Commonwealth Bank of Australia, the country’s largest provider of merchant facilities, has reported a marked reduction in the level of fraud experienced by merchant customers, but warns businesses must remain extra vigilant over the festive season.

Over the last year, the rate of fraud committed against CBA merchant customers has fallen by more than 15 per cent, from 55.9 cents per $1,000 for the April to June quarter in 2019, to 47.3 cents per $1,000 for the same period in 2020*.

This trend is supported by recent data from the industry body Australian Payments Network (AusPayNet), which shows overall card fraud fell from $528.8 million in FY19 to $447.2 million in FY20.

The drop has come despite a significant increase in the volume and value of online payments since the beginning of the COVID-19 pandemic earlier this year. Recent consumer spend data for CommBank credit and debit cards show total online spend is up in excess of 20 per cent over August to October 2020, compared to the same period last year**.

The data also shows online spend across retail merchants is up close to 100 per cent compared to last year. With more people staying at home, online spending on household retail goods – including furniture and appliances – experienced strong growth in 2020, as CBA customers spent more online to enhance their home offices and living spaces.

CBA’s General Manager of Merchant Solutions, Sam Itzcovitz, said the reduction in fraud is very encouraging but warned against complacency.

“It’s promising to see fraud rates decline, but we know all businesses are still susceptible to fraud in this increasingly online world. It’s going to be a busy shopping season for many of our small business customers, and possibly a bit of a learning curve for those who accelerated their transition to online payments this past year,” he said.

“Merchants need to transition online smartly, and this means safely and securely. Fraud protection is an essential part of running a business online, over the phone or in-store. It’s particularly important for small businesses, as they may be unable to easily weather the consequences of fraud, such as data and network recovery costs, fines, and reputational damage. We encourage all small businesses to ensure they have the right fraud protections in place to be able to have a very merry sales season.”

One of the leading types of merchant fraud involve Card Not Present transactions, where a fraud is committed without the actual card – for example, when someone uses stolen card details to make a purchase online or over the phone. According to AusPayNet, Card Not Present Fraud accounted for 87.7% of all card fraud in the 12 months to 30 June 2020.

Other prominent types of merchant fraud include account takeovers, first party disputes where the cardholder reports fraud when they actually did authorise the transaction, and scams directly targeting the merchant.

“These sorts of scams against merchants can be hard to spot, so it’s important merchants take the time to understand how they could potentially be defrauded, and what they should do to reduce that risk,” Mr Itzcovitz said.

Tips to protect your business this festive season (and all year round):

  1. Educate your staff about fraud – this could include guidance on password security or email payment fraud. Check out CBA’s free cyber security eLearning for business owners and their staff.
  2. Not all transactions are created equal – Understand the risks of different types of transactions. The way your business processes and accepts a transaction can carry a higher level of risk than others. Remember that you are liable for manually keyed transactions.
  3. Learn how to spot refund fraud – knowing some of the warning signs and establishing processes around refund fraud is key to protecting your business. This can include allowing only a small group of staff to process high value refunds and always double check the original transaction card or receipts to ensure refunds are only processed to the purchasing card.
  4. Remain vigilant with in-store transactions – When taking a payment in store, there are a few steps you and your employees should take to ensure the card and owner are genuine, and that your payment terminal is secure. For example, always maintain control of your terminal to ensure a customer is not changing the transaction or manually keying in a stolen card number.

For more information visit CBA’s Merchant Security Hub or to report a suspicious transaction contact the Merchant Help Desk 24/7 on 1800 230 177.

Read real life examples of merchant fraud:

Refund fraud

  • Ricky owns a fish and chip shop and serves a customer who is purchasing dinner for his family. Ricky hands the customer the terminal and asks the customer to complete the transaction worth $30. The customer quickly clears the $30 and then completes a new mail order/telephone order (MOTO) transaction for $3,000. The customer passes the terminal back to Ricky before complaining that he has been incorrectly charged $3,000. Ricky assumes he is responsible for the mistake and apologies. Ricky also agrees to refund the customer to a different card.
  • A couple of weeks later, Ricky receives a chargeback for the $3,000 transaction and is liable for a chargeback fee. Ricky also has no way to recover the $3,000 he refunded to the different card. 

Card Not Present fraud

  • Kate visits her local jeweller to purchase a necklace. Kate chooses her necklace and then heads to the counter to complete her purchase. Unfortunately Kate does not have her card with her but convinces the owner to manually enter the card details into the terminal. Kate uses her mobile phone to reference card details. The transaction is completed successfully and she leaves the store with the necklace.
  • A couple of weeks later the store receives a chargeback for the purchase as the card details Kate had provided were stolen. The store is debited for the value of the purchase and is also liable for a chargeback fee. Unfortunately the store has no way to recover the necklace. 

Online fraud

  • Sam owns a catering company and receives an order valued at $5,000 online to supply food at a wedding. The customer emailed to ask if she could pay Sam $10,000 as the customer needed to pay $5,000 to the florist but was having trouble with their internet banking. Sam agreed and the customer paid $10,000 on the website using a credit card and provided a BSB and account number to transfer the $5,000 to the florist.
  • A couple of weeks later Sam received a chargeback for the $10,000 transaction as the credit card details were stolen. Sam was immediately debited for the $10,000 transaction and the chargeback fee. Sam also experienced a $5,000 loss as the funds transferred to the florist could not be recovered.

* Based on fraud reported to CBA and Mastercard as part of CBA merchant acquiring activities. The fraud rate on CBA’s merchants reduced by more than 15 per cent based on the average fraud experienced in the April to June quarter in 2020, in comparison to the same period in 2019.

** Based on CBA household credit and debit card spend weekly growth averages. Business and corporate cards are excluded.