Multiple New Zealand banks were targeted by coordinated fraud over the Easter weekend, with customers reporting identical $776.41 charges from an entity called "Baytree."
Banks including BNZ have confirmed the incidents are not isolated, raising concerns about the scale and sophistication of the attack. The timing - over a holiday weekend when detection and response would be slower - suggests careful planning.
New Zealand customers began noticing the unauthorized charges on Saturday and Sunday. The amounts were identical: $776.41, charged twice to some accounts. The merchant name showed as "Baytree," which victims say they've never heard of and certainly never authorized.
One Auckland customer posted on Reddit: "I noticed yesterday two identical amounts of $776.41 each was taken from my account by Baytree. I have no idea who that is; I certainly didn't make any payments of the sort."
Upon contacting BNZ, the customer was told they weren't alone. "They informed me that I wasn't the only one; that others had had that exact same amount taken from their account by an entity that shows up on the statement as Baytree," the customer wrote.
What's particularly concerning is that the fraud wasn't limited to BNZ. Reddit comments indicate customers of other New Zealand banks were also hit, suggesting a broader compromise of payment systems or card data.
The identical charge amounts - $776.41 - are unusual. Most fraud involves round numbers or varies by victim. The specificity suggests either a test of stolen card data, a specific product or service being purchased, or an algorithm-generated amount designed to avoid certain fraud detection thresholds.
The Easter weekend timing raises red flags. Fraudsters know that holiday weekends mean reduced staffing at banks, slower fraud detection systems, and delayed victim awareness. People checking their accounts less frequently over a long weekend gives criminals more time to move money and cover tracks.
Banks have fraud detection systems that monitor for unusual transaction patterns. But those systems can be gamed. Small or mid-sized charges, particularly if they don't repeat immediately or trigger velocity rules, can slip through. And if fraudsters are testing stolen card data across multiple banks simultaneously, it makes detection harder.
