Food for thought from the Australian Cards Council Dinner

By Andy White, AusPayNet CEO - 16 May 2019

I had the pleasure of being the “thought leader” at the RFI Group’s Australian Cards Council dinner last night.

In forming my thoughts, I reflected on the lessons from the final report of the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry. While the report did not specifically consider payments, at AusPayNet we reviewed it as if it applied to us and to payments. Our analysis can be summarised using the following key question:

Notwithstanding minimum, formal legal and compliance requirements, what is the right thing to do, and how would it be perceived by customers and the wider community?

Last night, I used the lens of this key question to consider four topics:

  • Fraud
  • Digital Identity
  • Open Data
  • Innovation

While our latest statistics showed that counterfeit and skimming fraud halved in the last year, to a record low of $23 million, fraud is migrating to the e-commerce space. Card-not-present (CNP) fraud now equates to $250 million being redirected from legitimate Australian online retailers into the hands of fraudsters.

So “doing the right thing” involves solving this issue, and doing so in a way that is fair, fit for purpose, and in the best interests of retailers and consumers.

As many readers would know, over the last year, AusPayNet has developed a framework to mitigate CNP fraud. That framework is now final and part of AusPayNet’s rules. It builds on best practice seen elsewhere, supports risk-based strong customer authentication, is technology neutral, and uses fraud thresholds on issuers and merchants to drive down fraud.

Issuers and acquirers begin reporting on these fraud thresholds this quarter. For those of you who have a line of sight of this, especially on the acquiring side, I would encourage you to “do the right thing” by your merchants in raising awareness of this issue, the framework, and the variety of tools that are available to help merchants mitigate their fraud.

Digital Identity

Over the longer-term, one potential solution that will assist with e-commerce fraud is digital identity. AusPayNet supports the Australian Payments Council (APC), the strategic coordination body for the Australian payments industry. The APC has been developing a meta-framework for digital identity with a variety of stakeholders, work that concludes next month.

This meta-framework will support the creation of interoperable digital identity services that have the potential to do the right thing in solving real problems for customers, such as know-your-customer (KYC), fraud and open data.

Open Data

On open data, in my view the concept of Australia’s Consumer Data Right (CDR) is a great example of “doing the right thing” by the consumer: the consumer is at the centre, the data belongs to the consumer, and it is only shared if the consumer consents to it being shared.

Moreover, it is a consumer data right; it is not simply “open banking”: it will be extended to other sectors, such as energy and telecommunications, increasing potential consumer benefit.

This weekend’s election has caused a delay to the consumer data right, because – despite having bipartisan support – the underpinning legislation is yet to pass parliament. However, this delay creates two opportunities: first, to allow appropriate testing and thus ensure that consumers’ first experience of the CDR is positive; and second, to allow the development of products and services that can leverage the CDR.


This leads nicely on to innovation. Payments is currently a hotbed of innovation – including in cards - be it in artificial intelligence, biometrics, tokenisation, or QR codes.

As the card industry takes advantage of these opportunities, a focus of ours is promoting such innovation and making sure that it is sustainable and scalable. One example is ensuring that innovation applies equally to all card networks, including, as we’ve seen recently, aspects such as routing, tokenisation and authentication.

Similarly, security also has to be guaranteed – for all those involved in the card payments network – even if the way it is guaranteed changes, for example from hardware security to software. This is an example of “doing the right thing” by the card payments ecosystem.

We also need to do the right thing by consumers by ensuring that innovations are available to all Australians. Two examples spring to mind here:

  • Accessibility; we have been helping to develop draft standards to safeguard the continued access to the payments system of the four million Australians with disability; and
  • Tokenisation; which could help solve complex problems like recurring payments, including for vulnerable parts of our society.

In summary, whether we’re considering topics such as fraud, digital identity, open data or innovation, my view is that we need to rise to the challenge of our age and continue to do the right thing for our customers.