Australian Cyberfraud: Holding the Line on Payment Card Fraud While Scam Attempts Increase

Stas Alforov and Christopher Thomas of Gemini Advisory have issued a new report on cyberfraud in Australia.  While things seeming to be getting worse all over the world and Australia has also experienced more incidents, there’s a bit of good news in their report: the rate of worsening is slowing down in Australia – at least when you look at payment card fraud.  Key findings from Gemini Advisory’s analysis included a 1.39% decrease overall in card fraud, although the decrease was not uniform: Card Not Present (CNP) fraud, which comprises most of the fraud overall, decreased, while the much lower Card Present (CP) fraud rates actually increased.

A deeper dive into their data using the metric of number of Australian-issued payment cards offered for sale on the dark web revealed that during the past 12 months,  approximately 974,000 CNP and 94,000 CP records were compromised. In the preceding year (from 2017 to 2018), there had been 1,025,000 CNP and 63,000 CP records offered for sale in the dark web.

And in what may make Australia the golden country of the week in cybersecurity, the researchers found that Australia was the only APAC country to have a decrease in some fraud statistics the past year.

Australia’s CNP payment card fraud dropped by 4.58%, which was greater than its 50.33% increase in CP fraud and resulted in an overall 1.39% drop in Australian payment card fraud. While India did have a drop in CP fraud by a full 48.95%, this was far offset by its 20.55% increase in CNP fraud, resulting in a 14.22% overall increase in exposure.

Australia thus stands alone among APAC’s top five economies as the only
country with a decrease in the volume of payment cards offered for sale in the dark web from October 1, 2018 to September 30, 2019.


APAC fraud rates increased in all 5 economies except for Australia. Source: Gemini Advisory.

The researchers also report that Magecart continues to be one of the most effective attack methods.  Earlier this week, the FBI issued a PSA about e-skimmers, and Gemini Advisory’s report confirms the need for more defenses, noting that

In August and September, Gemini discovered over 100 malicious domains worldwide that employ Magecart skimmers, many of which are disguised as legitimate websites.

What Australians will also need to increase vigilance about is a rising attack vector of social engineering schemes designed to obtain consumers’ payment card information. Gemini Advisors confirm reports by KPMG that detailed the increasing prevalence of these schemes, noting:

We are seeing a disproportionately high volume of scam attempts on Australians – there were 177,000 scam reports here last year, costing almost half a billion dollars. This compared to around 85,000 scam reports in the US and UK, with far bigger populations. This covers a wide variety of scams – defined in our report as ‘social engineering’ frauds – including investment, romance, crypto-currency, False billing and tax office/government agency scams.

Read their full report on

About the author: Dissent

Comments are closed.