Australia first to adopt new ecommerce security requirement to combat cybercrime, says Visa



Visa, the world’s leader in digital payments, has today announced a new ecommerce security requirement to help Australian businesses combat a growing form of cybercrime and gain over 13,000 hours a year in otherwise lost time trading.1

As commerce rapidly moves online, more businesses are being targeted with enumeration attacks, the criminal practice where fraudsters use automation to test and guess payment credentials such as Primary Account Number (PAN), card verification value (CVV2), expiration date and post code, which can then be used in fraudulent transactions. It is the rising use of botnets – which are networks of hijacked computer devices – that are being used to carry out and scale these attacks. 

In response to the size of the threat, and as part of its new Australian Security Roadmap 2021-2023 launched today, Visa has introduced a new requirement for ecommerce payment providers in Australia to ensure they invest in botnet detection capabilities to identify and prevent enumeration attacks, by October 2022.

“Australia is the first country in which we are making botnet detection capabilities a requirement, owing to the growth in attacks we’ve seen in the past 12-18 months,” said Joe Cunningham, Visa’s Head of Risk for Asia Pacific.

“Botnet detection is now critical in protecting sellers from malicious cyber-attacks and we will work together with a seller’s acquiring bank or payments gateway to ensure that whichever entity is closest to their online checkout page has the right controls in place. It’s a whole-of-ecosystem effort,” he said.

Controls for botnet detection include restricting the number of transactions that can be processed by the merchant from a single card per minute, scanning for anomalies in shopping cart data, blocking accounts after a certain number of login attempts and CAPTCHAs2, which are tasks that are designed to be easy for humans and difficult for bots.

According to new research commissioned by Visa and conducted by YouGov, while nearly half (45%) of Australian consumers find CAPTCHA-style tools annoying when they shop online, over three quarters (76%) are supportive of merchants using the technology if it means keeping their online payments secure. In fact, more than half (53%) of Australian consumers have abandoned their shopping cart due to concerns their payments were not secure.

“The way Australians choose to shop is changing, and so is the nature of fraud, which means it’s vital sellers are ready. Investing in online security capabilities is the best way for businesses to protect against attacks that could damage their brand and customer experience, or even take them offline,” added Julian Potter, Visa’s Group Country Manager, Australia, New Zealand and South Pacific.

With a team of over 850 cybersecurity specialists, Visa provides 24/7, real-time fraud detection and mitigation, analysing millions of transactions everyday for known and emerging threats. Visa’s artificial Intelligence (AI) powered technology is able to spot patterns in data otherwise undetectable by humans to identify enumeration patterns and alert affected financial institutions and merchants before fraudulent transactions begin.

Visa’s new Security Roadmap highlights the steps Visa will be taking across six key areas to continue to secure digital payments in Australia, including:

  • Preventing enumeration attacks through new ecommerce requirements
  • Driving adoption of secure technologies
  • Securing digital first payment experiences, including contactless ATM access
  • Enhancing the cybersecurity posture of ecosystem participants
  • Preventing Australian consumers and businesses from becoming victims of scams
  • Ensuring ecosystem resilience through real-time artificial intelligence solutions

Visa continues to publish up to date best practices for merchants on what they can do to guard against cybercrime, as well as some guidance on what issuers of Visa credentials can do to reduce the impact of enumeration.


1 The number of hours online sellers in Australia could have lost based on total merchants impacted by enumeration attacks in twelve months from July 2020 to June 2021, Visa Risk Operations Centre

2 CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart)


About Visa Inc.

Visa Inc. (NYSE: V) is the world’s leader in digital payments. Our mission is to connect the world through the most innovative, reliable and secure payment network - enabling individuals, businesses and economies to thrive. Our advanced global processing network, VisaNet, provides secure and reliable payments around the world, and is capable of handling more than 65,000 transaction messages a second. The company’s relentless focus on innovation is a catalyst for the rapid growth of digital commerce on any device for everyone, everywhere.  As the world moves from analog to digital, Visa is applying our brand, products, people, network and scale to reshape the future of commerce. For more information, visit About Visa, and @VisaNews