Card Fraud

Overview & Impact

As Australians embrace the convenience of paying by credit card rather than cash, so fraudsters continue to develop a variety of techniques to steal credit card information. According to the Australian Payments Network, these include malware and phishing attacks to capture sensitive card data or cardholder passwords, and masking tools to try and bypass the risk-based rules used in fraud analytics products.

  • Stolen card details accounted for 78% of all fraud on Australian cards in 2016.
  • Online spending in Australia is growing five times faster than traditional retail spending.
  • By 2020, forecasts estimate that online shopping will have doubled since 2015 and will account for 14.6% of all retail sales.
  • Payment cards continue to be the most common payment method used by Australian consumers, accounting for 66.7% of non-cash payments in Australia.

 How to protect yourself?

  • Be wary of clicking links or opening attachments in emails if they’re not from someone you know. In particular, watch out for messages supposedly from banks or government departments that ask you to verify your details or provide login details by visiting a website. 
  • Look for the padlock in the navigation bar at the top of the browser window, which indicates that your connection to the site is secure.
  • Only enter your credit card details on reputable sites. Consider using an online payment service so that you don’t need to enter credit card details for every purchase.  
  • If possible, use online payment methods that support two-factor authentication.
  • Know who you’re buying from!

    Where possible, stick to well-known trusted brands and cross-check information on their website to make sure you’re dealing with the official seller and not a scammer trying to impersonate the brand.

    • Search reviews from other customers.
    • Read the fine print including warranty, refund, complaints handling, as well as privacy policies, to find out how your information will be used.

    Beware of fake sellers

    Scammers can create fake websites and social media profiles to try and steal your money or personal details. They copy the designs and logos from legitimate businesses to appear more genuine.

    • To verify a site you’re looking at, do a browser search for other web pages or profiles by that seller. Compare logos, business names, URL addresses and contact details – if they don’t match up, steer clear!
    • Type the web address directly into your browser, rather than clicking on a link provided in an email or in an advertisement. This will help ensure you don’t get directed to a fake website.
    • Be cautious of sellers offering unbelievably low prices — if it looks too good to be true, it probably is!
    • Know what you’re buying. Read the description of the product carefully and check the size, colour, value and safety of the product.
    • Install and maintain the latest anti-virus software to flag untrustworthy sites.
    • Social media pages that have only recently been created or only have a few followers may be indications that they’re fake. And look out for pages where the conversation is one-way by the page owner only, with little or no engagement from the page’s community.
    • When shopping on a Facebook page, look for the blue tick next to page’s profile name. This indicates the page has been verified by Facebook.
    • When shopping on Instagram, check to make sure the page is public – a true seller is unlikely to make their page private if they’re out to maximise sales!

    Learn more about fake online shopping site scams.

    Pay securely

    Ready to make your purchase? Use secure payment methods like PayPal, Bpay or your credit card – and never pay by direct bank deposits, money transfers or other unusual methods (such as Bitcoin), as you're unlikely to get your money back if you've paid a scammer.

    • Check to make sure it is a reputable site with a padlock symbol and ‘https’ at the start (not http).
    • If paying by PayPal, select the ‘payment for goods/services’ option. If a seller instructs you to make the payment ‘to friends and family’ rather than ‘payment for goods’, this violates PayPal’s policies and voids the buyer protections.
    • If using BPay, use a legitimate biller code and customer reference number, and don't pay by direct transfers to bank accounts.
    • Never send your bank or credit card details via email.
    • Don’t click on a link received via SMS to pay – and never provide payment details over SMS.
    • Avoid doing any financial transactions when connected to public Wi-Fi.
    • Check your bank statements regularly for unusual transactions.

    Online auctions

    Online auctions can be a lot of fun and can help you find good deals, but they also attract scammers.

    A common auction scam: Scammers claim that the winner of an auction that you bid on has pulled out, and offer the item to you for payment outside the auction site. Once you have paid, you won’t hear from them again and the auction site won’t be able to help you.

    • Always make your transactions within the auction website and avoid private contact with buyers or sellers.
    • Keep printed and/or electronic records of all bids, item descriptions, emails to and from the seller, and transaction records or receipts.
    • If making expensive purchases, consider using a reputable third-party escrow service to hold the funds until you receive your goods.
    • If the website uses a feedback rating system, check reviews and rating scores left by previous buyers.
    • Read the terms and conditions before using an online auction site or entering into any contracts. Established marketplaces like eBay, Etsy and CarSales offer dispute resolution processes if things go pear-shaped.

    Watch out for fake parcel delivery scams

    So you’ve shopped securely online and are now eagerly awaiting your goodies! Don’t let your guard down. Scammers send fake parcel delivery notifications to trick you into downloading malware or giving away your personal or financial details.

    These notifications are typically emails or SMS messages that pretend to be from a legitimate parcel delivery business like Australia Post, DHL or FedEx, and claim that you have an ‘undelivered package’ awaiting your collection.

    • Be wary of messages that don’t address you personally, have few or no details about your order, or threaten to charge you a fee for holding an undelivered item.
    • Think before you click – remember Australia Post will never ask you to click a link to print out a receipt for parcel collection, nor will they ask you to update or verify your personal information.
    • If you’re unsure, call the organisation you suspect the message is from, but remember to use contact details from a verified website or other trusted source.