News and updates

Strong Customer Authentication in Australia: AusPayNet Card Not Present framework

With Australia’s growing ecommerce market, Strong Customer Authentication (SCA) has become increasingly important for Card Not Present transactions. Read on to learn about AusPayNet’s framework that offers businesses and shoppers greater peace of mind.

January 5th, 2024
 ·  2 minutes
Person sitting and using a smartphone with a shopping bag beside them.

Australia’s ecommerce market is one of the fastest growing markets in the world, forecast to continuously increase between 2023 and 2028 by approximately $30.4 billion (an increase of 56% in total). 

But the growth of ecommerce in the last decade presents opportunities for businesses and fraudsters alike, with Card Not Present (CNP) fraud, which represents about 90% of all card fraud on Australian cards costing retailers nearly half a billion dollars in 2022. With customer trust a top priority for Australian businesses in 2024, and updates to eftpos CNP and least cost routing now in effect across the country, Strong Customer Authentication (SCA) is more important than ever before.

What is a CNP transaction?

A CNP transaction is one where a shopper is not physically present at the time of a transaction. This means all online and ecommerce transactions are CNP transactions, as well as digital wallet transactions. 

Today, more than one-third of Aussie consumers tap their mobile device to pay. Digital wallets, also known as mobile wallets or ewallets, dominate the ecommerce payment landscape. According to the 2023 Retail Report, 30% of Australian consumers preferred paying with digital wallets like Apple Pay or Google Pay when shopping in stores. Similarly, 29% of Australian consumers preferred paying with digital wallets when shopping online.

PayPal is Australia’s most popular digital wallet, and was used by 9.8 million (43.8%) Australians in 2022. Australia is also the home to buy now, pay later (BNPL) methods such as Afterpay and Zip. Afterpay claims over 3.2 million people use their product in Australia (15.2%), while Zip processes about half of those volumes. 

Shoppers are searching for businesses they can trust, with a focus on stability and positive relationships – making strong authentication experiences crucial to capturing and retaining customer loyalty. 

Twilight city skyline reflected on a calm water surface.

Strong authentication to support ecommerce growth

Authentication is not new – Australia was an early adopter of the EMV chip-and-PIN authentication when it was first introduced. EMV chip technology has provided strong protection globally on Australian issued cards against in-person or Card Present fraud.

EMV chip-and-PIN authentication is a common authentication method at point-of-sale in Australia, and is effective against Card Present fraud. However, stronger authentication is needed for CNP transactions. It’s difficult for merchants to verify whether payments are indeed authorised by the actual card holders, which is why CNP has become the main source of card fraud – not just in Australia, but also in many key ecommerce markets around the world.

Regulatory boards, issuers, schemes, acquirers, and payment service providers worldwide have been actively looking at solutions to counter CNP fraud. Several tools like CVV checks, Address Verification System (AVS), and 3D Secure have been introduced and improved upon.

Adyen has already introduced global enablement of 3D Secure 2.0 (3DS 2.0), the new standard in SCA. This solution embeds the latest requirements for PSD2 to ensure secure payments for shoppers globally. PSD2 or the Revised Payment Services Directive is a European directive that further simplified payment processing between shoppers, merchants, payment service providers, and non-bank payment institutions – with the use of SCA – while curbing CNP fraud in Europe.

With CNP fraud in Australia growing every year, the Australian Payments Network or AusPayNet – the payments self-regulatory body in Australia – has initiated an industry-wide consultation to shape the CNP Fraud Mitigation Framework which has taken effect from the second quarter of 2019.

CNP fraud mitigation framework

The CNP fraud mitigation framework from AuspayNet aims to reduce fraud in CNP channels for merchants, consumers, issuers, acquirers, card schemes, payment gateways, payment system providers, and regulators.

Merchants operating above the recommended industry fraud rate are now encouraged to implement risk-based authentication for online CNP transactions using locally issued cards via local acquiring.

Under the framework, SCA will be required for merchants operating above fraud thresholds of AUD $50,000 in fraud losses and fraud-to-sales ratio of 0.2% in reported fraud for two consecutive quarters. If merchant fraud thresholds are breached for two consecutive quarters, the Acquirer will require the merchant to perform SCA on all transactions until their fraud rate falls below the threshold for a quarter. 

After three consecutive quarters of breaches, the framework recommends that merchants pass all transactions through to the issuers for authentication. In a case where a merchant continues to exceed the thresholds after four (or more) consecutive quarters, sanctions and fines may apply.

We recommend implementing SCA sooner rather than later not only because it may soon be a global standard, but also for its multifold benefits. Stronger shopper authentication enables more secure payment flows, and thus higher card authorisation rates.

Merchants can easily leverage SCA such as 3DS 2.0 with Adyen for authentication that’s built around the habits of the modern Australian consumer. With the option of intuitive 2-factor and biometric authentication flows for in-app, online, and mobile shopping, businesses can create better experiences that translate to higher sales conversion and great business results.

SCA has long been misunderstood as a sales conversion blocker as it is deemed to add friction along the shopper journey – think static passwords, multiple redirects, and clunky authorisation flows. Next-gen solutions like 3DS 2.0, however, have changed the way we know shopper authentication. Various use cases with local and global brands have also shown that SCA has helped to drive business results and secure revenue. Take retail distributer True Alliance:

Want to learn how SCA can benefit your business by helping to increase card authorisation rates, fraud prevention, and regulatory compliance? Find out more about SCA in Australia or anywhere around the world from our local team.

Fresh insights, straight to your inbox

Subscribe to email alerts

By submitting your information you confirm that you have read Adyen's Privacy Policy and agree to the use of your data in all Adyen communications.