credit card fraud before it happens could save someone else thousands of dollars.
Savings.com.au’s two cents
Credit card fraud hurts thousands and thousands of Australians every year to the tune of hundreds of millions of dollars. Don’t become a part of the statistics. Keep your details secure and stay on top of when and where your credit card is being used and by whom. If you play it safe and have your wits about you, you should avoid being stung by fraud and your hard-earned dollars will remain safe.