Australia's outsized digital fraud a red flag for retailers, networks, government

The vast majority of card fraud in post-EMV Australia affects digital payments, a trend that has prompted government action, expedited security projects, and financial pressure on banks from retailers.

While a migration to card not present (CNP) channels is typically expected after a chip card migration, nearly all card fraud in Australia is now CNP crime. In 2012, when the EMV liability shift took effect for merchant transactions in Australia, CNP fraud represented just 70 percent of that country’s total payment card fraud volume. Today it represents 85 percent of total Australian card fraud losses.

According to the Payment Card Fraud Report released by the Australian Payment Network (an industry self-regulatory body), the total CNP fraud losses in 2017 amounted to AUS$ 476.3 million (about U.S. $340 million) out of a the total card fraud of AUS$ 561.4 million (about U.S. $401 million). While the majority of CNP transactions are for online and mobile purchases, this category also includes telephone sales.

Government regulators, merchants and the card networks are all calling for faster implementation of new solutions to combat this growing threat. The Sydney Morning Herald responded to the growth in online fraud by stating that it will result in closer attention being paid to higher-risk transactions, which could include greater use of fingerprint or facial recognition technology for online purchases.

The Reserve Bank of Australia has recently issued a call for a new industry-wide strategy to immediately combat growing online payment card fraud. Meanwhile, Australian retailers are also asking banks to share the massive cost of the CNP losses as it has caught them unprepared for the sheer size and growth of online fraud.

The problem caused Visa to move up a security project. The card brand launched its roadmap for future security in Australia in 2017 which included the deployment of the new version of 3 – Domain Secure (3DS) 2.0 as a solution to combat online fraud. However, the issuer realized the need to move faster in the current environment.

“Visa’s 3DS 2.0 Asia Pacific program has an activation date of April 2020. In Australia, we are working to a faster timeline than this and aligning to the Australian Payments Network’s CNP Framework,” said Jillian Friant, director corporate relations, Asia Pacific, at Visa.

While the expansion of Australian CNP fraud could have been predicted as a result of the EMV rollout, the ferocity of its growth has been unexpected. In the U.S, market, where EMV was deployed in 2015, several years after Australia, the expansion of CNP fraud has not born a similar trajectory. “It’s true that fraud dollars from CNP are growing [in the U.S.], but it’s not increasing as a percent of total sales,” said Stephanie Ericksen, vice president of risk products at Visa, in a panel discussion at SourceMedia's Card Form held last year in Austin, Texas.

But Mark Horwedel, CEO of the Merchant Advisory Group, was not so easily convinced that there was no connection between EMV and online fraud. Horwedel commented last year that “CNP fraud is rising, partly because the (e-commerce) channel has grown but it’s also because CNP fraud is the low-hanging fruit for fraudsters.”

There's some signs this attention is having a positive impact. In the most recent numbers, for 2017, CNP fraud only grew by 13.9 percent in volume, down from 15 percent in 2016. As a reference, overall card payment fraud grew in Australia by 5 percent in 2017. The average value of a fraudulent transaction overall fell in 2017 to AUS$157 (about US$112) from AUS$188 (about US$134) in 2016.