Keeping your card data under wraps: Top tips for shopping safely online

Australian consumers and retailers are embracing the convenience of online payments, with Reserve Bank of Australia statistics showing that e-commerce in Australia grew by 27% in 2018 – almost double the 14% growth figure of 2017.

Unsurprisingly, the NAB Online Retail Sales Index shows that our biggest months for online shopping are November and December, which last year continued to grow at about 9% year-on-year. Big online events such as Black Friday, this year on 29 November, and Cyber Monday, on 2 December, have become fixtures of the Australian retail calendar in recent years, adding to the already busy online traffic in the lead-up to Christmas. 

 with-growth-comes-internet-fraud"> With growth comes internet fraud

In line with global trends, the shift towards online payments in Australia has also seen a rise in e-commerce fraud. Termed “card-not-present (CNP)” fraud by the payments industry, data from the Australian Payments Network shows it accounted for 85% of all fraud on Australian cards in 2018. CNP fraud occurs when valid card details are stolen and then used to make fraudulent transactions online. 

Combatting CNP fraud is a priority for the e-commerce community, with initiatives including the CNP Fraud Mitigation Framework and a range of fraud identification and prevention tools available to merchants. Importantly, Australian consumers are not liable for fraud losses and will be refunded if they have taken “reasonable care” with their confidential data. However, card fraud prevention needs to happen at every level – so what can you do to reduce your risk when shopping online? Here are three key considerations.

1. Know who you are dealing with

Often, fraudsters count on online shoppers being less careful during busy periods. With the peak Christmas shopping period upon us, we need to be security-aware and take simple steps to reduce our risk. 

When taking advantage of bargains offered online, it’s important to be aware of scams; if an offer looks too good to be true, it probably is. It may be worth taking a few minutes to ensure that the online merchant is legitimate, for example, by doing some simple desktop research and checking reviews to see what experiences other consumers have had with the site. Only provide card details on secure and trusted websites – look for a locked padlock icon in the toolbar and/or ‘https’ in the website’s address.

2. Use authentication tools

Many financial institutions and merchants also use a variety of tools to authenticate that the online shopper is the legitimate card owner.  For example, and particularly for higher-risk transactions, these can include one-time passwords delivered by SMS or through a mobile app, physical biometrics such as checking fingerprints or facial recognition, or behavioural biometrics such as keystroke recognition. It’s important to register for your financial institution’s online security solutions and use them whenever prompted for an added layer of security

3. Be cautious of emails and texts from unknown sources

Fraudsters use a variety of techniques to target consumers online, including inserting code and malicious software (malware) onto their computers or mobile devices, and phishing attacks to capture sensitive card data or cardholder passwords. Malware and phishing attacks are becoming increasingly sophisticated. With this in mind, be cautious when clicking on hyperlinks in emails and text messages sent by an unknown contact. As a rule, personal details should not be provided to anyone unless they are a known and trusted contact, especially if it includes anything related to payment. 

Other safety measures include:

• use strong passwords on all your devices and any online logins and change them frequently
• keep security software and operating systems on your phone, computers and tablets up to date and do a full virus and malware scan regularly
• only download trusted programs and apps – if in doubt, do some research and look at reviews

As a general rule, check your bank and credit card statements regularly and report any unusual transactions to your financial institution immediately.  

Header Image Source: Prostock-Studio (Shutterstock)

About Andy White

Andy White is the CEO of Australian Payments Network. Prior to AusPaynet, he worked at ASX, the Bank of England and LCH.Clearnet. Andy is also a Member of the Advisory Committee to Australia’s Data Standards Body, a Member of the Board of Advisors to the Payment Card Industry Security Standards Council, and Deputy Chair of the Emerging Payments Association Asia.