The industry wide fraud mitigation framework
Card Not Present (CNP) fraud represents almost 85% of all card fraud in Australia. To help combat CNP fraud, the Australian payments industry body, AusPayNet, have implemented a new fraud mitigation framework. APN is a self-regulatory body set up by the payments industry to improve the safety, reliability, equity, convenience and efficiency of payment ecosystem in Australia. This framework is designed to collaboratively reduce eCommerce fraud across the Australian Payment Industry. It uses an industry-wide approach to reduce CNP payment fraud for:
- merchants (businesses)
- consumers (customers)
- issuers (banks)
- acquirers (card providers)
- card schemes (payment networks)
- payment gateways (online services that authorise payments)
- payment system providers and (services that accept electronic payments)
- regulators (like APRA or ASIC).
The success criteria of this framework will be a reduction in online fraud across the payment industry as we continue to build consumer trust and support the growth of eCommerce.
What you can do to prevent CNP fraud
As a NAB merchant, it’s important to remain compliant and minimise your risk of accepting fraudulent payments. To help, we recommend implementing a strong customer authentication (SCA). This will help protect your businesses from fraudulent behaviour, and also reduce the likelihood that you go over the merchant fraud rate threshold. Other things you can do are:
- ask for comprehensive customer details
- complete validity checks
- ask for identification for the delivery of goods and
- invest in a fraud management tool.
What is Strong Customer Authentication (SCA)?
Strong Customer Authentication (SCA) is also known as a two-factor (2FA) or multifactor authentication method. It’s used to authenticate and verify the cardholder’s identity during a transaction and helps to reduce the risk of fraud and account takeover. SCA uses three categories to check your identity:
- something you know – a password, passphrase, an answer to secret question or a pin
- something you have – a credit card, hardware token or smartphone
- something you are – biometrics scan (finger, facial, retinal, voice, iris).
The merchant rate fraud threshold
The merchant rate fraud threshold is an indicator for intervention. We calculate the merchant fraud rate basis points (bps), with the following formula:
Merchant fraud rate basis points (bps) = Value F / Value T x 10,000
- Value F = value of fraudulent settled, online CNP transactions per quarter
- Value T = value of all settled, online CNP transactions per quarter
Exceeding the merchant rate fraud threshold
You’ll go over the merchant fraud rate threshold if:
- your merchant fraud rate is greater than 20bps and
- you’ve experienced over $50,000 worth of fraud in a quarter.
Should this happen, we’ll get in touch to help you reduce the level of fraud your business is experiencing. Depending on the severity and frequency of the fraud, we’ll guide you through four stages of fraud prevention.
Stage one
If you exceeded the merchant fraud rate for one quarter, we’ll start working with you to take measures to reduce your fraud rate.
Stage two
If you exceeded the merchant fraud rate for two quarters, you’ll be required to perform an SCA on all transactions.
Stage three
If you exceeded the merchant fraud rate for three quarters, you’ll be required to pass all transactions to the issuer to perform an SCA on all transactions.
Stage four
If the fraud rate continues to be breach the threshold, the acquirer will face sanctions.
Cyber safety tips for your business
First line of defence for cyber threats
Learn how you can help keep your business safe with the Cisco Umbrella cyber security solution.
Don’t let your business data be held to ransom
Tips for protecting your business and data from ransomware attacks.
Safely storing your data
Your stored business data travels in and out of your network. What key controls can you put in place to ensure it’s safe?
Contact us
Email us
If you receive a suspicious email message, report it immediately.
Text us
If you receive a suspicious text message, report it immediately.
047 NAB 0003
Important information
Apologies but the Important Information section you are trying to view is not displaying properly at the moment. Please refresh the page or try again later.