Your Kogan Money Credit Card
Setting up your Kogan Money Credit Card
1. Set up and activate your card
Your new credit card can be ready to use in a few simple steps. Download the mobile app or set-up your online account, then follow the instructions to activate your card. Make sure you have your credit card and mobile phone handy as we may send you an SMS as part of the set-up process.
2. Set up your account on your mobile
Download the Kogan Money Credit Cards Mobile App and set up login credentials.
3. Set up your account online
Go to cards.koganmoney.com.au, and log in using the Kogan Money Credit Cards User ID that has been sent to you, and the password that you created during your Card application.
Other useful information
Once you’ve set up your Kogan Money Credit Card account, please log in and verify we’ve got all the right information:
- Verify your contact details by going to My details under Profile Settings
Your statements
How can I better understand my statement?
Reading your credit card statement is important, but understanding what you read is essential. That’s why we’ve provided the following list of definitions for common terms you’ll come across.
- The Minimum Payment Due is the minimum amount you need to pay by the payment due date to keep your account up to date. You will also need to pay any Overlimit Amount or Overdue Amount immediately.
- The Payment Due Date is the date specified in your statement of account as the date by which payment of the Minimum Payment Due must be made.
- The Closing Balance is the total amount outstanding on your account at the statement date. This includes any Instalment Plan balance not yet due for payment and any Balance Transfer balance.
- The Interest Free Days Payment is the amount to pay in full by the due date each month, to keep the benefit of an interest free period you may have, or to start an interest free period on any retail purchases.
- The Available Credit is the amount of credit you have available to spend. This is your credit limit less your current balance.
- The Payment Options section at the bottom tells you how you can make a payment on your account including via BPAY® and Direct Debit.
- The next page of your statement shows transactions this statement period. This section goes into more detail about individual transactions you’ve made on your credit card since your last statement. Remember, if you’ve made a purchase towards the end of your statement cycle it might appear on your next statement rather than your current one.
- International transactions, which refer to transactions facing a merchant or establishment outside Australia, will usually appear as:
- A line item for the Australian Dollar equivalent of the foreign currency amount (and sometimes includes the international transaction fee)
- A narration below that line item, with information we have available about the international transaction. This may include
- the international transaction fee charged when it’s added into the Australian Dollar amount. When it’s not, this will appear as a separate line item.
- the date of the foreign transaction, which could be in then MM/DD/YYY format (i.e. the month as the first two digits, sometimes called the “American date format”),
- the name of the merchant, when it’s made available to us, and
- the amount in the foreign currency itself
Payments
Minimum monthly repayments
You must pay the Minimum Payment Due by the Payment Due Date each month as advised on your statement.
The Minimum Payment Due is:
- the greater of:
a) $25, or if the Card Balance as at the end of the Statement Period is less than $25, the Card Balance; or
b) 2.00% of the Card Balance as at the end of the Statement Period (rounded up to the nearest dollar) - plus any Monthly Instalment, Initial Interest Charge, Instalment Fee or related interest on any of them that is part of an Instalment Plan for that Statement Period.
BPAY®
You can use BPAY to make your repayments. Here’s what you’ll need:
- BPAY® Biller Code: 266650
- Customer Reference Number (CRN): This is your Kogan Money Credit Card account number, which you’ll find on your statement.
Keep in mind, BPAY® payments can usually take up to three business days to process. To avoid late fees or extra charges, check the cut-off and processing times to make sure your payment can be received before the Payment Due Date (listed on your statement).
Direct Debit Request (AutoPay)
Direct Debit Request (AutoPay) can be a convenient way to automate your monthly credit card repayments – reducing the hassle of having to remember due dates. Once set up, your repayments will automatically be deducted each month from the bank account you choose. Your chosen account must be in your name, and there must be enough funds available on the Payment Due Date (listed on your statement) to avoid missed payments and subsequent fees or charges.
How to set up a Direct Debit Request (AutoPay)
- Go to koganmoney.com.au/important-information
- Download and print the Direct Debit Request (AutoPay) form
- Complete and sign the form
- Return your completed form to us via the email or mailing address provided
You have 3 different payment options for your Direct Debit Request (AutoPay):
- Total Minimum Payment Due – as shown on your monthly statement. This may include Overdue and Overlimit amounts.
- Fixed Payment – an amount of your choosing. This amount must be $25.00 or more. We will debit the fixed amount that you enter or the Total Minimum Payment Due, whichever is greater. If the Closing Balance on a monthly statement is less than the fixed payment amount, the Closing Balance amount will be debited.
- Full Payment (Closing Balance or Interest Free Days Payment) – This will debit the Closing Balance or the Interest Free Days Payment if you have an Instalment Plan or Balance Transfer. The Interest Free Days Payment excludes Instalment balances not yet due and Balance Transfer amounts (including any amount owing after the Balance Transfer promotional period expires). If you want to reduce Balance Transfer amounts, you’ll need to make extra payments.
Things to be aware of
Additional payments received between the statement date and the day before the Payment Due Date may not reduce the direct debit payment amount. However, we won’t debit more than the Closing Balance on your statement or an amount that would bring your account into credit.
It can take up to 2 business days for your Direct Debit Request (AutoPay) payment to be cleared from the bank account you have nominated to be debited. Until the payment is cleared, these funds will not be available for use.
Contacting us about your Direct Debit
If you wish to notify us in writing about anything relating to a Direct Debit agreement, you should write to us at:
Kogan Money Credit Cards
GPO Box 9992
Melbourne VIC 3001
You may also contact us via Chat in the Kogan Money Credit Cards App or Online.
Available Credit Limit
When you make a payment to your account, through direct debit or BPAY, using your Kogan Money Credit Card number as your customer reference number, the available limit is updated for you once the payment is processed.
Pay bills with your card
You can make one-off or recurring bill payments with BPAY® through the Kogan Money Credit Cards Mobile App or Online.
BPAY® payments to existing billers
Log in to your account
- Select Pay
- Scroll to Make payments
- Select Pay a Bill (BPAY®)
- Choose an account to pay from
- Choose a saved biller to pay
- Follow the prompts
BPAY® payments to new billers
- Log in to your account
- Select Pay
- Scroll to Make payments
- Select Pay a Bill (BPAY®)
- Choose an account to pay from
- Scroll to Add new biller and follow the prompts
Please note, payments submitted before 6:00pm AEST/AEDT on a business day are usually received in one business day.
Payments submitted after 6:00pm AEST/AEDT or anytime on a weekend/public holiday are usually received in two business days.
Interest free period
You can receive up to 44 days interest free. The Interest Free Period applies to Retail Purchases when you pay the Closing Balance or the Interest Free Days Payment (if you have a Balance Transfer or Instalment Plan) in full by the Payment Due Date.
Managing your account
Updating your personal details
It’s really important to keep us up to date with your contact details, especially your email address as this is where we’ll send your monthly card statement as well as any other important information relating to your accounts.
It is easy to keep your details updated. Log into Kogan Money Credit Cards Mobile App or Online and then go to My details under Profile Settings.
If you need to change your name, you will need to contact us first as we will need to explain what documents we need from you. As soon as we get them we’ll arrange to update your name on your Kogan Money account and send you your replacement cards.
Balance transfers
A Balance Transfer involves transferring the balance(s) on your other credit cards or loans to your Kogan Money credit card at a promotional rate for a set period of time. It can be a great way to save on interest charges.
Once your balance(s) has been transferred, you will need to close the other credit facilities you transferred balances from, as this will not occur automatically.
A Balance Transfer lets you:
- Use up to 80% of your credit card limit to pay down your balances on other credit cards or loans
- Take advantage of a lower interest rate for the promotional period of the balance transfer
Please note that a Balance Transfer fee may apply, calculated as a percentage of the transferred balance, that is added to the total amount.
For more information about balance transfers, please refer to our FAQs.
To process your Balance Transfer, we use your other card number to BPAY the Balance Transfer request. If your BPAY reference number for your other card isn’t your credit card number, we won’t be able to complete the Balance Transfer.
Credit limit change
You can request a decrease to your Credit Limit, but please note that your Credit Limit can’t be lower than your card’s minimum (the minimum limit for Kogan Money Black Card is $6000) or your current outstanding balance. To decrease your Credit Limit log into your Kogan Money Credit Cards Mobile App or Online and from the home screen tap Manage Card > Change your credit limit > Decrease credit limit.
Report your card lost or stolen
You can report your card as lost or stolen through Kogan Money Credit Cards Mobile App or Online. Go to Manage card > Replace card.
Alternatively, you can chat with us or call us on 1300 415 445 or +61 2 8908 6196 from overseas, 24 hours a day, 7 days a week.
Closing your account
Please contact us via Chat in the Kogan Money Credit Cards Mobile App or Online.
Cancelling a recurring payment
A recurring payment is where you have given your credit card details (card number, expiry date and CVV) to allow a merchant or service provider to charge your Card regularly to pay for the services they provide you.
- The quickest way to cancel the recurring payment is by contacting the merchant directly.
- If you have cancelled a recurring payment, and the merchant continues to debit your Card, please contact us and we can help to stop future payments being made to them.
IMPORTANT THINGS TO REMEMBER WHEN CANCELLING A RECURRING PAYMENT
Cancelling your recurring payment does not cancel your contract with the merchant. If you still have a valid contract with a merchant and you’ve cancelled a recurring payment, you’ll need to make alternate payment arrangements with them. Or if you no longer require their services, you’ll have to cancel your agreement with them where possible.
We’ll process a recurring payment cancellation request within 5 business days.
How do I dispute a charge on my credit card?
A transaction dispute occurs when you question a transaction charged to your credit card account.
We aim to make the experience as easy for you as possible if you find yourself needing to dispute a transaction, by providing you with detailed information on the steps involved. Visa have set rules and timelines for the dispute process, which can sometimes take up to 120 days to resolve.
We have also included some handy tips that may assist in avoiding future disputes.
Transaction dispute guidelines
- If your dispute is not about a suspected fraudulent transaction, we strongly suggest you attempt to resolve the dispute with the merchant or service provider.
- Visa have a formal dispute process with set timeframes that we must follow. To allow us to help you resolve your dispute, you must contact us immediately, by one of the options provided on our contact us page when you identify a suspicious transaction – this should be within 60 days of the transaction date.
- For us to act on your behalf, we will also need you to provide us with all the available information you can, as well as any relevant supporting documentation specific to the transaction in question.
- The merchant’s bank will respond with confirmation of reversal of the charge, or a request for more information. We will contact you by email if further information is required – please ensure that you respond within the timeframes as advised on the correspondence to ensure that we can continue your transaction dispute.
- Dispute cases can take up to 120 days depending on the nature of the dispute, and it is important for you to stay in contact with us and assist with the investigation until a resolution is achieved.
Cardholder Cancellation FAQs
Example – Not being permitted to board an operating flight due to your nationality or medical symptoms, or you cannot reach a hotel stay due to border closures.
Generally we do not have chargeback rights if you cannot use or access services made available by a merchant, as the merchant has fulfilled its obligations linked to the transaction. This also applies to non-airline merchants, such as hotels and other venues that kept their obligations to deliver services.
We suggest you check the merchant or service provider terms and conditions relating to their cancellation policy.
Generally, we do not have chargeback rights if the merchant was willing and able to provide the services to you. This is because you didn’t cancel the reservation as per the cancellation policy.
However, if you made reasonable attempts to cancel the reservation but were unsuccessful, this may be sufficient for chargeback if supported by documentation of the attempted cancellations.
Generally we do not have chargeback rights for the subsequent missed service unless you are entitled to a refund as per the merchant terms and conditions properly.
Merchant Cancellation FAQs
Yes, there are chargeback rights when services are not provided, including when they are cancelled by a merchant due to government restrictions, insolvency or other exceptional circumstances, unless the merchant has a right to provide you with reasonable alternatives based on the terms and conditions, or based on applicable government legislation or regulation.
You would usually have chargeback rights for the entire travel package that was purchased. However, whether the issuer has chargeback rights for the entire transaction amount, or only a partial transaction amount, will depend on the travel package terms and conditions properly disclosed at the time of the purchase.
Note: If you created your own itinerary and booked each item separately, then the flight cancellation would not give rise to chargeback rights on the other separately booked services. You would need to cancel the hotel, tour, cruise etc., individually, within the required merchant cancellation terms and conditions disclosed at the time of the booking.
Example – The merchant has shipped the goods but due to quarantines or travel delays the package has not arrived. Does the issuer have chargeback rights?
Yes. As always, the merchant is responsible for ensuring the goods reach you by the latest expected delivery date. If the goods are expected to arrive late, we encourage you to be patient and flexible to avoid the need for a chargeback.
Travelling overseas
Ensure you are ready to make the most of your travel experience with these tips.
Update your mobile number
It’s important that you make sure we have the mobile number that you’ll be using while overseas, so that we can contact you if there is any suspicious activity on your account. You will also need your mobile number to receive your One-Time PIN (OTP). You can update your mobile number by logging into the Kogan Money Credit Cards Mobile App or Online.
Check the expiry date on your Card
Have a look at your credit card before you leave. If your Card is due to expire or it will expire when you are overseas and you haven’t received your new card, please contact us to assist.
Know your PIN
Make sure you know the PIN for your credit card as some countries require a PIN to make purchases. Simply go to the Kogan Money Credit Cards Mobile App or Online to create or change your PIN.
More travel tips
Check out www.smartraveller.gov.au – this Government website has handy travel tips, advice and all the latest travel advisory warnings.
If your card is lost or stolen, please call us immediately on +61 2 8908 6196 from overseas, 24 hours a day, 7 days a week.
How to reduce credit card interest
Paying off your Closing Balance
The best way to reduce the amount of credit card interest you pay, is to pay off your Closing Balance by the Payment Due Date displayed on your statement.
The Closing Balance is the total amount outstanding on your credit card account at the end of the Statement Period.
If you want to pay off your entire credit card debt as at the end of the Statement Period, you’ll need to pay the Closing Balance. If you pay this amount by the Payment Due Date, you won’t be charged interest on your purchases because purchases have an interest free period.
Pay more than your Minimum Payment Due
Firstly, pay any Overdue amount immediately.
If you can’t pay the Closing Balance in full each month, consider paying a little more than your Minimum Payment Due instead.
By paying a little a little more than your Minimum Payment Due each month, you can pay off your credit card debt faster and pay less interest. Check out the ASIC Repayment Calculator to see how much you can save by making higher repayments.
The thought of paying that little bit extra can be daunting. A budget might help you stay on top of your expenses and even help you work towards paying off your credit card balance in full.
Take advantage of your interest-free period
We offer up to 44 days, interest free for retail purchase transactions. This does not mean you get 44 interest-free days for every retail purchase transaction. If you’re not already paying retail interest, the ‘up to’ 44 days begins when you make a transaction and ends on your Payment Due Date. This is what we mean by ‘up to’.
If you have a balance transfer or instalment plan, you’ll need to pay the Interest Free Days Payment shown on your statement by the due date each month, to keep the benefit of an interest free period you may have, or to start an interest free period on any retail purchases.
If you don’t pay the full Closing Balance, or the Interest Free Day Payment amount if you have a Balance Transfer or Instalment Plan, by your Payment Due Date, you’ll be charged interest from the day after the Payment Due Date. This interest is charged against everything you’ve purchased during the Statement Period, minus any payments you’ve made.
Avoid cash advances, if possible
A standard cash advance is withdrawing cash from your credit card account. Since this isn’t considered a purchase, interest-free days don’t apply. This means interest starts to add up from the date you make the withdrawal.
Cash advances should be a last resort or in case of an emergency. If you need cash, it’s a way to get it if you’re stuck. But remember, the interest charged for cash is higher than the interest charged on purchases, so try to pay it back as soon as possible.
Other cash advance examples include:
- cash out from your credit card account at an ATM, or over the counter
- bills paid with your credit card over the counter at another bank or at a post office (online bill payments are usually okay, but you should check with your biller first)
- traveller’s cheques or gift cards
Get in touch if you’re facing financial difficulty
You can visit our Extra Care hub or contact us if you need assistance.
Kogan Money Credit Cards Online Security Hub
Take care of yourself online and everywhere else, when using your credit card.
How to identify spam and phishing messages
Identifying and managing spam
Spam refers to unsolicited junk emails that are sent to large numbers of people at once. Spam emails are typically advertising fake products or get rich quick schemes. Don’t bother unsubscribing from spam emails; this just confirms to spammers that your email address works and that they should keep spamming you. The most effective way of managing spam emails is to use your email settings to send these emails to your junk folder.
What is phishing?
Phishing (pronounced fishing) emails are more sinister than spam. They’re designed to convince you to provide personal information like:
- a mobile phone number
- usernames and passwords
- credit card details or bank details.
You’re in control with phishing emails
Criminals use email for the same reason legitimate business do, it’s a cheap way to get to a lot of people. The phishing email you receive was probably sent to several thousand other people as well. You can outsmart these criminals by taking a few seconds to look for the signs that something is up. Phishing emails often pretend to be from legitimate companies such as banks, courier companies, or government departments, and can contain links to fake websites. These fake sites look very similar to the real ones, including ours, and are designed to convince people to provide their bank details. Our Security team monitor the Internet for fake websites and request to have them removed from the Internet to protect our customers. Sometimes the emails will have an attachment that appears to be an invoice, or document. When you try to open the attachment, it installs malware on to your computer without your knowledge.
Here are a few signs the email you received may be a phishing email.
- Sender address this might be unusual, misspelled or slightly different from the correct address.
- Generic greetings and sign offs Phishing emails are sent out to hundreds of people at once so use generic greetings and sign-offs.
- Poor grammar and spelling This can be a tell-tale sign, but it isn’t always the case. Remember, criminals can use spell check too.
- Creating a sense of urgency Phishing emails will often encourage you to click a link or download an attachment to avoid a problem to create a sense of urgency. Always read an email carefully before taking any action.
- Suspicious links and fake websites If you receive an email with a suspicious link, hover over the link with your mouse to see the actual web address the link leads to – it could lead to a fake website.
- Malicious attachment often an attachment will appear to be a PDF, image or Office file, but when you try to open the document, it tries to run a program or script intended to infect your computer with malicious software.
- QR code phishing (‘Quishing’) Criminals are increasingly using QR codes in phishing messages, as they may bypass email spam filters designed to detect malicious content. When scanned by a mobile phone, the QR code image will open a website which may contain malware, or a phishing site designed to encourage people to provide personal details.
SMS phishing
It’s not just email anymore. Cyber criminals are using other channels like SMS to conduct phishing. These fraudulent text messages use the same tactics as phishing emails, often pretending to come from a legitimate company.
Because text messages seem more personal, these messages are often not questioned in the same way as suspicious emails. Criminals can set the sender name of an SMS to anything they like. It’s the same as when you send a letter in the post; you can write whatever sender address you like on the back – it doesn’t have to be your real name or address. Sometimes criminals set the sender name as “Kogan Money”, meaning that malicious SMS messages can appear in the same message thread as legitimate SMS messages.
This can be confusing – but trust your gut. Kogan Money Credit Cards will never send you a link to “verify your identity” or ask you to log in directly from an email or SMS. These messages are not a sign that systems have been breached in any way – it simply means a criminal is impersonating our brand.
File sharing phishing
Increased use of file-sharing services such as Dropbox, Google Drive and OneDrive has led to an increase in fake emails pretending to be links to documents.
In reality, these emails contain links to lookalike file-sharing websites designed to steal your credentials or download malicious software on to your computer.
What to do if you get ‘phished’
If you suspect an email or text message, don’t respond to requests for information and don’t click on any links or open attachments, even if there’s a sense of urgency.
If you receive a suspicious email or text message pretending to be from us, report it immediately to us via Kogan Money Credit Cards Mobile App or Online Servicing.
Keep you mobile devices and apps secure
Your smartphone is a direct portal to your identity and your life. Your device is likely to hold more personal information about you, your family, friends and work than you would store in your home or office. You must protect it.
Why your mobile device must be secure
Your smartphone or tablet connects you to the internet so that you can carry out daily tasks from wherever you are. Your device is a key to access the information about yourself that you store online. That includes Online Servicing passwords, credit card details, personal and work connections, photos and videos and everything that identifies you, as you.
Getting access to this information is a lucrative business for cyber criminals. If they can find a weak spot they could:
- steal your identity
- steal your money
- use your credit card to go shopping
- infect your mobile device with malware.
Even if your mobile device is lost or stolen, and you haven’t backed up or secured your data, you could lose:
- treasured photos and videos
- all of your personal and work contacts’ details.
How to secure your mobile device
Set up your mobile device, your social media and other applications (or apps) so that it is tough for anyone to access it.
Set up device locking mechanisms
Set up a password, PIN, passcode or fingerprint pattern to unlock your mobile device. You’ll need to set up a PIN to unlock your SIM card too as it is removable and its use is what your internet provider will bill you for, so you need to protect it. Check your device’s security settings and select automatic locking to make sure your phone locks itself after a defined period of time.
Never share your passwords, PINs or passcodes with anyone. We also recommend that you do not allow others to setup their fingerprint or facial recognition on your devices either.
Keep software up to date and backup data
Set up automatic updates for applications and operating systems, so that your device is always up to date with the latest security features. Install virus protection software to protect you from malware. Always backup irreplaceable data such as photos or emails through reputable and secure Cloud storage solutions. ‘Cloud’ storage means you can get access to your information at any time through the internet. So if your mobile device is no longer in your possession, you can still access your data via the internet.
Stay invisible
When you’re not using Bluetooth, turn it off. Ignore offers of free (usually unsecured) public Wi-Fi access and ensure your mobile device is set up to only connect to secure networks you have approved. Get into the habit of regularly deleting your internet browsing history on your mobile device and closing multiple browsing tabs.
Lock out dishonest users remotely
Check if your mobile device supports remote locking or wiping functions. Provided that you regularly backup your data, if you lose your mobile device or it has been stolen, you can lock it remotely, or choose to completely wipe the data. If you don’t have these options, record the International Mobile Equipment Identifier (IMEI) of your handset. Ask your product retailer where to find this number. If your device is lost or stolen, you can report the IMEI number to your billing provider and they can block your device remotely.
Develop secure mobile device habits
Get into the habit of the following behaviours to keep your mobile device secure:
- Log out of websites, such as your Kogan Money Cards Online account, when you’ve finished using them.
- Close multiple internet browsing tabs.
- Only download apps from trusted online stores such as Google Play or the iTunes Store.
- Review the privacy permissions carefully before you install a new app on your mobile device.
- Never store passwords anywhere other than through a reputable password keeper app downloaded from Google Play or iTunes Store.
- Don’t use a jailbroken /rooted device. This refers to an iOS/Android device which has bypassed the security settings in order to remove software restrictions (usually in order to install software not approved by the App Store or Google Play). This significantly decreases the security of the device.
What to do if someone gains unauthorised access to your mobile device
If your mobile device is lost, stolen or has been hacked (that is, someone has gained unauthorised access to your device and your data), there are ways to protect your identity and data:
- If you’re sure you can’t recover your mobile device and you’ve set up your remote locking or data wiping functions, activate these functions.
- Contact your telephone service provider immediately to report loss, theft or compromise of your mobile device. They will be able to block your service using your IMEI, or bar the service from using their network and then advise you of next steps.
If you’re concerned your identity may be at risk, check out How to keep your identity safe online for advice on where to go for help.
Six simple ways to protect your passwords
You use passwords to access your bank accounts, social media, email and more every day.
Passwords are the keys to our online identity. That’s why protecting them is so important.
Creating a strong password is the first step to protecting yourself online. This helps reduce the risk of unauthorised access by those willing to put in a bit of guesswork.
To help stay safe online, follow these password tips.
1. Make your passwords strong
Short and simple passwords might be easy for you to remember, but unfortunately they’re also easier for cyber criminals to crack.
Strong passwords have a minimum of 10 characters and a use mix of:
- uppercase and lowercase letters
- numbers
- special characters like !, &, and *.
Use passphrases
You may like to consider using a passphrase instead of a traditional password.
Passphrases are considered more secure than regular passwords, and easier to remember too.
