Staggering Payment Fraud Statistics You Need to Know

Niek has worked at Eftsure for several years and has developed a clear understanding of the cyber threat landscape and the controls Australian businesses put in place to combat these threats.

Payment fraud isn’t just bad news for individual consumers; it’s also a huge drain on businesses that are defrauded every year. By 2030, payment card fraud losses are projected to hit $49 billion and it continues to grow rapidly year after year.

Here are some staggering payment fraud statistics that every business should know about to protect themselves from scammers and reduce the burden of payment fraud on their bottom line.

Author’s Top Picks

  • 25.5% of fraud and scam victims lost more than $1,000 in the most recent incident.
  • Payment fraud is expected to continue increasing and is projected to cost $40.62 billion in 2027.
  • Business email compromise (BEC) scams remain one of the most common causes of payment fraud in a majority of organisations. 71% had fallen victim of payment fraud via email.
  • Almost 40% of cardholders do not have email or text alerts from their credit card company or bank enabled.

Payment fraud statistics

1. The most common type of fraud and scam that respondents experienced in the 12 months prior to the survey was paying money or providing sensitive information to a fake seller or buyer online (2.2%).

In an increasingly digital world, finance teams are still relying on manual controls and outdated processes, exposing themselves to potential cyber-risks. Cyber-criminals that are armed with sophisticated tactics can exploit these controls to commit financial fraud. To combat such threats, AP teams must prioritise the adoption of secure payment methods.

2. Fraud and scam victims were the most likely to report financial losses (34.1%), followed by identity crime (28.7%). Direct financial losses were relatively uncommon for malware victims (4.4%) and online abuse and harassment victims (2.7%).

According to the report, most victims sought help from the police or ReportCyber to prevent cyber-crime from reoccurring. It’s important to note for consumers and organisations that there are services that provide assistance in the aftermath of a cyber attack such as IDCare. IDCare is Australia’s national identity and cyber support service for all individuals and businesses.

3. Fraud perpetrated in Australia using cards issued overseas increased by 16% to $95.4 million.

Each year the Australian Payments Network collects payment fraud data demonstrating how dangerous fraud is on Australian credit cards when used overseas. Australian merchants come across various types of fraud perpetrated such as card-not-present, counterfeit/skimming, lost/stolen, never received, fraudulent application and other forms.

4. 25.5% of fraud and scam victims lost more than $1,000 in the most recent incident.

To add further, 7% of fraud and scam victims lost more than $10,000.Most victims of cyber-crime do not recoup the money they have lost. A key takeaway is that CFOs can achieve substantial cost savings by investing in robust cybersecurity controls, as opposed to incurring financial losses from a potential cyber-attack.

5. 52% of companies generating at least $10 billion in annual revenue had experienced fraud in the past 24 months.

According to a payment fraud study, nearly one in five organisations said their most disruptive incident had a financial impact upward of $50 million. Large organisations typically deal with substantial financial transactions and valuable data, making them attractive targets for cyber-criminals. Much like the recent attacks seen in the press this year with Optus and Latitude Financial.

6. 64% of attempted or actual payments fraud were due to actions of an individual outside the organisation.

Payment fraud is a threat that businesses must protect against. To do so, they must educate their employees about payment fraud practices and rely on technology and methods to prevent it. CFOs can start by building a cybersecurity culture to raise awareness of payment threats and risks.

7. Internal fraud is one of the most common types of accounts receivable fraud. The average loss of nearly $1.8 million per case was due to this type of fraud.

According to the payments fraud statistics report by PYMNTs, internal fraud is often caused by a lack of solid internal controls related to accounts receivable (AR). Malicious employees otherwise known as insider threats take advantage of weak or absent internal controls in AR. As a result of manipulated financial transactions and lack of oversight, organisations incur significant financial loss.

8. Payment fraud is expected to continue increasing and is projected to cost $40.62 billion in 2027.

Payment fraud losses have more than tripled since 2011 and are expected to exceed $40 billion by 2027 according to the Global Payment Fraud report. The financial impact can be devastating to look at for all individuals.

9. 20% of reported payment frauds were carried out by internal and external perpetrators colluding.

All CFOs and Accounts Payable (AP) teams should be alert to internal perpetrators, also known as insider/internal threats. Since they have access to company data, employees with malicious intent often cause more harm than external perpetrators.

10. 70% of businesses believe fraudsters committing business payment fraud are ahead of the industry.

Every year, scammers come up with innovative ways to scam businesses. The growing threat of payment fraud is taking a toll on the reputation of financial institutions, and consumers are at risk. Fraudulent transactions can occur when fraudsters are impersonating suppliers and vendors through invoices, and executives through phishing tactics.

