How quickly must I report card fraud?

Report as soon as you discover it. The sooner you report, the better your chances of full recovery. Banks generally require you to report within a reasonable time. Leaving it weeks or months before reporting may affect your ability to claim.

What is card skimming and how does it work?

Card skimming involves criminals attaching a small device to an ATM or EFTPOS terminal that reads and copies your card's magnetic stripe data. A hidden camera or false PIN pad captures your PIN. The fraudster then clones your card and makes withdrawals or purchases.

Does travel insurance cover card fraud overseas?

Some travel insurance policies include a benefit for fraudulent use of cards stolen during your trip. Check your policy wording. Your bank's zero-liability guarantee may also apply to overseas transactions — check with your bank before travelling.

Personal Protection Guide

Card & Payment Fraud

Unauthorised use of your debit or credit card — from skimming and cloning to online purchases you didn't make.

$100m+

Card fraud losses per year

5 major banks

Banks offering zero-liability protection

Up to 100%

Fraud recovery rate with prompt reporting

ASAP

Time to report for full protection

What is Card & Payment Fraud?

Card fraud is the most common form of financial fraud. It includes card skimming at ATMs and EFTPOS terminals, card cloning, "card not present" fraud (online purchases with stolen card details), and contactless tap fraud. All major banks offer zero-liability guarantees on eligible accounts when fraud is reported promptly.

Your first line of defence is your bank's fraud protection. All major banks — ANZ, BNZ, ASB, Westpac, and Kiwibank — guarantee to reimburse unauthorised card transactions provided you follow their security requirements and report fraud quickly. Card fraud is generally the most straightforward type of fraud to recover from.

Written by FraudInsurance Editorial Team·Updated May 2026

What Card & Payment Fraud Involves

Unauthorised purchases made in-store or online
Card skimming and cloned card transactions
Contactless tap-and-pay fraud
Card details stolen in a data breach
Transactions made after a lost or stolen card report

How to Protect Yourself

1Enable real-time transaction alerts on your banking app
2Use virtual card numbers for online purchases where possible
3Check for skimming devices at ATMs and EFTPOS terminals (look for loose fittings)
4Cover your PIN when entering at terminals
5Never share your card details or PIN via phone, email, or text
6Report lost or stolen cards immediately to your bank

What is Card and Payment Fraud?

Card and payment fraud encompasses a range of criminal activities involving the unauthorised use of your debit or credit card details to make purchases or withdraw money. It is the most commonly experienced form of financial fraud, affecting hundreds of thousands of New Zealanders each year. Card-Not-Present (CNP) Fraud: The most prevalent form, CNP fraud involves criminals using your card number, expiry date, and CVV to make online purchases without needing the physical card. Card details are obtained through data breaches, phishing attacks, skimming devices, or purchase from other criminals on darknet markets. Card Skimming: Criminals attach devices to ATMs, EFTPOS terminals, or petrol station payment points that copy the magnetic stripe data from your card as you use it. A separate camera or overlaid keypad captures your PIN. The criminal then creates a cloned card or uses the data for CNP fraud. Stolen Card Use: Physical theft of your card, followed by use before you report it stolen. Contactless payment limits have reduced the impact of this form, but purchases below contactless limits can still be made before a stolen card is cancelled. Contactless and Tap Fraud: Using a stolen card for contactless transactions below the threshold requiring PIN, or in rare cases, using specialist equipment to skim contactless card data in public. The contactless fraud risk is lower than some consumers fear — the technology includes protections — but physical card loss still creates immediate exposure. Account Takeover Leading to Card Fraud: Criminals who gain access to your online banking can issue themselves new cards, change delivery addresses, or initiate transfers. This is technically account takeover (covered separately on this site) but the end result overlaps with card fraud.

How NZ Banks Protect You from Card Fraud

All five major New Zealand banks — ANZ, BNZ, ASB, Westpac, and Kiwibank — have adopted zero-liability policies for card fraud, meaning they will reimburse you for unauthorised transactions subject to specific conditions. Understanding what these guarantees actually cover is essential. ANZ Fraud Protection: ANZ's Online Banking Security Guarantee commits to reimbursing losses from unauthorised transactions where you have taken reasonable security precautions and reported the fraud promptly. This covers internet banking fraud and card fraud on ANZ accounts. BNZ Online Banking Guarantee: BNZ guarantees to reimburse any losses resulting from unauthorised transactions where you have complied with their security requirements, including not sharing your access credentials and reporting fraud immediately. ASB Zero Liability: ASB's fraud protection covers losses from unauthorised card transactions provided you report them promptly and haven't shared your PIN or contributed to the fraud through negligence. Westpac Online Banking Guarantee: Westpac covers unauthorised online transactions and card fraud under their guarantee, with the requirement that you report fraud promptly and maintain appropriate security on your accounts. Kiwibank Security Guarantee: Kiwibank offers equivalent protection for unauthorised transactions, with the same fundamental conditions around prompt reporting and reasonable security. The conditions for coverage are consistent across all five banks: the transaction must be genuinely unauthorised (you did not make it), you must not have contributed to the loss through gross negligence (such as writing your PIN on your card), and you must report the fraud as soon as you become aware. Meeting these conditions makes card fraud one of the most recoverable fraud types.

When Banks Won't Reimburse You

While bank zero-liability guarantees provide strong protection for genuine card fraud, there are important categories where banks may decline to reimburse — and understanding these limitations is important. Authorised Payment Fraud: If you were deceived into voluntarily authorising a payment — for example, by a phone scammer impersonating your bank, or a fake online seller who took payment but never delivered — the bank may not consider this an "unauthorised" transaction. You authorised the payment; the fact that you were deceived is a separate matter. This is a critical limitation of bank fraud protection and covers many of the most common and costly scam scenarios. Gross Negligence: If you shared your PIN with someone, wrote your PIN on your card, or allowed someone else to use your card, the bank may argue you contributed to the fraud and decline reimbursement. "Gross negligence" is interpreted differently by different banks and is sometimes the subject of Banking Ombudsman disputes. Delayed Reporting: If you discover fraud on your account but delay reporting it for weeks or months, banks may reduce or decline reimbursement on the basis that prompt action could have limited the loss. Report immediately — there is no benefit in delay. Merchant Disputes vs Fraud: If you made a payment and the merchant did not deliver as agreed, this is a dispute or potential chargeback situation, not a fraud claim. Chargebacks have their own process through your bank. Card fraud is specifically about transactions you did not authorise or intend. Conditions Not Met: Each bank's guarantee has specific conditions. If you failed to enable security features the bank made available, or if you shared your credentials in violation of the bank's terms, this can affect your claim. Read your bank's guarantee documentation.

What to Do If You're a Victim of Card Fraud

If you discover unauthorised transactions on your card or bank account, act immediately. The steps below should be taken in order. Step 1 — Contact Your Bank Immediately: Every bank has a 24-hour fraud line. Call the number on the back of your card — not any number you find in an email or text, which could be a scam. Report the specific transactions you are disputing and ask the bank to: - Block the compromised card immediately - Issue a replacement card - Open a fraud dispute for the specific transactions - Apply additional security monitoring to your accounts Step 2 — Freeze Your Card via the App: Most banking apps allow you to freeze your card instantly. Do this while you are waiting for the bank to answer if the fraud line is busy. This prevents any further transactions. Step 3 — Report the Specific Transactions: When speaking to your bank, be specific about which transactions you are disputing, when you noticed them, and whether your card has been in your possession. If your card was lost or stolen, confirm when you lost it. Step 4 — Change PINs and Passwords: If you suspect your PIN was compromised (e.g., through skimming), change all PINs and online banking passwords immediately. Use the bank's secure app or website — not a link from an email or text. Step 5 — Monitor Your Other Accounts: Card fraud is sometimes a precursor to broader account compromise. Check all your accounts for unusual activity. Escalation: If your bank declines your fraud claim or the resolution is unsatisfactory, you have the right to escalate internally within the bank and then to the Banking Ombudsman (0800 805 950 or bankomb.org.nz). The Ombudsman resolves disputes between banks and their customers for free.

Scams That Look Like Card Fraud But Aren't

Many people contact their bank expecting card fraud protection for losses that are legally classified as something different — and are therefore subject to different (and typically weaker) protections. Understanding this distinction is important. Push Payment Scams: You receive a call, text, or email convincing you to transfer money to a "safe account" (typically impersonating your bank's fraud team), to pay a fake invoice, or to help with an investment opportunity. You initiate the transfer through your own banking app. From the bank's perspective, this was an authorised payment — you made it, using your login, following your instructions. This is a scam, but it does not meet the definition of card fraud or an unauthorised transaction. Phone Banking Scams: Criminals call you impersonating your bank, extract your security credentials, and then use those credentials to access your account. Whether this constitutes "unauthorised" depends on whether you wilfully gave them access or were deceived — banks treat these cases differently. Online Marketplace Fraud: You pay for something on a marketplace and never receive it. This may be a merchant dispute (chargeback process) rather than card fraud. If you paid by credit card, you have stronger protections than if you paid by bank transfer. Investment or Romance Scam Payments: You send money to an investment platform or person that turns out to be fraudulent. These are authorised transfers from your bank account and are not covered by card fraud protection. The bank may attempt a recall if you report quickly, but there is no guarantee of recovery. Understanding these distinctions helps set realistic expectations and reinforces the importance of never authorising any payment under pressure without independent verification.

How to Protect Yourself from Card Fraud

The most effective card fraud prevention combines good habits, technology features, and prompt reporting when something looks wrong. Enable Transaction Alerts: All major NZ banks offer real-time push notifications for card transactions via their banking apps. Enable these — they are the fastest way to detect unauthorised transactions. If a transaction fires an alert that you didn't initiate, you can freeze your card and call the bank within seconds. Use Virtual Card Numbers for Online Shopping: Many banks now offer virtual card numbers for online purchases — single-use or limited-use card numbers that cannot be used for in-person fraud even if compromised. This significantly reduces CNP fraud exposure for regular online shoppers. Inspect ATMs and EFTPOS Terminals: Before inserting your card, look for anything that appears to be an addition to the machine — loose fittings, mismatched colours, or overlaying panels around the card reader. Legitimate terminals are securely fitted. If something looks wrong, use a different machine and report to the bank. Cover Your PIN: Always shield your PIN entry with your free hand, even at terminals with overhead cameras. Skimming devices are almost always paired with a PIN-capture mechanism — denying them your PIN prevents card cloning from working. Never Share Your PIN or Card Details: No legitimate organisation — your bank, IRD, NZ Police, or any other entity — will ask for your PIN or full card number over the phone, by email, or by text. If asked, it is a scam. Report Lost or Stolen Cards Immediately: The sooner you report a lost or stolen card, the less exposure you have. Every major bank has a 24-hour card cancellation line. The few minutes to make this call could save hundreds or thousands of dollars.

The Future of Card Fraud Protection in NZ

The landscape of card fraud protection is evolving, both in terms of the threats and the regulatory response. Understanding where things are heading helps you make informed decisions about your protection strategy. Mandatory Reimbursement Codes Under Discussion: New Zealand is watching international developments carefully. In the UK, banks are required by regulation (via the Payment Systems Regulator) to reimburse victims of Authorised Push Payment (APP) fraud — the category that covers most phone and online scams. Australia has adopted a similar framework. A mandatory Scam Code for New Zealand has been discussed at government and industry level, though as of mid-2026 no mandatory code has been enacted. If adopted, this would significantly strengthen protection for scam victims. EMV Chip and PIN Technology: The introduction of chip-and-PIN technology has dramatically reduced in-person card cloning (skimming). Card-not-present fraud has increased as a consequence — criminals shifted to online fraud when in-person fraud became harder. The next frontier is strengthening online transaction authentication. What NZ Banks Are Doing: All five major banks continue to invest in fraud detection technology — machine learning systems that identify unusual transaction patterns and automatically flag or block suspicious transactions. Real-time transaction monitoring has improved significantly, and most banks now block obviously suspicious transactions before they are processed. When your bank calls or texts to verify an unusual transaction, take it seriously and respond promptly. Biometric Authentication: Banking apps increasingly use biometric authentication (face ID, fingerprint) instead of or in addition to passwords. This strengthens account security and reduces the risk of credential theft enabling card fraud via account takeover. The advice for consumers remains consistent: enable all security features your bank offers, monitor your accounts closely, and report any anomaly immediately.

Frequently Asked Questions

Yes — all five major banks (ANZ, BNZ, ASB, Westpac, Kiwibank) offer zero-liability guarantees on eligible accounts for unauthorised card transactions. You must report the fraud promptly and have followed the bank's security guidelines (e.g., not sharing your PIN). Contact your bank immediately if you spot unauthorised transactions.