Help & support
AusPayNet is the self-regulating Payments Industry Body, and this Framework is a result of feedback and workshops across the payments industry.
The framework sets out the industry approach to mitigate card-not-present (CNP) payments fraud for merchants, Issuers, Acquirers, payment gateways, regulators and payment systems providers.
This is a collaborative approach across the Australian payments industry Success criteria will be a reduction of fraud across the Online Payments ecosystem.
It sets a benchmark for an acceptable level of Merchant, Acquirer and Issuer ecommerce fraud and a threshold for mandating authentication across online CNP transactions.
AusPayNet will monitor the Framework’s success through Issuer and Acquirer feedback and reporting. And it’ll ensure compliance with the Framework through its existing rules and code set.
This Framework is crucial, since CNP fraud now accounts for almost 85%1 of the card fraud in Australia.
It builds on the strong industry and AusPayNet tradition of solving for payments fraud issues and improving customer experience.
Merchants must make sure their fraud rates remain under the Threshold of AUD $50,000 and under 0.20% in fraud losses per quarter (as calculated by the Acquirer).
AusPayNet requires merchants that exceed the threshold for one or two quarters to use a demonstrable risk-based approach to SCA and/or other fraud mitigants.
Exceed that for three consecutive quarters and merchants are required to perform SCA on all transactions, other than those that qualify for authentication exemption.
Exceed for four consecutive quarters, then AusPayNet may apply penalties to Acquirersand their merchants.
Merchants aren’t obliged to authenticate online CNP transactions if their fraud rate is below the Merchant Fraud Threshold for the previous quarter.
Merchant Fraud Rate (bps) = Value F % Value T x 10000
Where:
The Merchant Fraud Threshold is set to 20 basis points and $50,000 in fraud losses (i.e. Value F > $50,000) per quarter. Merchants must ensure their fraud level does not exceed this threshold.
AusPayNet is the payments self-regulatory body in the Australian market - established in 1992 to manage the day-to-day operation of the payments clearing systems.
Its purpose is to improve the safety, reliability, equity, convenience and efficiency of payment systems in Australia. And actively monitor and facilitate industry collaboration to reduce payment fraud.
Here’s more on AusPayNet
1 Source: AusPayNet 'Code Set for Issuers and Acquirers Community Framework - Volume 7 Card Not Present Code', 1 July 2019.
2 Risk Based Analysis (RBA) refers to the means or method of authentication being proportional to the risk profile of the resource of the cardholder is trying to access and/ or action it’s seeking to execute.
3 Strong Customer Authentication (SCA) in contrast to normal or single factor authentication is a stronger form of authentication and provides more assurance the cardholder actually is who he/she claims to be. SCA means authenticating with two authentication methods instead of one. This can be a combination of two of the following three: something the customer knows (e.g. PIN, dynamic CVV or password), something the customer has (i.e. device, static CVV or token) and/or based on something the customer is (i.e. biometrics).