11. Four in ten businesses are utilising machine learning and intelligent payment routing to fine-tune fraud management. The adoption of these solutions has increased over the past years.

Over the past year, financial leaders are starting to identify the benefits of machine learning and AI. CFOs can leverage machine learning and AI to enhance fraud management by employing advance fraud detection algorithms and risk scoring. By replacing certain manual controls with automated controls, CFOs can streamline fraud management workflows.

12. Fraud limited international growth for 36% of companies using reactive, manual detection methods. Compared to only 5% of companies using proactive, automated solutions.

Small to medium enterprises (SMEs) are still incorporating manual controls even in the age of advanced technology. Solely relying on manual controls can be risky. It can lead to errors, inefficiencies and vulnerability. Particularly if there is insufficient resources or staff. The important thing for finance leaders is to have a balanced approach that combines both manual and automated controls in fraud management.

Credit card fraud statistics

13. 55% of organisations are utilising credit card verification services, making it the most used fraud prevention tool. This was followed by identity validation/verification services (50%) and two-factor phone authentication (44%).

Credit card verification still remains as the most commonly used fraud prevention tool. This tool makes it harder for cyber-criminals to infiltrate payment systems to due to strong authentication defence layers. Depending on the service, it can alert organisations in real-time, making it a great fraud detection tool.

14. The most common incidents of identity crime and misuse in the past year were suspicious transactions appearing in their bank statements or accounts, credit cards or credit reports (9.3%).

Credit card verification is a process that merchants my use to verify the identity of a consumer prior to making a transaction. This anti-fraud security feature helps businesses in creating a secure environment for consumers to make online transaction. Combating against unauthorised transactions. Similarly to credit card verification, Eftsure’s payment protection solution verifies the banking information of an organisation’s suppliers when processing electronic funds transfers (EFTs).

15. Business email compromise (BEC) scams remain one of the most common causes of payment fraud in a majority of organisations. 71% had fallen victim of payment fraud via email.

Any type of organisation regardless of size and industry can fall victim to BEC attacks. The current trend according to the 2023 AFP payment fraud report, is that fewer smaller organisations (with an annual revenue of less than $1 billion) were targeted of BEC. BEC attacks are initiated when organisations receive fraudulent emails impersonating an executive officer, supplier or employee of the business.

16. A 75.1% male population with an average age of 34 was found to commit credit card fraud in the United States.

Fraudsters are more likely to be males in their 30s, according to the 2019 United States Sentencing report. However, one shouldn’t assume that all fraudsters are the same age or are just a few individuals. There is no age limit to the types of criminal activity hackers engages in. A device or network is all that is required to perpetrate such malicious acts.

17. In 2021, credit card fraud made up 389,737 reports of the top 5 types of identity theft.

Other than Credit card fraud, there are other types of fraud, including government documents fraud, benefits fraud, loan/lease fraud, bank fraud, and employment/tax-related fraud. Fraudsters have a range of methods they can use to steal money from your bank account.

18. Corporate/commercial credit cards were the second most vulnerable to payments fraud. In 2021 26% of organisations had fallen victim, compared to 2022 with 36% fallen victim.

The percentage of organisations that were victims of fraud attacks via corporate/commercial credit cards rose from 26% to 36% in 2022. Its evident that emails are frequently used by cyber-criminals to infiltrate company networks. According to reports, despite extensive measures implemented like anti-fraud training and software, BEC still continues to be one of the primary sources of fraud at organisations.

19. Stolen card purchases via internet, phone, and mail-order will reach $10.16 billion by 2024 to make up 74% of all fraudulent card transactions.

Over the last couple years in-store payment security has been advancing, which has allowed the ecommerce industry has become a prime target for payment fraud. Despite the slowing growth of fraud in retail environments, the continued expansion of ecommerce transactions has led to a persistent high level of losses. This can pose a significant challenge for merchants and issuers, as fraud-related losses can impact their bottom line and destroy customer trust.

20. Nearly half of all American adults have had a fraudulent charge on their credit/debit cards with more than one in three card holders having experienced card fraud more than once.

Multiple fraudulent charges are common in the United States. According to research, 23% of respondents say they had a fraudulent charge on a credit card at least once, whereas 9% of individuals had been charged over 4 times.

21. Almost 40% of cardholders do not have email or text alerts from their credit card company or bank enabled.

For small businesses, it is vital to invest in security options for payments. Set up security alerts and email notifications to protect your business. Additionally, the use of complex passwords combined with pin codes can stop 99% of attacks.

22. Aussie card details were up for grabs on the dark web, selling between $1.40 and $26 with about 80% of the card details for sale.

Hackers have found a way to find cards without damaging databases, and their numbers are also being sold on the dark web. Hackers can do this using brute force attacks, which is the process of having computers guess your passwords in a short amount of time before finding the right combination.

