The Australian petrol-convenience industry, like many retail industries, is increasingly turning to mobile and online payment systems to reduce transaction costs and increase customer convenience. These developments are a good thing, but they also carry a significant risk for retailers.

That risk is credit card and debit card fraud.

Traditionally, when a customer presented a stolen credit or debit card for payment at a retail outlet the cost of this fraud has been borne by the relevant bank or financial institution. This practice largely occurred as a result of the bank trying to protect their own customers from loss but there was an onus on customers to report stolen or lost credit cards in a timely manner to minimise losses.

In recent years, however, the losses associated with card fraud in Australia has more than doubled. The explanation for this increase is almost solely due to growth in online and mobile payments which are generally referred to as card-not-present payments.

According to the Australian Payments Network, card-not-present fraud reached nearly $500M in 2018 ( While the rate of growth in this fraud is starting to slow, the total amount of card-not-present fraud is likely to have exceeded this figure in 2019 calendar.

The bad news is that most of this cost is being borne by retailers – not the relevant financial institution. The rationale for this stance is that financial institutions consider that the failure of fuel retailers to properly secure card data behind the paywalls of online payment systems constitutes the weak link in the payment system – and it is the retailer that is responsible for rectifying same.

“What this means is that if your business is starting to rely more heavily on mobile phone apps -whether they be your own or one operated by a third party – it is in your interest to ensure that proper steps have been taken to ensure that the card data stored behind the paywall is encrypted or otherwise secured”, said ACAPMA CEO Mark McKenzie

ACAPMA has been working with other national industry associations in recent months, in partnership with the Council of Small Business Organisations of Australia (COSBOA) to better understand this issue and the strategies that could be put in place to minimise this risk in the future.

“This work has culminated in the preparation of a submission to the Reserve Bank of Australia as part of the Bank’s review of Australia’s Retail Payment Regulation”, said Mark.

The submission proposes that the regulation be modified to require that all providers of online payment systems encrypt customers’ credit card data or utilise ‘token’ technology to reduce the risk of credit card data being stolen by hackers. Such action could therefore be used by the retailer to demonstrate to a financial institution that all reasonable measures have been taken to minimise this risk of fraud – and avert losses being borne by the retailer.

The RBA submission also addresses the issue of rising debit transaction costs by suggesting that the Retail Payment Regulation stipulate a requirement for dynamic Least Cost Routing (LCR) functionality to be made available in all merchant fee systems used in Australia.

At the moment, the LCR technology that has been introduced by the major financial institutions over the last 12 months is ‘dumb LCR’ technology that requires the fuel retailer to choose one of two technology gateways (i.e. EFTPOS or VISA/Mastercard) for processing all debit transactions.

Such an approach requires all retailers to have a detailed understanding of both the structure of their merchant fees and the value and volume of all payments received each year, to determine which payment gateway works best for them.

“Such an approach is ludicrous and means that fuel retailers – like all other retailers – have no real way of minimising the cost of their debit transactions”, said Mark.

COSBOA’s RBA submission suggests that this issue should be addressed by requiring payment system providers to introduce ‘dynamic LCR’ technology which identifies the least cost processing fee in real time for each and every transaction processed by the retailer.

“With all fuel retailers being exposed to increasing volumes of ‘pay wave’ style transactions and processing online payment transactions via fuel apps and platforms like Uber Eats for non-fuel products, these issues are going to become more significant in the future”, said Mark

“It therefore follows that these are issues that all of us should be aware of to ensure we are taking reasonable steps to avoid losses due to fraud and minimise future transaction costs”, concluded Mark.