Credit card fraud in ANZ showing no signs of abating

The average value of fraudulent credit card transactions is more than double that of valid purchases in Australia and New Zealand (ANZ), underscoring the need for consumers in the two countries to remain vigilant about credit card security.

According to RSA Security’s latest quarterly fraud report, the average transaction costs $173 while fraudulent transactions ballooned to $316 during the third quarter this year.

The security firm, however, noted that the 55% differential is not out of the ordinary – and considerably lower than the situation in Europe where the average valid transaction is $160, compared with the staggering $420 cost of an average fraudulent transaction.

“The average value of a fraudulent transaction will likely always be higher than that of a genuine transaction, since fraudsters regularly use stolen credit cards to make quick, high-value purchases, as these goods are easy to resell for a profit,” RSA said.

But RSA’s report also warned about the rise of a relatively new form of phishing attack, which it describes as “vishing”. Instead of being an email-based scam, the fraudsters make a voice call to the consumer or employee and elicit information directly over the phone.

RSA claimed that vishing currently accounts for less than 1% of all phishing attacks – which make up more than half of all fraud attacks – but it also warned about the rise of “reverse vishing.” This is much harder to spot, as it arises when someone looks for a business phone number online.

Vishing exploits take place when the website itself is a hoax, or a wrong telephone number has been inserted into a genuine website.

The individual then makes the call to that number, unaware that the number they have called has taken them directly to the fraudsters. Asked for all manner of information, the victims may innocently provide it, believing that they are speaking to a genuine employee of the company they thought they had called.

The Australian Communications and Media Authority (ACMA) recently warned about robocalls purporting to be from NBN Co, which operates the country’s National Broadband Network, telling people that unless they supplied personal information or made a payment, they would be disconnected.

“NBN Co will never make these unsolicited calls to request payment or bank account details. If you get a call that you suspect is a scam, hang up,” ACMA said.

Charities have also been vulnerable to this form of fraud, according to the Scamwatch website operated by the Australian Competition and Consumer Commission (ACCC). It has received more than 680 reports of fake charities so far this year and more than A$320,000 in reported losses.

One modus operandi identified by the ACCC is for the fake charity to set up a website and encourage donations, or to call people directly and take credit card details over the phone.

RSA’s quarterly report noted that often scammers will gain the phone number of an individual and initiate a call. “Victims, often unaware that fraudsters can use tactics such as caller ID spoofing, are more likely to be socially engineered by the personal touch of a human voice than an impersonal touch of an email,” it warned.

To avoid falling victim to reverse vishing, RSA recommended people to be very careful about where they get telephone numbers from, and if possible, check their authenticity with a second source such as an existing bill or receipt.

It also called for care to be exercised about information provided over the phone, and that suspicious activities should be reported as soon as possible.