Voice of the Industry

The fight against CNP fraud lies in industry collaboration: an AusPayNet initiative

Tuesday 12 March 2019 08:38 CET | Voice of the industry

Andy White reveals the Australian Payments Network`s strategy of mitigating CNP fraud in ecommerce, which is built upon a strong industry framework

Card-not-present (CNP) fraud is a problem which lines fraudsters’ pockets with close to AUD 250 million per annum, at the expense of legitimate Australian businesses. Such fraud reduces consumer trust in ecommerce and now accounts for 85% of Australian card fraud.

It is also a problem which Australian Payments Network (AusPayNet), the Australian payments industry self-regulatory body, intends to solve.

A year ago, we brought together the ecommerce industry to agree on a solution to this problem. The initial meeting, in February 2018, co-hosted with the Reserve Bank of Australia, brought together card issuers, merchant acquirers, card schemes, payment gateways, payment service providers, merchants, regulators and other industry bodies: over 70 people from over 60 organisations. It started with two simple premises:

Through collaboration across the payments industry and innovations such as EMV chip technology, we have significantly reduced card present fraud, while seeing card use increase.

By acting together and implementing an industry framework to mitigate CNP fraud, we can achieve the same success in ecommerce.

The first premise is supported by AusPayNet’s card fraud statistics. Counterfeit and skimming fraud on Australian cards at point-of-sale (POS) and ATMs is at its lowest level since 2012, dropping to AUD 31 million in 2017, almost half its 2016 value. This success has been achieved by industry working collaboratively to introduce additional security whilst maintaining a positive customer experience.

Our second premise was, therefore, that where significant collaboration across the payments value chain occurs, and authentication is used consistently, significant reductions in fraud can be achieved. This logic applies in ecommerce, as well as at POS and ATM.

We achieved real consensus from the ecommerce industry on this starting point, and on the way forward that:

AusPayNet should draft an industry framework for mitigating CNP fraud;

we should do so based on agreed key principles (see below); and

we should continue to consult the ecommerce industry on the framework through to its implementation.

It was agreed that such an industry framework would reduce CNP fraud, help maintain the growth in Australian ecommerce, and improve consumer trust in payments. The agreed key principles were that the framework should:

Leverage global standards and best practice from other jurisdictions;

Consistently apply Strong Customer Authentication (SCA); and,

Be technology neutral to provide choice and ease of implementation.

AusPayNet has developed the framework reflecting these key principles. It has leveraged the European Banking Authority’s work on the Regulatory Technical Standards on strong customer authentication under the revised Payment Services Directive (PSD2). A key tenet of the framework is to support risk-based SCA for CNP transactions, whilst allowing several exemptions for merchants from SCA and enabling a marketplace of SCA solutions for merchants to choose from. The framework is purposefully technology neutral to encourage innovation and competition, defining key objectives that can be met using different technical solutions.

The framework looks for all participants in ecommerce to take an active role in reducing CNP fraud. It sets fraud thresholds that define acceptable levels of risk for both issuers and merchants. Issuers and merchants with fraud rates under these thresholds will not be required to perform additional fraud mitigation activities. Issuers and merchants operating over the thresholds will be required to perform SCA, subject to exemptions for lower risk transactions.

AusPayNet will review the thresholds annually and in doing so will drive down the overall level of CNP fraud. We estimate – based on industry data – that the initial thresholds will highlight a relatively small number of participants with fraud levels above the thresholds. While few in number, were those participants to mitigate their fraud it would have the effect of mitigating the majority of the industry problem.

AusPayNet has tested the key principles of the framework in workshops, in partnership with the Australian Retailers Association, in Brisbane, Sydney and Melbourne. These workshops again involved the entire ecommerce industry: 87 people from over 54 organisations. AusPayNet has also undertaken two formal written consultations on the framework and its implementation timeline, in August-September 2018 and December 2018-February 2019.

The industry has now agreed on an implementation timeline, which involves issuers and acquirers reporting CNP fraud rates from the April-June 2019 quarter onwards.

AusPayNet is working with industry participants on key messages to support the implementation of the framework, and proposes to manage the implementation through its existing Issuer and Acquirer Regulations. AusPayNet also proposes to actively report back to the industry to monitor the success of the framework.

We firmly believe that by working together to implement an industry framework to mitigate CNP fraud, we can reduce the level of this type of fraud and increase ecommerce growth through improving consumer trust in payments.

About Andy White

Andy White, previously our COO, was appointed as CEO of Australian Payments Network on 1 March 2019. Before joining AusPayNet in 2015, Andy spent eight years at ASX, which included leading its settlement and payments business. Prior to that, he started his career at the Bank of England, before joining LCH.Clearnet. Andy is a graduate of Oxford University and AICD. Andy is also a Member of the Advisory Committee to Australia’s Data Standards Body, a Member of the Board of Advisors to the Payment Card Industry Security Standards Council, and Deputy Chair of Emerging Payments Association Asia.

About Australian Payments Network

Australian Payments Network (AusPayNet) is the payments industry self-regulatory body. We enable competition and innovation, promote efficiency, and control and manage risk to deliver improvements for all users of the payments system. As the industry association, AusPayNet brings together 130 diverse organisations including Australia’s leading financial institutions, major retailers, payment system operators and technology providers. Our role includes managing core systems for cards, cash, cheques, direct entry and high-value payments.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: Australian Payments Network, CNP fraud, industry collaboration, SCA, PSD2
Countries: World