A passphrase is used in the same way as a password but is a longer collection of words that is meaningful to you, but not to someone else.
For example, the passphrase ‘CloudHandWashJump7’ is 17 characters long and contains a range of different characters. This is more complex than the average password.
Depending on the systems you access, you may be limited to a defined number of characters.
2. Make passwords hard to guess and don’t re-use passwords
Could someone who knows you guess your passwords? For this reason, it’s best to avoid using personal information such as your children, partner or pets name, favourite football team or date of birth as your password.
When trying to hack into an online account, cyber criminals start with commonly found words and number combinations, or they use may use information exposed in data breaches. This could lead to a credential stuffing attack so, it’s best to avoid using:
- dictionary words
- a keyboard pattern like qwerty
- repeated characters like zzzz
- personal information like your date of birth or pet’s name.
Security companies publish lists each year of the most common passwords exposed in data breaches, you can read the list here. Make sure you’re not using them, because it’s likely criminals will try these passwords first.
3. Create new, unique passwords
If you need to reset a password, don’t just change one part of it. Instead of changing a number at the beginning or end, create something completely new you’ve never used before. If your original exposed password had a ‘1’ at the end, an attacker would likely try ‘2’ next. That’s why it’s important to change the whole password. Get into the practice of changing your password often, ideally every few months.
4. You must take care of PINs and other Security Codes
Never share your password with someone, not even with someone you trust.
What about family and friends?
Regardless of whom you share it with, once you share your passwords you lose control of how it’s stored or how and when it’s used.
What if a business or company I know asks for my password?
Reputable companies won’t ask you to give them your password over the phone or via emails or SMS messages. This might be a warning sign of phishing or a scam.
Kogan Money Credit Cards will never ask you for your password or PIN, either by email, SMS, over the phone or at a branch. We may ask you to provide a one-time code to verify yourself when you contact us. These messages will clearly state that we will ask you for the code.
You may not be covered for unauthorised transactions
The security of your card and security codes, including your Kogan Money Credit Cards Mobile App and Online password, is very important. As a Kogan Money Credit Cards account owner, you must:
- Keep your password, PINs and any other security codes secret;
- Use care to prevent anyone else seeing your password and other security codes;
- Not let anyone else use your password or security codes; and
- Take reasonable steps to protect a security code from loss or theft.
Compromising the secrecy of your passwords, PINs or other security codes by voluntarily disclosing them may mean you are liable for unauthorised transactions performed on your account.
5. Use different passwords for each of your online accounts
Using different passwords means that if one of your accounts is breached, criminals won’t have access to other accounts that use the same password.
Make each of your passwords for online logins unique. This will help protect you from attacks like ‘credential stuffing’.
Credential stuffing
Credential stuffing is an automated technique used by criminals. They test a user’s known username and password combinations across multiple online accounts. As many people use the same credentials for multiple sites, it can give criminals easy access to multiple accounts.
This gives criminals an opportunity to gather more information about you, which they might use to impersonate you online to access accounts under your name.
For example, it’s not a good idea to use the same password for an online pizza delivery website and your business email. If the pizza delivery site is compromised, you don’t want someone to also have access to your business email account.
6. Store passwords safely
Writing passwords down is never recommended. You could lose them, or someone else could see them and use them.
Password management tools
There are programs and apps known as password managers that will store all your passwords in a secure vault.
A password manager only needs one strong password to access it and has extremely strong protection to make sure that only you can access it.
This means you only need to remember one password to have access to all your passwords.
Password safes can even generate and store new, complex passwords for you when you create new online accounts.
Don’t allow web browsers to store your password
Some web browsers may display a pop-up message, asking whether you want the browser to remember your login details.
For the protection of your personal information, we recommend that you select ‘Never for this site’ if you see this message when Kogan Money Credit Cards Online Servicing.
For more information, check out the Australian Cyber Security Centre’s guide on creating secure passphrases.
Secure your accounts with Multi-Factor Authentication
What is MFA?
MFA is an added layer of security designed to confirm your identity when logging into an online service or account. This helps protect your accounts from being compromised by cyber criminals. MFA requires that you enter additional information to gain access to your account. It’s also referred to as ‘two-factor authentication’ or ‘2FA’.
Why MFA is important
Using MFA makes it harder for cyber criminals to break into your account than if you only use a password. With MFA turned on, if your account is compromised and the criminal has your password, they will need to enter additional information that only you can provide.
Online accounts such as banking, social media and email can contain a lot of valuable information about you. Information that could be accessed includes:
- Personal identifiable information
- Banking details
- Employment details
- Information from government agencies such as Medicare or myGov
- Personal photos and messages.
If a cyber criminal gained access to any of your accounts, they could:
- Sell your data on the black market. This could include credit card numbers, names, addresses, emails, date of birth and so on.
- Gain access to social media accounts by resetting your password.
- Send phishing emails to your contact list. These could convince your friends and family to give out personal information or install malware onto their devices.
- Send fraudulent email requests for payment. Learn how to avoid email scams.
Different types of authentication
One-factor authentication
One-factor authentication is something that only you know, like your password or PIN. Systems that use one-factor authentication only require a username (such as an email address) and a password to access them.
Two-factor Authentication
Two-factor authentication is something you know (password), plus something you have. Systems that use two-factor authentication require a username and a password, plus a one-time password or code (sent to your mobile phone, for example) to access them.
Three-factor Authentication
Three-factor authentication is something you know, plus something you have, plus something you are (a biometric input, such as a fingerprint scan to unlock your phone). Systems that use three-factor authentication require a username and a password, a one-time password or code, and some other unique biometric that identifies you.
How to set up MFA on your accounts
Below are some of the common ways to set up MFA on your accounts.
Set up MFA on Office 365
You can set up MFA on your Office 365 in the Admin centre. This will generate a phone call, text message or an in-app notification to verify your identity. Find out how to set one up on Microsoft’s step-by-step guide.
Set up MFA on Apple devices
You can enable MFA on your iOS and macOS devices. For more information and instructions, visit Apple’s guide on MFA.
Set up MFA for other accounts
To help you set up MFA for other accounts such as social media or Gmail, the Australian Cyber Security Centre has a list of helpful guides to assist you in improving your online protection.
Handy tips for using your Card securely online
You can enjoy the benefits of living life online, by simply staying in control of who can access your information when you’re connected to the internet.
Set up the basic computer security
- Choose a reputable Internet Service Provider (ISP) to provide your internet access.
- Keep your operating system up-to-date by switching on automatic updates and install them as soon as they become available. Check out Microsoft Download Centre or Apple security updates pages.
- Always type the address of the site (the URL) you want to visit in the browser’s address bar, especially when you want to shop and bank online.
- Keep your computer’s security software up-to-date, including anti-virus, anti-spyware, anti-spam and firewall products.
Review your browser settings
It’s best to use the latest version of a web browser, as these will have the latest security features.
If you’re using your Card online, it’s worth checking if the site supports the browser you’re using to make sure you’re getting the highest level of security encryption.
Get warnings when accessing secure and unsecure web pages
Only access secure sites when shopping or banking online. You can set up your browser settings to prompt you every time you leave a secure site. Go to your browser’s Help menu to find out how.
Clear your history, cache and cookies
To help your browser work better (and for security) you should clear your cache periodically. Also, for privacy reasons, you might want to clear your cache, cookies and history manually. This is always recommended if you’re using a computer in a shared public space like internet cafes, hotels or airport lounges. Go to your internet browser’s security or safety settings to choose options to clear your cache.
Make sure you’re in the right place
The safest way to access a site is to type the address into your browser. Following a link may lead you to a fake website designed to convince you to entering personal details.
Look for the green padlock and https (the s is for secure) next to the URL in the address bar of your web browser when using your Card online.
If you’re visiting a new website for the first time, and have received the website address via email or SMS, search for the website on Google, to check that the website is legitimate.
Check the spelling
Fake websites often have slight spelling errors in the address. For example, having the number 1 instead of the letter I.
Use good password management
Disable the option on your web browser to automatically remember user names and passwords. You can check your browser’s help menu for instructions.
Never share or write down a password, and make sure the password you choose is strong and would be difficult to guess. Read our comprehensive list of tips on good password management.
Take care in public spaces
If you can, avoid using shared computers in libraries, airports, cafes or hotels if you want to work, bank or shop online.
Never leave your computer unattended or unlocked and make sure you’re not observed entering passwords and personal data.
People may peer over your shoulder to read information on your laptop or other device. This is called shoulder surfing and this is how they can steal confidential or personal information while you work or bank online.
Avoid using public Wi-Fi networks
These networks can pose a risk as data can be intercepted by criminals on unsecured networks.
Avoid logging into networks with generic names (for example Netgear) or networks with the same name as you’d log into at home and use VPN (Virtual Private Network) software to protect your activity.
If a wireless network asks you to install software in order to connect, don’t accept. Cancel these requests even if they look legitimate.
Look for potential signs of malicious activity when connected to public WiFi like prompts to:
- accept new digital certificates
- install new software of updates.
A great way for older Australians to stay safe
Older Australians can find all the skills and knowledge they need to stay safe online with Be Connected. It is an award-winning Australian Government initiative empowering older Australians to thrive in a digital world. The Be Connected website is a one-stop shop with more than 150 online learning modules and 350 learning activities – and it’s all free. Visit www.beconnected.esafety.gov.au to find out more.
How to spot scam phone calls
What are scam calls?
Criminals may call you, impersonating a government agency such as the Australian Tax Office (ATO), an energy or telecommunications provider, Australia Post, a bank, an online marketplace or the police.
The call may also appear in your phone as coming from a contact number you may recognise, possibly even your bank. Criminals can use technology to change the way their number appears in your phone. This is called spoofing and can also happen via SMS. Learn more about SMS phishing.
What is ‘spoofing’?
These scam calls aim to pressure you into providing your personal information. The caller may threaten you with expensive fines or tax bills, arrest or deportation, to take you to court or disconnect your Internet service.
They may ask you to buy gift cards, iTunes vouchers, Bitcoin or pre-paid credit cards to pay your fine or debt. In other cases, they may request remote access to your computer and bank accounts to investigate an ‘issue’ or stop a transfer.
Legitimate businesses will never threaten to arrest you or demand immediate payment of a tax debt or fine with unusual payment methods like gift cards or Bitcoin or request remote access to your computer.
Bank impersonation scams
Bank impersonation scams involve criminals pretending to be a trusted bank representative to steal your money or personal information. They may create a sense of urgency by pretending to be from the ‘fraud’ team.
How to spot an impersonation scam?
- The caller may say they’re from Kogan Money Credit Cards and there’s an issue with your accounts or devices.
- They may ask you to move money to another account for safe keeping.
- They may ask you to download a program to give them access to your device.
- There’s a sense of urgency and they pressure you to act quickly.
Kogan Money Credit Cards may genuinely need to contact you
Our fraud team may need to get in touch with you if we’re concerned about your account, so it’s important to understand what we will and won’t ask.
We’ll never ask you to:
- provide your one-time code for authorising transactions
- transfer money to another account to keep it safe (it’s safe where it is)
- give us remote access to your devices
- provide personal information such as driver’s licence details.
We may ask you to:
- provide your full legal name
- explain or confirm the details of a payment
- provide more details about the person you’re sending funds to and how you communicate with them.
These questions are designed to help us understand the likelihood of you being involved in a scam or fraud, so that we can protect your account.
How big is the problem?
The Australian Competition and Consumer Commission (ACCC) Targeting Scams report advises there were 63,821 phone scam calls reported in 2022. Of these phone scam calls, Scamwatch reported bank impersonation scams cost Australians $20 million.
Download the Targeting scams: report of the ACCC on scams activity 2022 (PDF, 902KB).
Keeping your sms security codes safe
We may SMS you one-time passcodes for Kogan Money Credit Cards Mobile App and Online registration, transactions and password resets. In the SMS, we’ll let you know that this is a secret code which should not be shared with anyone, not even Kogan Money Credit Cards. These codes provide an extra layer of security for your accounts, so it’s important to keep them and your phone secure.
Important: while Kogan Money Credit Cards does everything it can to recover funds transferred as part of a scam, it is not guaranteed.
Simple tips to help prevent phone phishing
- Treat any unsolicited phone calls with caution. If you’re unsure about the legitimacy of a call, hang up and call back on an official phone number.
- Never provide personal or credit card information during an unsolicited call.
- Ensure you carefully read any SMS codes you receive. Never share any SMS codes you receive with anyone else, including Kogan Money Credit Cards.
- Never give an unsolicited caller remote access to your computer or online bank accounts.
Contact us for help
If you’re a Kogan Money Credit Cards customer and believe you may have fallen victim to a scam, please immediately contact us to reach the Fraud and Scams team.
Other helpful resources
- Australian Government | Australian Cyber Security Centre (ACSC) The Australian Cyber Security Centre (ACSC) brings cyber security capabilities from across the Australian Government together in a single location. It’s the hub for private and public sector collaboration and information sharing to combat cyber security threats. ACSC provides topical, relevant and timely information on how home internet users and small businesses can protect themselves from, and reduce the risk of, cyber security threats such as software vulnerabilities, online scams, malicious activities and risky online behaviours. Learn more about the Australian Cyber Security Centre.
- Australian Government | ReportCyber is a secure reporting and referral service for cybercrime and online incidents which may be in breach of Australian law. The ReportCyber website provides a cybercrime reporting mechanism as well as helpful information about cybercrime. Learn more about ReportCyber.
- Australian Competition and Consumer Commission | Scamwatch provides information to consumers and small businesses about how to recognise, avoid and report scams using publications, videos and other online resources. Learn more about Scamwatch.
- Australian Government | Office of the eSafety Commissioner The Office of the eSafety Commissioner provides online safety education for Australian children and young people, a complaints service for young Australians who experience serious cyberbullying, and address illegal online content. Learn more about the Office of the eSafety Commissioner.
- Australian Government | Attorney-General’s Department The Attorney-General’s Department website provides helpful information and resources about your rights and protections in regards to identity security, freedom of information and cyber security. The Department has developed a range of resources to assist people protect their identity and recover from the effects of identity crime. Learn more about the Attorney-General’s Department.
- IDCARE is Australia and New Zealand’s not-for-profit counselling and support service set up to assist Australians impacted by identity theft and cyber-related crimes.
IDCARE can assist customers to navigate through the process when identity details or credentials have been compromised through fraud or scams. IDCARE is a free service for all Australians. Learn more about IDCARE.
®BPAY is a registered trademark of BPAY Pty Ltd ABN 69 079 137 518.