23. The pandemic restrictions brought a sharp decrease in in-person shopping, however, online credit card fraud now accounts for 90% of all Australian card fraud.

To reduce your risk of online payment fraud, the Australian Payment Network suggests that you employ your financial institution’s fraud prevention options at all times. For instance, this involves fraud alerts that push notifications through to your phone anytime your account is used.

Authorised push payments (APP) fraud statistics

24. In 2022, there were around 207,000 reported APP fraud cases, a 6% increase on personal accounts and losses totalled £485.2 million.

APP fraud happens when a fraudster deceives an individual into sending a payment to a fraudulent bank account. The 207,000 reported cases is only a subset of payment firms. Unfortunately there are many cases that go unreported, which means that the APP fraud figure is likely to be a lot higher. Other than financial loss, consumers and businesses undergo indirect hardships like reputational damager or emotional distress.

25. The top three fraud tactics in 2022 are authorised push payment scams, card fraud and identity theft with APP scams being the most utilised.

Other than financial gain, there are other goals that cyber-criminals attempt to achieve. For instance, sensitive information and related company data are valuable to scammers. Scammers use this data in the dark web to commit other fraudulent activity.

26. 85% of CFOs currently investing or planning to invest in digital solutions for fraud prevention and risk management.

There are several digital solutions that can assist CFOs enhance their fraud prevention measures. This includes AI-powered fraud detection solutions, machine learning, blockchain technology, biometric authentication, digital identitiy verification and more. In a digital world, CFOs should look to implement a fraud prevention strategy that meets the needs and objectives of their organisation.

27. 4.8% of respondents received a ransom message on their device demanding payment in 12 months prior to the survey.

According to the AIC cybercrime Australia 2023 report, small to medium business owners, operators, and managers have experienced notably higher rates of all types of cybercrimes. The report highlights that Australia is an attractive target for opportunistic and motivated cyber-criminals, primarily due to the relative wealth of the Australian population.

28. Combined losses reached $227 million in 2021, compared to $128 million lost to business email compromise reported from the previous year.

According to reports from Scamwatch, large enterprises suffered a median loss of $4200 whereas smaller companies lost an average of $8000 to BEC scams and payment redirection. Emails are the main distribution channel used to perform this scam.

Counterfeit/Skimming fraud statistics

Skimming is a popular technique by which fraudsters steal credit card details by using a device attached to an ATM or a merchant’s terminal. Credit card counterfeiting is more common than people think. Using this information, a counterfeit card is then created to commit fraud.

30. Counterfeit/skimming fraud dropped by 34.1$ to $11.1 million reaching another record low in Australia.

The prevalence of counterfeit/skimming fraud in Australia has declined since the adoption of digital payments. The COVID-19 pandemic illustrates that restrictions and lockdowns have accelerated the previously occurring shift towards online payment channels. Due to the increased use of online transactions, fraud continues to increase.

31. Counterfeit/Skimming incidents were the second largest category accounting for 32% of all fraud.

Over 50% of all fraud cases in Australia are related to Card-Not-Present transactions, according to the Australian Institute of Criminology. Small businesses have found methods to make payments securely through the use of Apple Pay, Samsung Pay, and Google Play.

32. 8.1% of individuals (1.7 million) experienced card fraud, which was higher than the rate in 2020-21 (6.9%).

Counterfeit/skimming fraud can be challenging to manage due to the sophisticated techniques employed by cyber-criminals. They often use fake ATMs or payment terminals that closely resemble genuine ones, making detection difficult for consumers. Therefore, individuals should prioritise contactless payment methods like mobile wallets or contactless cards whenever possible.


When it comes to payment fraud, there are several tactics that fraudsters use:

Phishing: This involves sending a fake message to trick the recipient into disclosing sensitive information to the attacker or installing malicious software on the victim’s system such as ransomware.

Identity Theft: A fraudster can commit identity theft in several ways. It usually occurs when he or she uses someone’s identifiers, such as their name, identifying number, or credit card number, without their permission.

Business Email Compromise: Often referred to as spear phishing, business email compromise (BEC) is a type of targeted phishing where criminals target businesses and attempt to steal finances or goods through an email or invoice. Any employee can be targeted during a BEC attack.

Criminals know how to use technology to their advantage, and businesses need to recognize the risks and take precautions to avoid them. There are several solutions businesses can use to mitigate risks, such as segregation of duties, multi-factor authentication and tokenization.

If you believe that company funds have been stolen, or a data breach has occurred, you need to contact your bank right away and report the crime to the police. In our 7 tips to recover from fraud guide, we explore this in more detail.

Subscribe to our blog

Subscribe to the eftsure blog to receive updates when we post.

The new security standard for business payments

Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.