Minimising The Risk Of Credit Card Fraud

CreditCardOnline.jpg New figures show credit card fraud is getting worse for Australians — but also provide some handy reminders on how to reduce the chances of your card details getting ripped off.

Even if you don't lose any money, having your credit card involved in some kind of fraud is a major hassle. Last year, my bank rang me to inform me that "suspicious activity" had been detected using my card number and that as a result, they were going to cancel and reissue it. While I was very grateful for their vigilance, having to change all my automatic payments and online store accounts was a nuisance I could have done without.

It is, however, a nuisance that is becoming more and more prevalent (though still not astonishingly common). According to annual figures from the Australian Payments Clearing Association, in the 2007-2008 financial year, credit card fraud on Australian institutions amounted to $132 million. While that was only a tiny percentage of the overall market (0.02% by transaction numbers or 0.05% by transaction value), it was an increase on previous years. In 2006-2007, credit card fraud accounted for 39 cents in every $1,000; for 2007-2008, that number was up to 50 cents in every $1,000.

A major factor in the rise, unsurprisingly, is the high number of card-not-present transactions — an inevitability when ordering goods online. While most online stores use secure site technology and demand the three-digit CVV code as well as the card number, and many match this against the registered address of the card, the system isn't foolproof. 48% of fraudulent transactions related to card-not-present transactions, and it's a safe bet most of these weren't perpetuated using mail-in forms.

There's no absolute guarantee that you can protect your credit card details when shopping online, but there are plenty of steps to minimise any risk. Research any online store before using it — don't risk sending your details to an unknown vendor. Don't share credit card details via email, and don't do online shopping using public resources such as library or Internet cafe machines if you can possibly avoid it.

The next most common source of fraud is skimming, where credit card details are copied and duplicate cards are produced. There are obvious steps that can be taken to minimise this risk, including not letting your card out of your sight (don't hand it to waiters in a restaurant, for instance). If your bank offers a credit card with built-in chip technology, utilise it; these are much harder to duplicate.

"We estimate that within the next two to three years, the vast majority of Australian consumer cards will carry a chip and most processing terminals will be capable of using chip technology," APCA CEO Chris Hamilton said in a release announcing the figures. "Once transactions use chip-based authentication, opportunities for counterfeiting and skimming disappear."

The final common fraud option is much more low-tech: actual cards being stolen and re-used. Preventative measures are also similarly unglamorous: keep track of your card, don't leave it in a place where it can easily be stolen, and report any missing cards as soon as you can. (Consumers aren't liable for fraudulent expenditure once they've reported loss or theft.)

Security experts have often suggested that two-factor authentication, using biometrics or a smart card, will be essential to ensuring the future of online transactions as fraud rates continue to rise. Until those options become commonplace, however, common sense remains the best defence.

Lifehacker's weekly Loaded column looks at better ways to manage (and stop worrying about) your money.


    Angus if you are going to recycle stories like this into something of value at least get someone to do a sanity check on it before you hit the publish button.
    "and many match this against the registered address of the card"
    Isn't available in Australia, unless you are talking about trying to look up someone in the whitepages.
    "The next most common source of fraud is skimming, where credit card details are copied and duplicate cards are not produced."

    Apologies for the typo, which I've fixed (mistakes happen!), but I've used plenty of online shops that check credit card addresses before authorising a purchase, so I don't see that the other point stands.

    I wonder when governments will demand the figures on how many cards are effected and how many transactions are fraudulent how many citizens involved and how much of the loot is used for other crimes. I believe that is the only way for politics to estimate the impact on their constituency and size up the problem. Percentages are relative to turnover and profits not the effect on me when my card is skimmed and can't be used for days.

    Most of this well intended advice (research online stores, don't send details to unknown vendors, don't share card details via email, don't shop at Internet cafes ...) increasingly is sadly misdirected. Identities are not necessarily stolen direct from users while they shop!

    Consider the TJX disaster and the very recent Heartland case, where perhaps a hundred million credit card numbers have been stolen by organised gangs. At TJX, they infiltrated the department store networks and backend systems. These stolen account numbers can be used in Card Not Present transactions without their users’ permission. Cardholders are at ever bigger risk of Id Theft, even if they follow all the cyber safety advice, even if they have never shopped online!

    To stop identity theft we need to take systemic steps to make stolen identities less valuable.

    Chip and PIN as advocated by APCA is a crucial step. But the same technology needs to be applied in the online channel as well as POS/ATM to safeguard IDs and personal data. CNP fraud online will only accelerate as traditional criminal opportunities like skimming and counterfeiting get closed down.

    Well, for one thing Lifehacker isn't really aimed at retaillers :-) And while there's undoubtedly potential problems throughout the system, that doesn't mean individuals shouldn't do what they can to protect their credit card details as well.

    Skimming to copy a card is a fairly simple process, you can actually buy blank plastic cards and a heatstamp legally last I checked.

    Secondly, you can easily check against address, do you have an IP address? Do you enter a shipping/account address in the website? and finally, does your bank have your address? Answers will be yes, regularly and yes. Banks will usually be the entity doing these fraud checks, as they probably process for the company, if not, the APCH will have a copy of the bank details, or ausTRAC

    There is major Credit Card fraud going on in Australia. Both my brother & myself got Fraud on January 19 2009 on our cards (we do not have the same bank or live with each other) out of Australia. We live in California in 2 different towns. All transactions are in the $30.00 range. Check your Credit Card Statements.

    My bank cancelled my card today when I queried three transactions: the first was two days ago, for just over $4. The second was today, for a similar amount. And the third, also today, was for over $80.
    Apparently the fraudsters send through a couple of smaller transactions to test the card's authenticity, then hit you with a big one. The merchants concerned were s/rm inc, vlettercom, and Pacific Xray Corp, respectively. As someone said, check your transactions frequently.

Join the discussion!

Trending Stories Right Now