SMS One-Time Passwords no longer enough to fight Australia’s AI-driven fraud, says Visa

12/09/2024


Visa, a world leader in digital payments, today announced it will require Australian financial institutions to move away from SMS One-Time Passwords (OTPs) as the sole factor for payment authentication to address the threat of AI-driven fraud and scams.

In Australia last year, scam losses reached $2.7 billion with over 601,000 scam reports1, and attacks can increase in frequency during the peak holiday shopping and travel season. The rise of generative artificial intelligence and machine learning technologies, combined with the continued growth in eCommerce, has created new opportunities for cyber criminals to exploit the most vulnerable point in the payments’ ecosystem: humans.

Visa’s Head of Risk for Australia, New Zealand and South Pacific Martyna Lazar said, “Scammers prey on fundamental human needs and heightened emotions – whether that’s companionship, job security or by creating a sense of urgency, panic or concern, and there’s no IT patch that can be deployed for that.”

In its new Security Roadmap for Australia 2025-2028, launched today, Visa is mandating that financial institutions must provide their customers with safer and more advanced authentication options beyond SMS OTP, to protect against sophisticated scams and fraud by October 2026. These include biometric authentication, in-app authentication, app-to-app flows, or passkeys, which leverage multiple channels or devices to strengthen the identification and verification process.

“Cyber criminals today are more organised, more sophisticated and using new technology to target Australians at scale with effective social engineering and phishing tactics. By tricking consumers into divulging their unique OTPs, they are then able to authenticate fraudulent payments or gain access to accounts, which can lead to substantial financial and emotional stress. The threat landscape is rapidly evolving, and it takes continuous investment from Visa, together with financial institutions, merchants and consumers, to drive adoption of new secure technologies and stay ahead of these fraudsters.”

The new requirement has been introduced as part of Visa’s Security Roadmap for Australia 2025-2028, which sets out the steps Visa will be taking across six key areas to strengthen resilience in Australia’s payment ecosystem, including:

  • Preventing enumeration attacks, where fraudsters use automation to test and guess payment credentials
  • Continued investment in secure technologies to balance fraud management and improved customer experience
  • Shifting to a data-driven risk-based approach, which enhances security and supports sustainable growth
  • Ensuring ecosystem resilience against unauthorised payments fraud and scams (authorised fraud) in the era of AI
  • Enhancing the cyber security posture of ecosystem participants
  • Securing digital payment experiences by integrating best-in-class security protocols

Lazar encouraged Australian consumers to be extra alert to scams during the upcoming holiday season, where there is traditionally a rise in online shopping and travel bookings.

“Scammers will often try to get you to act - or click - without thinking by creating a false sense of urgency. Remember, your bank or government provider won’t ask you for personal information, passwords or payment details via SMS. Don’t click on hyperlinks in the SMS, don’t reply or call the sender on that number, and don’t provide personal info. If you think you’ve been targeted, contact your financial institution immediately to protect your account and report the scam.”

 

1 ACCC, National Anti-Scam Centre, Targeting Scams Report 2024, April 2024, https:// www.nasc.gov.au/system/files/targeting-scams-report-2023.pdf

 

About Visa Inc.

Visa (NYSE: V) is a world leader in digital payments, facilitating transactions between consumers, merchants, financial institutions and government entities across more than 200 countries and territories. Our mission is to connect the world through the most innovative, convenient, reliable and secure payments network, enabling individuals, businesses and economies to thrive. We believe that economies that include everyone everywhere, uplift everyone everywhere and see access as foundational to the future of money movement. Learn more at Visa.com.