An ambitious bid to curb Australia’s $478 million-a-year online card fraud bill slugs banks that fail to clean up their act with heavy financial penalties under a tough new enforcement regime that will take effect in less than a week.
The controversial crackdown, which has been resisted by major card schemes and retail banks, is contained in the new Australian Payments Network (AusPayNet) and finally sets minimum loss thresholds and intervention trigger points for both merchants and institutions.
AusPayNet is the payments industry’s self-regulatory body which sets standards and rules for participants that range from banks to payments processors and gateways.
Dubbed the Card Not Present (CNP) Fraud Mitigation Framework, the new rules require mandatory quarterly reporting from 15th July and contain thresholds that banks and merchants must remain under.
While the penalty unit amounts are not in the public domain, similar scheme rule regimes enforced by credit card brands typically range in the millions.
“Breaches of these thresholds will trigger obligations for Merchants or Issuers to take action. Repeated breaches over a period of time could ultimately result in financial penalties for Issuers or Merchants’ Acquirers,” AusPayNet said in an industry advisory.
“The initial Issuer Fraud Threshold is set to 15 [basis points or 0.15 percent]” AusPayNet said, adding that the issuer bank rate “is calculated using the value of fraudulent, settled, online CNP transactions that were sent to an Issuer for authentication, each quarter.”
For merchants there is a 20bps breach trigger threshold that is backed up by a dollar limit of $50,000 in online fraud per quarter.
The $50,000 fraud ceiling for merchants is certain to trigger deep unease among some online retailers which are persistently targeted by carders intent on burning through stashes on stolen card details before countermeasures like tokenisation hit.
Like most fraud and theft, criminals tend to buy popular products that are readily saleable on secondary markets with consumer electronics, designer goods and luxury items a favourite.
A major issue that is still yet to be made by AusPayNet is determining the split between fraudulent credit card transactions and so-called ‘scheme debit’ purchases that use credit card payment rails to access consumer bank accounts.
Scheme debit fraud, the level of which is absorbed into broader online credit card fraud reporting figures, are not currently separated made public because of persistent resistance from Mastercard and Visa.
AusPayNet is clearly hoping that there will be a compliance effect that will dent fraud before it has to resort to financial sanctions.
Aside from the fines regime, the cutting edge of the fraud control overhaul is the application of a Risk Based Analysis of transactions to create a profile that then has authentication requirements applied.
In practical terms that means transactions deemed…