COVID-19: Alert bar

Help protect your business from transaction fraud

How people pay for goods and services has changed since the start of the COVID-19 pandemic.1 An increase in digital transactions – including online payments to more frequent contactless touch and go payments – can open up new fraud opportunities. Is your business ready to handle these potential issues?

Key points

  • People are using digital payment methods more often since the COVID-19 outbreak.
  • This has led to increased potential for transaction fraud.
  • There are steps your business can take to help avoid these dangers.

COVID-19 has changed the way many businesses operate. Gym owners and personal trainers now livestream exercise classes into the homes of members. Financial advisors and insurance agents are assisting clients virtually through video conferencing tools. And mental health professionals are helping those in need over the phone instead of in person.

But it’s not just the services that have changed. There has also been a shift in the way consumers pay for these services, with new habits potentially here to stay.

In her keynote address at the Morgan Stanley Disruption Evolved Webcast on 3 June, Reserve Bank of Australia Assistant Governor (Financial System) Michele Bullock said COVID-19 caused a major shift in the world of transactions.

“…the health crisis has also disrupted aspects of the retail payments system; payment patterns have seen large, sudden shifts as merchants and consumers have changed both their payment preferences and their mode of interaction.”2

She went on to say, “The anecdotal evidence suggests there has been some behavioural change. It has come from fast-changing consumer and merchant payment preferences, changing purchasing behaviour and responses by payment service providers to facilitate change.”

These behaviours have even changed in instances where people are meeting in person. Commonwealth Bank reported a record number of digital wallet transactions in March 2020 based on analysis of Visa and MasterCard users, with spend totalling $1billion.3

The 36million digital wallet transactions represented a 17% increase from February 2020.4 In April, the Australia Payments Network increased the limit for contactless tap and go payments that don’t require PIN entry from $100 to $2005 in light of social distancing efforts.

There has also been a widespread rise in fraud6 during the COVID-19 pandemic, with scammers adopting different tactics.

“Criminals still use bots to try to automate fraud, but given the automation of fraud protection rules now we’re seeing them manually attempt to get around controls,” says Susan Nicholson, Australia Post’s Head of Business and Government Financial Services.

Merchant initiated fraud or merchant bust-out fraud

Another trend is scammers imitating businesses to defraud customers. This is known as merchant initiated fraud or merchant bust-out fraud. For example, if someone applies for a merchant account without intending to operate a legitimate business, but instead process fraudulent transactions, this is known as merchant ‘bust-out fraud’.7

It can present reputational risk if a fraudster appropriates your business name and sends customers statements for payment, and these accounts can stay dormant for some time – waiting for the right time to strike with a high volume of fraudulent transactions.

This can be an issue when transactions traditionally conducted in person move online. New fraud opportunities opened when Australian state governments moved conveyancing online via the PEXA platform. In one instance, hackers accessed a conveyancer’s email login details, established a presence on PEXA and scammed a Melbourne family into sending a $250,000 payment.8

“This is why strong KYC processes (Know Your Customer) are an important component of managing your payment gateway. Fraudulent payments made using credit cards will also trigger a trail of chargebacks – which is usually a warning sign,” explains Nicholson.

Chargeback fraud

Chargeback fraud is another major issue for businesses, especially as they shift to more online or ‘card not present’ payments’. It sees a cardholder fraudulently requesting payment returned (or charged back) to their account after receiving goods and services.

You may only realise that you’ve processed a fraudulent transaction when a chargeback fee appears one to three months later.9 For example, with ‘refund fraud’, a fraudster uses a stolen card to fund a transaction, then later requests a refund onto a different card. To address this, “Australia Post’s SecurePay10 only allows refunds onto the same card used in the transaction,” notes Nicholson.

Determining the legitimacy of a chargeback for businesses can be difficult, especially in the wake of the COVID-19 pandemic cancelling thousands of events and travel plans.11

Being able to accurately process a chargeback can hinge on verifying the identity of the person making the request. This verification can not only slow down the process and anger customers, but also potentially see business owners incorrectly deny legitimate requests.

