How to prevent card-not-present fraud in Australia with PayTo

Australia has a $677.5 million issue. In the 2023 financial year, card payment fraud increased by 35.6%, with card-not-present (CNP) fraud constituting 90% of all card frauds. 

CNP fraud has grown in line with the rise of e-commerce, leaving merchants and consumers vulnerable to phishing, online shopping scams, data breaches, and e-skimming attacks. Beyond the immediate financial losses, this type of fraud undermines customer trust and loyalty, damages relationships, and leads to missed revenue opportunities for businesses.

But there is a way you can fight back to protect your business. In 2022, Australia’s New Payments Platform (NPP) launched PayTo, a highly advanced account-to-account payment technology. Leveraging open banking principles, PayTo is a secure payment platform that integrates directly with banking apps to authenticate transactions, offering a robust defence against the card vulnerabilities exploited by fraudsters.

Understanding CNP fraud

Data from the Reserve Bank of Australia (RBA) shows that Australians are changing the way they pay. They are progressively moving away from cash – with only around 13% of payments made using cash in 2022 – in favour of electronic payment methods. 

Currently, in Australia, electronic payments are synonymous with plastic: half of the payments are made with debit cards, and another quarter with credit cards. And this habit shows no signs of slowing down: in the financial year 2023, card expenditure surged to $1.055 trillion, a 15.4% increase from the previous year. 

But plastic comes with its own drawbacks. The increase in credit card usage has been paralleled by a spike in fraud, particularly CNP fraud, which has risen 33.8% to $608.1 million.

What is CNP fraud?

CNP fraud occurs when valid card details are stolen and used to make purchases or other payments without the physical card being seen by the merchant, mainly online via a web browser or by phone. 

Card-not-present vs card-present fraud

As opposed to CNP fraud, card-present fraud (CP) involves the unauthorised use of a physical card during the transaction. This type of fraud occurs when the cardholder’s physical card is either stolen or duplicated without their knowledge. 

CP fraud commonly happens at point-of-sale terminals, ATMs, or wherever a physical transaction takes place. It often requires the physical manipulation of payment devices, such as the installation of skimming devices that capture card details and PIN numbers. 

With the rise of chip technology and PIN verification, CP fraud has become more challenging for fraudsters, leading to its decline. On the other hand, CNP fraud has seen an increase and is now the predominant form of card fraud in Australia.

Types of CNP fraud

There are several different forms of CNP fraud, each exploiting a different vulnerability in the card payment system:

  • Phishing. Fraudsters send emails that appear to be from trusted contacts or reputable organisations, requesting personal information, including card details, which are then used to process unauthorised payments.
  • Online shopping scams. These involve fake retailer websites or fraudulent listings on legitimate sites, where payment information is stolen during the transaction process.
  • Data breaches. Sensitive payment details are exposed during unauthorised access to business databases.
  • E-skimming. Hackers install malicious software on e-commerce platforms to capture credit card data directly from payment forms as consumers complete their purchases.

The impact of CNP fraud

CNP fraud is a challenge for merchants, especially online retailers and wealthtech platforms, and consumers alike.

How CNP fraud affects merchants
  • Financial losses from chargebacks. For online retailers and wealthtech platforms, CNP fraud often results in significant financial losses through chargebacks. These occur when transactions are disputed by customers due to suspected or actual fraudulent activities, prompting the customer’s bank to reverse the transaction. While the merchant does not directly issue a refund, chargebacks result in lost sales and involve processing fees and administrative costs that disrupt the operations and financial stability of the business.
  • Damage to brand reputation. CNP fraud significantly damages brand reputation and erodes consumer trust. When fraud occurs, consumers often associate the negative experience with the merchant, leading to diminished loyalty and potentially a decline in repeat business. This reputational damage can be long-lasting and difficult to repair, requiring substantial investment in time and communication.

