What is credit card fraud?

Credit card fraud, as you might expect, refers to the fraudulent use of someone else's credit card. In the pre internet era, this was only possible by someone lurking behind you at an ATM, watching you input your PIN then pinching the card from your wallet. These days though, scammers have an arsenal of tricks to swipe from your credit card, and most don't even need your physical card to do it at all. In 2021, Australians lost $495 million to credit card fraud, up 5.7% on 2020.

Here are the five most common types of credit card frauds out there, as well as how you can spot them and what you can do if you're caught by one. 

Types of credit card fraud

The five key types of credit card fraud, according to the Australian Payments Network, are: 

  • Card-not-present (CNP) fraud 
  • Counterfeit and skimming fraud 
  • Lost and stolen card fraud 
  • Card-never arrived-fraud 
  • False application fraud 

1. Card-not-present (CNP) fraud 

What is it: Fraud that occurs without the use of the physical card, mainly online or over the phone 

Amount lost in 2021: $421.8 million (Source: AusPayNet)

Card-not-present transactions are becoming more and more popular as customers turn away from using their physical cards and simply enter their details to make a purchase. For example, an online purchase made ordering something on eBay is a CNP purchase, even if you've still read your details off the card. To be considered 'card-present', the card details have to be captured at the point of sale, like being pressed into a contactless reader, inserted into a merchant's terminal or used at an ATM. 

Card-not-present fraud is the biggest contributor to overall credit card fraud, accounting for 91% of all fraud on Australian cards (this also includes debit cards). It increased in size by 7% over 2020-2021, and occurs mainly when credit card details are stolen to make purchases. AusPayNet CEO Dr Leila Fourie says CNP fraud has become so popular now due to both the growth of eCommerce and the increased security around other types of fraud.

“Combatting CNP fraud is now a key priority across the entire e-commerce community and we’re delighted with the strong progress made this year on a framework for mitigating CNP fraud. We expect this whole of industry approach will help reduce CNP fraud, in the same way chip technology is tackling skimming fraud,” said Dr Fourie.

“Malware and phishing attacks are becoming increasingly sophisticated, so treat unsolicited emails and text messages from people you don’t know with suspicion. Don’t click on the link provided and don’t be tricked into divulging confidential data such as your password.”

So be careful with those credit card details online and don't speak too loudly when reading them out over the phone. In fact, just be careful about who you allow to read the back of your card in general, since thieves are having an absolute field day with our details online. Once they have your card details they may be able to spend to their heart's content until:

  • They hit your credit limit
  • Your account runs out of money
  • You contact your bank and tell them to cancel the card ASAP 

Some credit card providers can detect suspicious activity on your credit card (e.g. a few multi-thousand-dollar transactions are suddenly being made in Lagos) and may temporarily suspend the card until you confirm whether the activity is really you. This can be a pain when using the card while you're travelling overseas, but so long as you inform your credit card provider of your travel plans beforehand, you shouldn't trigger any unnecessary card suspensions.   

2. Counterfeit and skimming fraud 

What is it: Fraud that occurs when details are illegally taken to create a counterfeit credit card 

Amount lost in 2021: $5.5 million (Source: AusPayNet)

'Skimming' is when a device steals the details of your credit card from its magnetic stripe and commonly occurs when a device is attached to either an ATM or a merchant's terminal. Skimming can also occur when someone brushes past you with a skimming device. Details obtained via skimming can then be used to create a counterfeit card or to take part in some good old card-not-present fraud. 

From 2020 to 2021, the amount lost by Australians to this type of fraud fell by over 50%, a record low. This is compared to the record peak reached in 2016, of $59.2 million. This progress is a credit to Australian chip-protection technology, which is among the best in the world. In America for example, there are 60 million compromised credit cards and three-quarters of these are estimated to be due to skimming and POS (point-of-sale) breaches, according to Gemini Advisory. 

That doesn't mean you don't need to be careful in Australia though. Keep your card well within the confines of your wallet or purse, and if an ATM looks like it's been tampered with, report it and move on. 

