ACCC Releases Draft Determination Against Mandated Use Of 3D Secure For Online Payments

Monday 23 May 2016 @ 11.21 a.m. | Trade & Commerce

The Australian Competition and Consumer Commission (ACCC) has released a draft determination proposing to deny authorisation to the Australian Payments Clearing Association (APCA) to mandate the use of the 3D Secure security measures for all payment cards and online businesses.  The ACCC is currently seeking submissions responding to its draft determination, before it makes a final decision.

What is 3D Secure?

3D Secure is a security ‘protocol’ specifically designed to address ‘card not present fraud’, which occurs when payments are made online by someone other than the card’s owner.  It identifies potentially fraudulent transactions and enables the customer’s bank to ‘challenge’ a transaction by requiring the customer to complete an additional authentication step before completing the transaction – e.g. by entering in a code sent to their phone by the bank.

The APCA Proposal

3D Secure is currently available on a voluntary basis.  Under the APCA’s proposal to the ACCC, the use of 3D Secure would become mandatory across the industry by changing the current Issues and Acquirers Community Regulations and Code Set.  The APCA believes the move is necessary because:

“the take-up of 3D Secure by Australian online merchants has been limited, notwithstanding that card not present fraud is increasing.  APCA submits that an industry-wide approach is necessary because, in its absence, individual merchants are reluctant to adopt 3D Secure. APCA says that this is because merchants fear it makes transactions more complex for customers (resulting in higher rates of customer transaction abandonment) relative to their competitors who choose not to enrol in the 3D Secure measures. ”

The ACCC’s Draft Findings

In a media release, ACCC Chairman Rod Sims expressed concerns about APCA’s drive to mandate a single anti-fraud product.  3D Secure is currently owned by Visa, and its next release will be operated by EMV Co, which is owned by a range of major companies such as Visa, MasterCard, American Express and UnionPay.

Mr Sims said:

“Currently, there are a range of anti-fraud products available for merchants to choose from. The mandatory roll out of 3D Secure to Australian payment cards and online merchants is likely to reduce this competition and would impose significant costs on a large number of online Australian businesses…

The ACCC does not accept that it is necessary to mandate a particular anti-fraud product. The cost of online fraud is principally borne by the online business that accepts a fraudulent transaction. Accordingly, each business can be expected to take the cost of fraud into account in making decisions about whether to invest in anti-fraud measures, and to engage anti-fraud technologies that are worthwhile for that business’ particular needs and circumstances.”

The media release also states that the APCA had estimated the cost to businesses for implementing 3D Secure would be up to $393 million, and concludes:

“While the ACCC accepts that the proposed conduct is likely to result in some public benefits in the form of reducing online payments fraud and associated costs, the size of these benefits is uncertain. The ACCC is therefore not satisfied that the likely benefit to the public from the proposed conduct would outweigh the likely detriment to the public.”

Submissions on the draft determination close on 10 June 2016.

TimeBase is an independent, privately owned Australian legal publisher specialising in the online delivery of accurate, comprehensive and innovative legislation research tools including LawOne and unique Point-in-Time Products.


Related Articles: