How to reduce Card Not Present fraud

The industry wide fraud mitigation framework

Card Not Present (CNP) fraud represents almost 85% of all card fraud in Australia. To help combat CNP fraud, the Australian payments industry body, AusPayNet, opens in new window, have implemented a new fraud mitigation framework, opens in new window. APN is a self-regulatory body set up by the payments industry to improve the safety, reliability, equity, convenience and efficiency of payment ecosystem in Australia. This framework is designed to collaboratively reduce eCommerce fraud across the Australian Payment Industry. It uses an industry-wide approach to reduce CNP payment fraud for:

merchants (businesses)
consumers (customers)
issuers (banks)
acquirers (card providers)
card schemes (payment networks)
payment gateways (online services that authorise payments)
payment system providers and (services that accept electronic payments)
regulators (like APRA or ASIC).

The success criteria of this framework will be a reduction in online fraud across the payment industry as we continue to build consumer trust and support the growth of eCommerce.

What you can do to prevent CNP fraud

As a NAB merchant, it’s important to remain compliant and minimise your risk of accepting fraudulent payments. To help, we recommend implementing a strong customer authentication (SCA). This will help protect your businesses from fraudulent behaviour, and also reduce the likelihood that you go over the merchant fraud rate threshold. Other things you can do are:

ask for comprehensive customer details
complete validity checks
ask for identification for the delivery of goods and
invest in a fraud management tool.

What is Strong Customer Authentication (SCA)?

Strong Customer Authentication (SCA) is also known as a two-factor (2FA) or multifactor authentication method. It’s used to authenticate and verify the cardholder’s identity during a transaction and helps to reduce the risk of fraud and account takeover. SCA uses three categories to check your identity:

something you know – a password, passphrase, an answer to secret question or a pin
something you have – a credit card, hardware token or smartphone
something you are – biometrics scan (finger, facial, retinal, voice, iris).

The merchant rate fraud threshold

The merchant rate fraud threshold is an indicator for intervention. We calculate the merchant fraud rate basis points (bps), with the following formula:

Merchant fraud rate basis points (bps) = Value F / Value T x 10,000

Value F = value of fraudulent settled, online CNP transactions per quarter
Value T = value of all settled, online CNP transactions per quarter

Exceeding the merchant rate fraud threshold

You’ll go over the merchant fraud rate threshold if:

your merchant fraud rate is greater than 20bps and
you’ve experienced over $50,000 worth of fraud in a quarter.

Should this happen, we’ll get in touch to help you reduce the level of fraud your business is experiencing. Depending on the severity and frequency of the fraud, we’ll guide you through four stages of fraud prevention.

Stage one

If you exceeded the merchant fraud rate for one quarter, we’ll start working with you to take measures to reduce your fraud rate.

Stage two

If you exceeded the merchant fraud rate for two quarters, you’ll be required to perform an SCA on all transactions.

Stage three

If you exceeded the merchant fraud rate for three quarters, you’ll be required to pass all transactions to the issuer to perform an SCA on all transactions.

Stage four

If the fraud rate continues to be breach the threshold, the acquirer will face sanctions.

Cyber safety tips for your business

First line of defence for cyber threats

Learn how you can help keep your business safe with the Cisco Umbrella cyber security solution.

Don’t let your business data be held to ransom

Tips for protecting your business and data from ransomware attacks.

Safely storing your data

Your stored business data travels in and out of your network. What key controls can you put in place to ensure it’s safe?

Contact us

Email us

If you receive a suspicious email message, report it immediately.

phish@nab.com.au

Text us

If you receive a suspicious text message, report it immediately.
047 NAB 0003

0476 220 003

Important information

This section contains Important Information relevant to the page you are viewing, but you can't see it because you have JavaScript disabled on your browser. Please enable JavaScript and come back so you can see the complete page. It's important that you read the Important Information in this section before acting on any information on this page.

Offer NAB Now Pay Later

Offer $300 cashback

View calculators

Refinancing your home loan?

$0 international transfer fee

New NAB Bookkeeper

You might be interested in

Unsecured business finance

Related tools and calculators

Offer Get 150,000 bonus Qantas Points

Offer 6 months free NAB EFTPOS machine rental

Related tools and help

NAB Connect

$0 international transfer fees

New NAB Bookkeeper

You might be interested in

The Morning Call Podcast

The Morning Call Podcast

Improve your cyber security

More about sustainability

Need more help?

Troubleshooting guides