This article explains AusPayNet's introduction of Strong Customer Authentication (SCA) to combat online Card Not Present (CNP) fraud and outlines merchant obligations and benefits.
What is Australia Payments Network (AusPayNet/APN) and why have they introduced Strong Customer Authentication (SCA)?
AusPayNet is the Australian payments industry body providing advice to regulators as well as setting standards, policies and procedures across Australian payments. In 2019 AusPayNet created the Card Not Present (CNP) Fraud Mitigation Framework in response to increased fraud activity in the Australian market, largely due to the rise in online payment transactions.
A CNP transaction occurs when a shopper is not physically present at the time of a transaction to provide the payment card and enter the card PIN/authentication. CNP transactions are all online and e-commerce transactions, as well as digital wallet transactions. These types of transactions tend to be subject to more fraud as they are usually conducted online, where the fraudster can be anonymous, and payment card numbers can be obtained via consumer scams or purchased on the dark web.
In AusPayNet’s published fraud statistics, from July 2022 - June 2023, CNP fraud represented 90% of all card fraud in Australia at $677.5 million <full report here>. AusPayNet has put in place a new fraud mitigation strategy to assist in fighting against CNP fraud.
Merchant Obligation and CNP fraud threshold
To reduce the level of online fraud in Australia all participants in the payments journey have a role to play. The AusPayNet CNP fraud framework sets a threshold for merchant CNP fraud and if this is exceeded then merchants are required to uplift their fraud prevention controls with Stronger Customer Authentication (SCA) to address the increased fraud. AusPayNet monitors CNP fraud thresholds on a quarterly basis.
Merchant CNP Fraud Threshold: The merchant CNP fraud threshold is $50,000 or higher in fraud losses and fraud to sales ratio of 0.2%.
Merchants who are unable to meet the threshold for two consecutive quarters in a row are required to apply SCA to the majority of their transactions to reduce their CNP fraud to below threshold levels.
Not complying with AusPayNet’s SCA requirements can result in financial penalties to the merchant, and the possibility of your payments service being suspended or terminated.
Strong Customer Authentication (SCA)
AusPayNet has developed a set of Strong Customer Authentication (SCA) criteria for merchants, with the goal of eliminating CNP fraud. The technique used behind SCA is a method that authenticates the cardholder’s identity by verifying it with at least two of the following factors:
- Knowledge factor: This could be a password or PIN that is only known to the cardholder
- Possession factor: As the name suggests; this is a physical item that the cardholder possesses. Examples include: credit card, hardware token, or a smartphone
- Inherence factor: This is a biological feature of the cardholder. Examples include: a fingerprint, iris scan, or facial recognition
SCA may also be known as multi-factor authentication (MFA) or two-factor authentication (2FA). To meet SCA requirements merchants would adopt the 3D Secure authentication tool provided by your payments service provider.
Integrating 3D Secure
3 Domain Secure (3DS) is an e-commerce authentication tool that implements SCA into the payment journey for your customer providing a more secure authentication method. Integrating 3DS helps comply with SCA requirements as the 3 domains (payments acquirer, payment card scheme, and payment card issuer) work together to exchange information and authenticate a transaction.
Another benefit of implementing 3DS is that it can provide merchants with a liability shift, in the event a transaction is confirmed as fraudulent by passing that liability back to the payment card issuer.
Conclusion
In conclusion, merchants need to be aware of the CNP fraud thresholds and take proactive steps to mitigate online fraud to ensure cases do not exceed threshold limits. If thresholds are exceeded, merchants will be required to implement SCA processes to reduce fraud cases. By integrating 3DS merchants can significantly reduce CNP fraud, protect their customers, and avoid potential financial penalties. The proactive approach not only safeguards the merchant's financial interests but also fosters customer trust and loyalty, contributing to long-term business success.
Useful Resources
Below are some resources to help provide you with a better understanding of SCA and its importance: