Online credit card fraud is on the rise in Australia, but pointing fingers at a group won’t help. It’s an ecosystem problem: from the popularity of online shopping to the insecure sites that process our transactions and to the banks themselves.
A recent report of the Australian Payments Network found that:
- the overall amount of Australian card fraud increased from A $ 461 million in 2015 to A $ 534 million in 2016
- ‘card not present’ fraud increased to A $ 417.6 million in 2016 from A $ 363 million in 2015
- 78% of all Australian card frauds in 2016 were ‘card not present’ frauds.
“Card not present” fraud occurs when valid credit card information is stolen and used to make purchases or other payments without the physical card, primarily online or over the phone.
Read more: At the heart of the fight against malware attacks
While these numbers may sound alarming, it is important to put them in context. Australians are doing more and more transactions online; the report notes that we completed 8.1 billion card transactions for a total of AU $ 715.5 billion in 2016.
The move towards online credit card fraud comes at the expense of other types of fraud as well. Check fraud, for example, fell to A $ 6.4 million in 2016, from A $ 8.4 million in 2015.
Still, it’s fair to ask: are banks doing enough to protect our information?
Banks and security
Banks currently have a series of measures in place to protect customers against card fraud:
Chip and pin: Australia requires the use of “chip and pin” technology. This replaced the need to swipe the magnetic strip on credit cards and is recognized as safer.
Two-factor authentication: Many Australian banks use SMS or tokens which generate a unique, time-limited code to help verify the legitimacy of transactions.
Monitoring of customer habits: Australian banks typically have a complex set of algorithms that monitor their customers’ spending habits and transactions. They often have the opportunity to identify a suspicious (often fraudulent) transaction and block it.
Overall, Australian financial institutions invest time and technology in fraud prevention. However, recent allegations that the Commonwealth Bank of Australia broke anti-money laundering laws suggest that the big banks are not immune to the problem.
Data breaches and malware
Credit card fraud goes where the action is.
According to research firm Neilsen, “almost all Australians online have used the Internet for some form of shopping activity.” This means Australians are increasingly sharing their credit card details with businesses around the world.
Large scale data breaches are a common occurrence. Many organizations have been compromised in one way or another, including Australian companies like Kmart and David Jones. A variety of personal information can be exposed, and this often includes customer credit card details.
Offenders also use different types of malware, or computer viruses, to obtain personal information from unsuspecting victims. In many cases, this includes bank account and credit card details via successful phishing attempts (or spam emails).
Read more: Everyone’s Falling for Fake Email: The Summer School Lessons on Cyber Security
The fight for responsibility
Banks will generally reimburse customers for any fraudulent loss incurred on their credit cards. However, the customer must take “the care given to their confidential data”.
There is also a burden customers to check their credit card statements and notify their bank of any suspicious activity.
But this may not always be the case. In 2016, the former UK Metropolitan Police Commissioner made the headlines for suggesting that customers shouldn’t be reimbursed by banks if they hadn’t protected themselves against fraud.
Instead, he argued that customers were “rewarded for bad behavior”Rather than being encouraged to adopt cybersecurity practices, such as antivirus software and strong passwords.
These statements were greeted with anger by many advocacy groups who equated them with victim blame. She was further exacerbated by a disclosed proposal by the City of London Police to shift responsibility for losses due to fraud from banks to individuals.
Although this recommendation was never adopted, tension may continue to grow over liability for fraud.
In search of answers
Pointing the finger at one of the parties is not a constructive solution. Banks alone cannot fight online credit card fraud. Neither do their customers.
There are simple steps you can take to reduce the likelihood of online fraud: Having up-to-date antivirus software and strong passwords is an important step. There are sites like have been that demonstrate how vulnerable and exposed our passwords can be.
Yet it is difficult to protect against the social engineering techniques used by offenders to manipulate victims into passing on their personal data. Not to mention the risks posed by data breaches by third parties, which are beyond the control of individuals.
The introduction of mandatory data breach reporting legislation in Australia in 2017 could have a positive impact. By requiring organizations to notify their customers when their personal information has been compromised, individuals can be proactive about canceling cards, changing passwords, and preparing credit reports to verify creditors. fraudulent activities.
Businesses must also recognize the importance of protecting their customers’ information. It is essential to overcome the mentality that cybersecurity is just one technology problem or one computer problem. It should be firmly on the business management agenda.
Fraud is inevitable regardless of the technology used. Collaborative efforts between banks, businesses, government and individual consumers need to improve.
No single group can effectively end online credit card fraud. It shouldn’t be expected either.