RBA targets online crooks
Retailers to bear brunt
GREEDY online retailers face an RBA-backed crackdown after failing to combat creditcard fraud – intentionally – as senior police admit for the first time that most cyber-theft isn’t even investigated.
News Corp Australia can today reveal large web-based businesses have allowed card fraud to flourish after calculating the cost of losing genuine customers put off by cumbersome checks is greater than simply refunding victims.
The first widespread authentication system, introduced about five years ago, required online customers to set up a complex password during their first purchase and remember it for future buys. That led to drop-out rates of about seven per cent among those who had already provided card details and clicked “buy now”.
In comparison, fraud rates are considered unacceptably high if they are above 0.2 per cent of sales, meaning it has been less expensive to repay victims.
While this choice has made financial sense, it has incensed the Reserve Bank of Australia, which has become increasingly worried that confidence in online commerce could collapse as more and more consumers are compromised.
So it has forced the payments sector to set tough new rules compelling retailers with high fraud rates to overhaul online order processing.
Between 100 and 200 large dotcom merchants are expected to be the first affected.
It’s understood that initial group accounts for about 70 per cent of the “card not present” fraud problem, which has ballooned to nearly $500 million a year.
These retailers will be made to add authentication measures such as having a one-time PIN sent to the mobile number linked to the card, or requiring a thumbprint. Sources said desktop purchases could be verified through facial recognition via a webcam or even by comparing typing patterns.
Merchants with high fraud rates that fail to add the extra verification measures will face financial penalties.
But because the new regime will be applied by all banks and card schemes, there will be little option but to comply.
The industries expected to be hardest hit in the crackdown include travel, dietary supplements and foreign exchange.
Cyber-crooks took about $478 million in online credit card fraud in 2017-18 up from $444 million in the prior year.
In most cases, refunds are paid to people whose cards are used to make dodgy buys.
About 80 per cent of the time it is the merchant that repays the customer, not the bank. This cost is typically passed on to customers through higher prices, sources said.
The new regime aims for a July 1 start.
Amy Bradney-George was catching up with her sister, who was visiting from Canada for Christmas, when the text message alert came through.
Had she tried to make a $US613.90 ($860) purchase in the US state of Maryland?
The answer, of course, was no. The Melburnian’s bank had already rejected the attempted buy because she had failed to respond to its earlier message requesting that she enter a one-time PIN to confirm the transaction.
Over time, more merchants will be forced to add extra checks.