Australian merchants may see SCA enforcement in effect as early Q4 2019 

Some Australian merchants may be required to implement SCA protocols for all online, card-not-present transactions as early as the end of 2019. Here’s what you need to know.

  • Australia’s CNP Fraud Mitigation Framework went into effect July 1, 2019
  • SCA will be required for merchants who breach fraud thresholds outlined in the Framework
  • SCA may be required as early as Q4 2019 for merchants who breach the threshold for these two consecutive quarters: Q2 and Q3 of 2019.
  • Merchants should streamline the compliance process by working with PSPs that are equipped to meet local regulatory requirements

For Australian-issued cards, nearly 85% of all card fraud is considered card-not-present (CNP) fraud, which happens mainly online. This problem is certainly not unique to Australia – in fact, card-not-present fraud accounts for 60-70% of all card fraud in developed countries. 

Europe has recently addressed this issue with its rollout of the Revised Payment Service Directive (PSD2). This included the enforcement of Strong Customer Authentication (SCA), which is the addition of more authentication layers to curb CNP fraud. Most major global markets are now looking to standardize CNP protections, with Australia following suit with its recent release of the CNP Fraud Mitigation Framework that went into effect July 1, 2019.

The framework, enforced through AusPayNet, outlines the set of requirements for issuers and acquirers to authenticate online CNP transactions. This includes applying SCA practices to help reduce online fraud. Under this framework, merchants must remain below the initial fraud threshold of AUD $50,000 in fraud losses and a fraud-to-sales ratio of 0.2% per quarter. Merchants that exceed this threshold for two consecutive quarters may be required to implement SCA on their transactions.

While Europe’s PSD2 mandates SCA for all online transactions, Australia’s CNP Fraud Mitigations Framework only requires SCA for merchants and issuers that are consistently in breach of these thresholds.  Acquirers have submitted their quarterly merchant data outlining their fraud rates and threshold breaches for Q2 and Q3 of 2019.  If a merchant has exceeded the threshold for these two consecutive quarters, acquirers may require that the merchant perform SCA on all transactions as early as Q4 of 2019. If a merchant is in breach for three consecutive quarters, merchants may be required to pass all transactions through to the issuer for SCA.

How to get ready for SCA

For the risk-averse, having SCA provisions in place sooner rather than later will save merchants from costly business headaches like downtime due to a last-minute technical scramble, or worse, the risk of losing sales if it’s not in place.

Australian merchants can leverage Checkout.com’s 3DS2 solution to help meet all SCA requirements via one unified API.  Through one integration, merchants will also be able to take advantage of all our flexible and scalable capabilities such as multi-currencies, wallets, network tokens, account updater, and first-class authentication.

As major markets work toward similar ecommerce protection protocols, online merchants should consistently evaluate their payments strategy and partners, apply streamlined payment systems, and most importantly, ensure that their PSP can support local regulatory needs.

Keep up-to-date with all things payments

Written on Dec 05, 2019 by

author image

Colin Murray

SVP Sales, APAC

Keep up-to-date with all things payments

Related articles

payments

0 min read

Australia, We’re Open for Business

Checkout.com goes ‘down under’ with services now available to merchants interested in expanding their business to the Australian market. Checkout.com recently established local acceptance partnerships in the territory which will allow our customers to operate and accept payments in and from Australia.

payments

0 min read

Why U.S. Businesses Should Pay Attention to PSD2

Schemes are tentatively scheduled to roll out full authentication protocols in the U.S. by mid-2020. Is your business ready to comply with new security measures? We discuss how this regulation will impact U.S. businesses – and why merchants should act sooner rather than later.

3DS 2.0 Explained: Part II

In preparation for the Revised Payment Services Directive (PSD2) requirements, Checkout.com has launched a proprietary 3DS 2.0 solution for our customers to ensure a smooth transition and implementation of the new 3DS 2.0 protocol. Here’s everything you need to know.