• Stand Up to Fraud

    Whether you're a seasoned entrepreneur or just starting your journey, this Fraud Prevention Toolkit has been designed to help you safeguard your business against fraud and ensure your long-term success.

Safeguarding your small business against potential risks and threats

Running a small to medium-sized business (SMB) can be a rewarding if sometimes challenging experience. Business owners need to manage a range of issues, from creating a great customer experience and managing finances, to staying competitive and increasingly, addressing the rising threat of fraud. We provide businesses with the tools and confidence they need to thrive in the digital economy. Our priority is keeping money safe from fraud to offer peace of mind for businesses and their customers. With this toolkit we want to help you understand the different types of fraud that threaten SMBs, better assess the risks to your business, and take practical steps to keep your business, and your customers, secure. By helping you make informed decisions to reduce the risk of fraud, we want to help you get back to what you do best: growing your business.

Dive in, explore the resources, and take proactive steps to protect your business from potential threats.

95 % Scam reports by New Zealand businesses grew by 95% in 2023¹. 

$ 1.9 Mil New Zealand businesses lost $1.9 million to scams in 2023¹.

_______________________________________
¹ Own Your Online, NZ businesses hit hard by scams in 2023 – CERT NZ, Mar 2024, https://www.ownyouronline.govt.nz/news-and-alerts/new-zealand-businesses-and-organisations-hit-hard-by-scams-in-2023-cert-nz/

Identifying, preventing and acting on the most common types of scams and fraud

As part of our ongoing commitment to preventing fraud, we have identified the most common types of scams and fraud that small to medium-sized businesses experience. Learn how to protect your business from falling victim to them:

man and woman at shop desk

Enumeration and card testing attacks

Learn about enumeration and card testing attacks

man in hat taking notes

Ransomware attacks

Learn about ransomware attacks

man with headphones sat at table

Billing fraud and false invoices

Learn about billing fraud and false invoices

woman holding plant

Authorised Push Payment (APP) fraud

Learn about authorised push payment (APP) fraud

two women in clothes shop

Remote purchase / card-not-present fraud

Learn about remote purchase / card-not-present fraud

person cutting flowers

Fraudulent chargebacks

Learn about fraudulent chargebacks

  • Enumeration and card testing attacks

    man and woman at shop desk man and woman at shop desk

What are enumeration and card testing attacks?

Enumeration fraud and card testing attacks happen when criminals try to confirm stolen card details through payment systems. In enumeration fraud, attackers use automated programmes to guess card information like the CVV or expiration date. Card testing involves making small purchases or donations to check if the stolen card details are still valid. Both methods are used to find active cards for larger fraudulent transactions. These attacks can lead to financial losses and more chargebacks for businesses.

40 % Enumeration attacks increased 40% globally during the period between January - June 2023.

  • Phishing scams

    man sat in chair using laptop man sat in chair using laptop

What is a phishing scam?

Phishing scams trick people into giving away sensitive information like passwords, credit card details, or financial data by pretending to be a trusted source, such as a bank or phone network. Scammers often use fake emails or websites to deceive victims. They may also use text messages (Smishing) or phone calls (Vishing) to achieve the same goal. These scams often create a sense of urgency to make people act quickly. Once successful, phishing can lead to identity theft, financial loss, or access to personal accounts.

2 % increase, with 4,407 cases reported².

_______________________________________

² CERT NZ, 2023 Report summary, 2024, https://www.cert.govt.nz/assets/Uploads/Quarterly-report/2023-q4/cert-nz-2023-report.pdf

 

  • Ransomware attacks

    man in hat taking notes man in hat taking notes

What is a ransomware attack?

Ransomware attacks occur when hackers lock or encrypt important data, then demand payment, often in cryptocurrency, to unlock it. Victims face tough choices: pay the ransom with no guarantee of data recovery, or refuse and risk losing data permanently, along with financial losses and business disruption. Often these attacks involve the threat of public disclosure of confidential data, which runs the risk of reputational damage for businesses. These attacks usually exploit weaknesses in outdated software or trick users through phishing. 

50 % reduction in ransomware incidents Reported ransomware incidents in New Zealand declined significantly, despite global trends of ransomware being a pervasive threat. While the National Cyber Security Centre (NCSC) responded to approximately half the incidents reported in 2023/2024 financial year compared to 2022/2023, the severity of impact from ransomware was still proportionally more than other cybersecurity incidents³. Ransomware actors likely select smaller enterprises and individuals alongside ‘big game’ targets, since these victims likely have less-mature cyber security capabilities. The NCSC provides guidance for all victims of ransomware to protect themselves and respond to a ransomware attack.