Skimming is also different from phishing, which is when you hand your card details over to someone under the guise of someone or something else. For example, a common phishing scam is when someone creates a fake company that looks like a real one (let's say Comonwealth Bank instead of Commonwealth Bank) and sends an email asking for card details. These phishers will often have extremely similar (or even the same) logos as existing companies with similar URLs to boot, so they can be easy to fall victim to. 

According to Scamwattch, phishing is the most common kind of fraud in the country, with just under 25,000 reports occurring in 2018. 

3. Lost and stolen card fraud 

Lost and stolen card fraud occurs on cards that have been lost or stolen. 

Amount lost in 2021: $28.9 million (Source: AusPayNet)

This one should be pretty self-explanatory - if your card has been lost or stolen by a pickpocket, then they are free to use that card until it's cancelled, suspended or it has hit the credit limit. Nearly $30 million was lost to stolen cards from June 2020-21, so know your card's whereabouts at all times. You can avoid the worst of the damage (or all of it) by cancelling or freezing the card as soon as you can by calling your bank. Some of them even let you do this with the click of a button in their mobile banking apps. 

If you decide you don't want a credit card anymore, don't just throw it away. Thieves can still take it and use it since it'll still be active. Cancel it, and then cut it up to avoid having your card plucked out of the bin

Card-never arrived-fraud 

What is it: Fraud occurring on cards ordered by a customer that they never receive 

Amount lost in 2021: $2 million Source: AusPayNet)

When you make an application for a credit card, that card will nearly always be sent to you in the mail. Card-never-arrived fraud is what happens when that card is either intercepted before it arrives, or more likely that the thief simply pinched it from the letterbox.

To protect against this type of fraud, the Australian Payments Network recommends installing a lockable mailbox, or at the very least checking your mailbox regularly. 

False application fraud 

What is it: fraud occurring where the account was established using someone else’s identity or information

Amount lost in 2021: $900,000 (Source: AusPayNet)

Application fraud can be a bunch of different things. It might be that someone applies for a credit card in your name and runs up a bunch of debt, ruining your credit rating. Or maybe they apply for a card in a different name but link your bank account to the card, so you get slugged with the repayments. Someone could run up thousands of dollars on a credit card or completely tarnish your credit score before you realise you've been had. 

Back in 2014, an analysis of credit card applications by Veda found $1.6 billion worth of applications for credit were red-flagged as potentially fraudulent. Most credit card providers take application fraud very seriously and have a string of checks and balances to make sure this doesn't happen, but that doesn't mean the occasional fraudster doesn't slip through the proverbial cracks. Make sure you keep track of your bank accounts, keep sensitive information hidden and most importantly, take any kind of fraudulent activity seriously and report is as soon as you can.

Debit card vs credit card fraud

We've been calling it 'credit card fraud' throughout this article, but a lot of these types of frauds can also apply to debit cards. Scammers can still swipe your debit card details through skimming, through untrustworthy websites or by simply swiping it from your pocket or off the ground. But there is a key difference here. 

Credit cards are a line of credit product, which means the money being spent willy-nilly by a thief isn't technically yours - at first. If you report the fraudulent activity as quick as you can, banks can cut them off and often will declare these transactions invalid, meaning you don't have to repay anything. Credit cards can also have extra fraud protection technologies that debit cards don't always have. 

Debit cards, on the other hand, are a direct link to your money. A thief can clean you out of your entire savings account before you even realise it, although there's a good chance suspicious activity on your account will still be reported. A lot of debit cards still have a zero liability policy, which means you will still be reimbursed. But if the money is already gone, it could be weeks or even months before the card company investigates your claim and returns the money. 

How to avoid credit card fraud 

There are many different types of credit and debit card fraud, which means there are also many ways to avoid it. Doing any of the following could help keep you safe from fraud. 

