Visa security update and new requirements for Australia and New Zealand

The payments landscape is constantly evolving, and Checkout.com continues to monitor challenges in the payments threat landscape. With online transaction volumes increasing, this has resulted in an increase in the number of card testing, brute force and BIN attacks.

We would like to remind you of best practice to help prevent these attacks, and update you on the new Visa security update in Australia and New Zealand.

What you can do to prevent attacks – top tips from Checkout.com

1. Make sure your business is aware of the risks associated with accepting payments online

2. Have incident response plans evaluated and in place ready to use should you need them

3. Implement the following fraud prevention tactics:

• Monitor and review the language and time zone of cardholder IP addresses and devices. Authorization monitoring can help you detect anomalies or inconsistencies in the data and flag these transactions as higher risk

• Add any IP addresses that regularly fail payment attempts to your fraud block list for review

• Use 3D Secure 2 checks

• Lock a user’s account after they make multiple incorrect password / username attempts

• Monitor the IP address of account logins. If multiple IP addresses are using an account, review and analyze if this is legitimate

• Block the use of common or suspicious passwords and review any logins that use these currently

• Review customer sessions for excessive bandwidth consumption. You can also check tracking elements for multiple transactions using the same email address and device ID across multiple cards

• Use random pauses (throttling) on account checking and increase these checks on BINs that see higher fraud attempts

• Implement CAPTCHA and RECAPTCHA controls along with botnet detection and fingerprint authentication

• Think about implementing velocity checks on lower transaction values, as well as large value items

• Use Address Verification Service (AVS) and Card Verification Code (CVC) checks

What are the new Visa requirements ?

Visa is introducing new requirements for ecommerce payment providers to invest in capabilities to identify and prevent attacks. Whilst this requirement is being introduced in Australia on October 15, 2022, and New Zealand on October 14, 2023, it is good practice for all merchants globally to do this now.

How Checkout.com can help

Our fraud and risk management solution lets you control the type of payments you accept and reduce the risk of fraud. This includes pre-configured setup and block list, pre-set fraud rules and Machine Learning (ML) with fixed thresholds to decline, approve, or send transactions for 3D Secure authentication.

The tool lets you make minor edits to some pre-set rules and add further rules from a pre-set list. You can test these changes before implementation using our shadow-mode testing feature and access a full suite of analytics and reports within the tool.

Speak to your Customer Success Manager if you’re interested in learning more about our Pro solution – designed for fraud teams that want more control over their risk setup. Pro unlocks additional functionality to give you more advanced risk tools and the ability to fully customize your strategy:

• Customizable ML thresholds

• Comprehensive rules, including custom, weighted, and advanced rule types (such as cumulative velocity rules)

• Ability to send custom data to build custom rules

• Customer segmentation to build tailored risk flows

• Option to choose 3D Secure challenge preference indicators to balance transaction friction and liability shift