How to reduce card not present fraud

Card-Not-Present (CNP) fraud represents almost 85% of all card fraud in Australia. To help combat CNP fraud, the Australian payments industry body, AusPayNet, have implemented a new fraud mitigation framework. APN is a self-regulatory body set up by the payments industry to improve the safety, reliability, equity, convenience and efficiency of payment ecosystem in Australia. This framework is designed to collaboratively reduce eCommerce fraud across the Australian Payment Industry. It uses an industry-wide approach to reduce CNP payment fraud for:

merchants (businesses)
consumers (customers)
issuers (banks)
acquirers (card providers)
card schemes (payment networks)
payment gateways (online services that authorise payments)
payment system providers and (services that accept electronic payments)
regulators (like APRA or ASIC).

The success criteria of this framework will be a reduction in online fraud across the payment industry as we continue to build consumer trust and support the growth of eCommerce.

As a NAB merchant, it’s important to remain compliant and minimise your risk of accepting fraudulent payments. To help, we recommend implementing a strong customer authentication (SCA). This will help protect your businesses from fraudulent behaviour, and also reduce the likelihood that you go over the merchant fraud rate threshold. Other things you can do are:

ask for comprehensive customer details
complete validity checks
ask for identification for the delivery of goods and
invest in a fraud management tool.

What is Strong Customer Authentication (SCA)?

Strong Customer Authentication (SCA) is also known as a two-factor (2FA) or multifactor authentication method. It’s used to authenticate and verify the cardholder’s identity during a transaction and helps to reduce the risk of fraud and account takeover. SCA uses three categories to check your identity:

something you know – a password, passphrase, an answer to secret question or a pin
something you have – a credit card, hardware token or smartphone
something you are – biometrics scan (finger, facial, retinal, voice, iris).

The merchant rate fraud threshold is an indicator for intervention. We calculate the merchant fraud rate basis points (bps), with the following formula:

Merchant fraud rate basis points (bps) = Value F / Value T x 10,000

Value F = value of fraudulent settled, online CNP transactions per quarter
Value T = value of all settled, online CNP transactions per quarter

You’ll go over the merchant fraud rate threshold if:

your merchant fraud rate is greater than 20bps and
you’ve experienced over $50,000 worth of fraud in a quarter.

Should this happen, we’ll get in touch to help you reduce the level of fraud your business is experiencing. Depending on the severity and frequency of the fraud, we’ll guide you through four stages of fraud prevention.

Stage one

If you exceeded the merchant fraud rate for one quarter, we’ll start working with you to take measures to reduce your fraud rate.

Stage two

If you exceeded the merchant fraud rate for two quarters, you’ll be required to perform an SCA on all transactions.

Stage three

If you exceeded the merchant fraud rate for three quarters, you’ll be required to pass all transactions to the issuer to perform an SCA on all transactions.