How new 3DS2 technology can help prevent fraud

The Australian Competition and Consumer Commission’s Scamwatch reported 15,455 buying or selling scams in the first five months of 2020.12

“There’s no way a business can manage the amount of criminal activity that’s going on in the digital space,” Nicholson says. “That’s why having a strong payment gateway is so important.”

One solution is Australia Post’s SecurePay, winner of the 2019 NORA award for Best Security/Anti-Fraud solution13. In 2019, more than 80,000 business customers used SecurePay to manage 359million transactions worth $69billion.14 SecurePay partners with NAB to provide its merchant accounts.

SecurePay’s fraud-fighting tools include FraudGuard, which allows businesses to set rules to control online transactions – such as maximum purchase amounts – which can be adjusted by the payee’s country of origin.

This can help you control transactions when a customer’s IP location is in a high-risk country, or has a suspicious email domain. The idea is to detect fraud before it happens.

And SecurePay is getting even stronger, with new technology that could make it even harder for scammers to take advantage of businesses and their customers. Nicholson says SecurePay will soon be equipped with 3D Secure 2.0, also known as 3DS2, authentication, which is being rolled out across the industry.

“The only difference for the customer is when you go to the payment gateway, there will be a few different fields to complete.”

Business owners don’t need to do anything on their end to implement 3DS2 other than choose a payment gateway equipped with it, such as SecurePay.

Three ways 3DS2 tech can help your business and your customers:

  1. Manual verification. Many customers might be used to putting in passwords or answering security questions to verify identity when making online payments. But these static methods can pose security risks. 3DS2 opts for two-factor authentication methods that help increase online safety and also can provide a smoother experience for customers.15
  2. Data points. With 3DS1, there were only 15 pieces of identity verification data that could be used. 3DS2 can instantly analyse up to 100 pieces of data.16 This can not only help prevent fraud, but can also help prevent false fraud claims that inconvenience customers and clients.
  3. Potential to reduce costs. Fully authenticated payments, such as with 3DS2, have higher approval rates and lower fraud rates. This helps lower customer service costs and can also reduce the risk of lost revenue from fraud and chargebacks.17

The way your customers and clients are paying for your services is changing. As 3DS2 technology becomes available in Australia, you might want to consider looking for a payment gateway that has this technology built in. It could play a major role in customer satisfaction and help prevent thousands of dollars in losses due to fraud.

This article is provided for general information purposes only and is not intended to be specific advice for your business needs.

1 Panic, Pandemic and Payment Preferences, Reserve Bank of Australia, 03 June 2020

2 Panic, Pandemic and Payment Preferences, Reserve Bank of Australia, 03 June 2020

3 Digital wallet transactions soar amid coronavirus constraints, Commonwealth Bank, 9 April 2020

4 Digital wallet transactions soar amid coronavirus constraints, Commonwealth Bank, 9 April 2020

5 Changes to contactless PIN limit, Australian Payments Network, 03 April 2020

6 The rise of fraud in times of disruption, June 22 2020 Australia Post

7 Three Types of Merchant Fraud: A Guide For Merchant Acquirers, Finextra 2017

8 PEXA beefs up security controls after home sale fraud, IT News, 25 June 2018

9 How smart eCommerce players beat online fraud, October 2018 PayPal

10 NAB provides SecurePay’s merchant banking services, which includes the authorisation, processing and settling of the cardholder's card transactions to the merchant

11 Chargebacks in the time of COVID-19, Australia Payments Network, 17 April 2020

12 Scamwatch ACCC: calculated from monthly totals provided as January – May 2020

13 SecurePay, Australia Post

14 SecurePay data provided for calendar year 2019: SecurePay and NAB transactions

15 EMV 3DS NuData Overview, Australia Post 2019

16 EMV 3DS NuData Overview, Australia Post 2019

17 EMV 3DS NuData Overview, Australia Post 2019. MasterCard data indicates approval rates increase 12% with full authentication, and fraud rate decreases 27bps, with full authentication

Get business stories, ideas and offers in your inbox each month.