_______________________________________

³ NCSC, 2023/2024 Annual Cyber Threat Report, https://www.ncsc.govt.nz/resources/ncsc-annual-cyber-threat-reports/2024-web

  • Billing fraud and false invoices

    man with headphones sat at table man with headphones sat at table

What is billing fraud and false invoicing?

Fraudsters may pose as legitimate suppliers or send fake invoices, tricking businesses into paying for goods or services they never received. Insiders could also alter billing systems or inflate invoices to steal money. These scams cause financial losses and can harm vendor relationships. Without proper checks, billing fraud can go unnoticed, resulting in product or service shortages and threatening your business’s financial stability.

  • Authorised Push Payment (APP) fraud

    woman holding plant woman holding plant

What is account-to-account payment fraud?

Account-to-account payment fraud occurs when fraudsters trick victims into authorising transactions. Often fraudsters will impersonate an individual or organisation, such as a bank or a parcel delivery service and trick the victim into transferring money from their account into an account held by the fraudster. Typically, the fraudster will contact the victim via telephone, text message or email to trick them into handing over their personal details or passwords. 

  • Remote purchase / card-not-present fraud

    two women in clothes shop two women in clothes shop

What is remote purchase / card-not-present fraud?

Remote purchase fraud occurs when a fraudster steals financial information through phishing, malware or data breaches, enabling them to make fraudulent purchases. This is referred to as card-not-present (CNP) fraud when stolen card details are used for online or phone purchases without the card being physically present. This type of fraud can lead to significant financial losses for businesses through chargebacks, as they are often held responsible for recovering the money lost by the customer.

26 % The number of card-not-present (CNP) fraud cases increased by 26% globally in 2024⁴.

_______________________________________

 The Payments Association, Half Year Fraud Report 2024, Oct 2024, https://www.ukfinance.org.uk/policy-and-guidance/reports-and-publications/half-year-fraud-report-2024

 

  • Fraudulent chargebacks

    person cutting flowers person cutting flowers

First Party Misuse

First party misuse happens when customers falsely dispute transactions, claiming they were unauthorised, or they have not received the product. This causes funds to be returned to the customer, leading to financial losses and reputational damage for the business.  Businesses face the challenge of proving legitimate transactions, plus risk penalties, higher fees, or even losing their merchant accounts if chargebacks become excessive.

45 % First-party misuse impacts nearly half of merchants globally⁵.

_______________________________________

 Merchant Risk Council. 2024 Global Payments and Fraud Report 25th Edition, March 27, 2024 https://info.merchantriskcouncil.org/hubfs/Reports/Fraud%20Reports/2024_Global_Payments_and_Fraud_Report.pdf

 

  • Skimming fraud

    woman sat at reception desk woman sat at reception desk

What is skimming fraud?

Skimming fraud occurs when criminals use a device, called a skimmer, to steal credit or debit card information. These devices are secretly attached to card readers at places like ATMs, petrol pumps, or self-service checkouts. The skimmer captures the magnetic stripe data from the card, which criminals can then use to create counterfeit cards or make unauthorised purchases. Fraudsters may also use hidden cameras or overlays to capture PIN numbers, allowing them to make withdrawals or fraudulent transactions with the stolen information. Skimming can lead to significant financial losses for businesses and customers.

  174 % Skimming attacks increased by 174% globally between June and November 2022 compared to the previous six months⁶.

Tackling fraud: How ready is your business?

Businesses can stay one step ahead of fraudsters by taking a proactive approach. It’s important to teach yourself, as well as your employees and customers how to spot the risks and stay safe.

Here are eight key strategies to fight fraud:

Get more help on tackling fraud

shield icon

Practical Business Skills: Security and fraud

Learn what steps you can take to prevent fraud and data theft to protect your business and your customers on the Practical Business Skills website.

Useful resources

Case studies, comparisons, statistics, research, and recommendations are provided “AS IS’ and intended for information purposes only and should not be relied upon for operational, marketing, legal, technical, tax, financial or other advice. Visa Inc. neither makes any warranty or representation as to the completeness or accuracy of the information within this document, nor assumes any liability or responsibility that may result from reliance on such information. The information contained herein is not intended as investment or legal advice, and readers are encouraged to seek the advice of a competent professional where such advice is required.