Keep your anti-virus software up-to-date 

Keeping the anti-virus and security software on your computer up to date can be an easy way to protect yourself from fraud if you do a lot of your banking or shopping online. Just make sure it's a licensed, trusted anti-virus software: there are fake anti-virus programs that masquerade as real ones only to do the very thing you tried to stop by stealing your details. 

Some anti-virus programs offer paid versions, which can be worth investing in to keep your details protected. 

Don't trust suspicious sites 

Don't enter credit card details on any site that isn't listed as 'secure': you can check for this by looking for the security certificate in the top left corner of the URL (there should be a little lock icon) or by looking for a 'https://' at the beginning. The S means there is added security and reduces the likelihood of fraud. 

Also, be wary of sites that don't let you use secure payment methods like PayPal. Customer reviews online can also be a good indication of how trustworthy a website can be. 

Be sceptical of strange messages

We've touched on this already, but phishers can trick you into giving your details to fake companies or people that look real. If you ever get an email or text message from an official-looking website asking you to click on a link and hand over your details, delete it straight away. And if you get a phone call asking for the same, hang up. In general, avoid reading your credit card details out loud over the phone, especially not to someone you weren't expecting. 

Review each statement when it comes 

If your card has been used by someone who isn't you, reading your monthly statement is a sure-fire way to pick up on it. This goes for other bank statements too - noticing any suspicious activity that's slipped past your bank's fraud detection services can cut off further fraud before it happens. 

Check your credit report too 

If someone's been applying for credit in your name or quickly running up a bunch of debts, doing a free check of your credit report can also clue you in. You can then contact your credit issuer or credit reporting bureau to get them to investigate the activity and have it removed from your credit history. 

Don't throw away important documents

Ever receive those financial documents in the mail that never get opened and immediately get tossed in the bin? If you've ever done this, it's possible (although unlikely) that fraudsters can access this information and use it to commit credit card fraud. If you do decide to get rid of them, things like bank correspondence, government letters and personal documents should be either shredded or otherwise rendered unreadable before they're tossed. 

It never hurts to play on the safe side. 

Lock your mailbox 

Another way to play on the safe side is to put a lock on your mailbox, as recommended by the Australian Payments Network. This can prevent 'card-not-received' fraud by stopping thieves from pinching your credit card before you ever see it. It can also stop them from gaining access to some of those letters we just talked about throwing away. 

Other ways to prevent credit card fraud include: 

  • Covering your PIN at an ATM 
  • Checking ATMs for signs of damage or tampering 
  • Locking or cancelling a card as soon as you notice it's missing 

What to do if you're the victim of a credit card scam 

The good thing about credit and debit cards is most of them have a zero liability policy, which means they don't hold you liable for "unauthorised transactions". These policies are enforced by the card issuer, like Visa, Mastercard or American Express, and essentially means your money is protected as long as: 

  • You have used reasonable care in protecting your card from loss or theft; and
  • You promptly reported loss or theft to your financial institution.

This is why it's so important to notify your financial institution about card fraud as soon as you can, allowing you to completely nullify the effects of the fraud. 

Report scams if you seen em' 

If you've been scammed, or see something you think is a scam or will lead to credit card fraud, there's no shortage of people you can get in touch with: 

  • You can call your local bank or police station 
  • You can get in touch with ACORN (Australian Cybercrime Online Reporting Network) 
  • You can report it to Scamwatch by the ACCC

Reporting potential credit card fraud before it happens could save someone else thousands of dollars. 

Savings.com.au's two cents 

Credit card fraud hurts thousands and thousands of Australians every year to the tune of hundreds of millions of dollars. It's easy to think you're too clever to be caught out by a scam, but the truth is credit card fraud can happen to anyone, often through absolutely no fault of your own. In saying that, there are several precautions you can take to help your chances of avoiding being robbed in this way. Keep your details secure and stay on top of when and where your credit card is being used and by whom. When you're on the internet, the more careful you are about where you enter your credit card details, the better.

This article was initially published in 2019 by William Jolly, and updated by Harry O'Sullivan in 2023.

First published on July 2019