How CNP fraud affects consumers
  • Financial and emotional toll. Financially, consumers affected by CNP fraud have to deal with unauthorised charges that may disrupt their personal finances. The inconvenience of resolving these issues – such as cancelling compromised cards, interacting with banks, and possibly contesting unjustified charges – adds another layer of disruption to their lives.
  • Post-fraud issues. After a CNP fraud, consumers are often required to implement numerous security steps, such as setting up fraud alerts, and monitoring credit reports. These efforts are time-consuming and can be mentally exhausting, further contributing to the emotional toll of the fraud.

The root cause of CNP fraud

The issues associated with CNP fraud ultimately stem from inherent vulnerabilities in the traditional card payment method itself. Traditional card systems rely on static security data like card numbers and CVV codes, which can be easily intercepted or stolen during online transactions. 

This method lacks dynamic verification, making it susceptible to various forms of fraud whenever card details are used without physical verification.

Solving the CNP problem with PayTo

PayTo is an initiative of Australian Payments Plus (AP+), an organisation that unifies EFTPOS, BPAY, and NPP Australia. These companies are overseen by regulatory bodies, including participation from the Australian government, to harness the power of open banking and transform how transactions are authenticated and processed.

PayTo integrates directly with users’ banking apps, so that transactions are authenticated within the secure environment of the bank itself. This method leverages the superior security protocols of banks, which are often more robust than those of merchants, especially smaller ones.

How PayTo works

With PayTo, each transaction is verified in real-time through a streamlined payment flow, eliminating the need for physical cards.

Here’s how you can authorise a transaction with PayTo:

  1. Select PayTo. At checkout, choose PayTo as your payment method and set up a simple payment agreement by entering your PayID (usually your mobile number or email address) or your BSB (Bank State Branch) and account number.
  2. Authorise in bank app. The agreement and payment details are then sent to your online banking environment for approval. Log into your bank app, review the transaction details, and authorise the payment using your preferred secure verification method (two-factor authentication 2FA, biometric, etc.)
  3. Confirm and complete payment. Once approved, the payment is processed instantly within your bank’s secure environment. You receive immediate confirmation of the successful transaction, while the business benefits from reduced risk of failed transactions.

Usually with PayTo, you’d need to authorise each transaction as described above. However, with Volt’s recurring flow, you only complete the initial authentication and setup once. With Volt’s streamlined one-click checkout process, you can skip the authentication and setup steps on subsequent purchases while still maintaining PayTo’s high security standards.

How PayTo reduces frauds

The cornerstone of PayTo is its in-app authentication, which leverages advanced security measures, such as multi-factor authentication, secure login procedures, and biometric verification like fingerprint and facial recognition. 

Jordan Lawrence, our Chief Growth Officer and Co-Founder, says: “We’ve recognised the necessity to evolve from traditional chargeback mechanisms to a real-time transaction verification process. With PayTo, security and verification are not just add-ons but foundational elements of every transaction.”

Credit card transactions are typically authorised within seconds. However, the actual settlement – where funds are transferred from the cardholder’s account to the merchant’s account – might take 1-3 business days. In contrast, PayTo processes transactions in real time, 24/7, 365 days a year, covering both authentication and settlement. This enables immediate detection and prevention of frauds.

With its in-app authentication and real-time payments, PayTo significantly reduces the risk associated with common CNP fraud tactics that exploit the need to input card details and the inherent settlement lag of the credit card payment system.

Fight card fraud with PayTo

In the coming years, CNP fraud will likely rise as Australians increasingly adopt digital payments. Armed with real-time, advanced in-bank app authentication measures, such as multi-factor authentication and biometric verification, PayTo represents our most powerful tool against card fraud.

As a merchant, are you ready to take a stand against fraud and chargebacks? Discover how integrating PayTo with Volt can secure your transactions and improve the relationship with your customers: visit our local website if you’re based in Australia, or our PayTo page if you’re a non-Australian merchant.