The Reserve Bank of Australia is keenly eyeing the rollout of digital identity credentials to Australian consumers as a way to arrest Australia’s rapidly growing volumes of online credit card fraud and other bogus electronic transaction.
Notes from Friday’s meeting of the RBA’s powerful Payments System Board — which sets the regulatory guard rails for how transactions are conducted and priced – shows there is growing interest in “the development of a digital identity framework in Australia.”
“Members noted the potential for a framework for trusted digital identity to make online interactions more convenient and secure, including the potential to reverse the rise in fraud rates on card transactions,” the RBA’s statement said.
“Members encouraged the payments industry to work collaboratively on digital identity and also noted the importance of engagement between banks and government on this issue.”
The central bank’s visible entry into the discussion around digital identity is highly significant at a policy level because it indicates financial system regulators are increasingly viewing digital identity credentials as a practical way to fix ongoing security weaknesses in online commerce.
Surging online fraud a regulatory focus
Australia’s latest set of online credit card fraud losses, released this month, came in at a whopping $417 million for the 2016 calendar year.
Dubbed ‘card not present’ transactions (which also includes over the phone and mail order payments) the bloated losses made up 78% of card fraud in Australia for the corresponding period.
Calculated by Australian Payments Network (previously known as the Australian Payments Clearing Association) the steadily increasing online fraud volumes have been an enduring source of returns for regulators as more and more commerce shifts by online by default.
According to Australian Payments Network, data the proportion of card not present fraud in the card payments mix has jumped from 68% in 2012 to 78% in 2016. However the value of that fraud has more than doubled in the same period, exploding from $183 million in 2012 to $417 million in 2016.
If those figures aren’t causing regulatory reflux the sharp escalation in the proportion of fake to legitimate transactions will be.
In 2012 the proportion of fraud on total card payments was 43.6 cents per $1000. In 2016 its had exploded to 74.7 cents per $1000, with the ‘card not present’ rate almost certainly higher.
While it is often assumed those losses are absorbed by banks and card networks, in reality it is usually merchants and online vendors that usually wear the losses under an archaic provision of electronic payments self-regulation dating back to the era when ‘card not present’ payments often connoted dubious mail order offers and risqué telephone chat lines.
Who’s picking up the tab?
As the mix of payments has shifted to online, it is understood there is increasing regulatory concern that indemnities and protections for merchants that buy payment services have become insufficient.
One known issue is a perception of what has essentially become a massive fraud liability shift for banks and payment service providers which both issue cards and supply card acceptance and payments services.
Banks had for more around a decade toyed with the idea of creating a federated digital identity system to counter fraud and increase protections, starting with Westpac’s “Trust Centre” and more recently the collapse of the Commonwealth Bank sponsored Project MaMBO.
Changing the game
After years of pushing for collective innovation, MaMBO’s collapse ultimately spurred the RBA to intervene and activate the build of the New Payments Platform (NPP) which is being backed by Australian Payments Network and will soon bank deposits and payments settled in real time.
At the same time Australia Post has launched its Digital iD product into the market place, with banks able to take up a white labelled option service of the product.
Notably, Australia Post is also a key payments services provider and is expected to use it Digital iD product as a way of verifying and enrolling customers.
One obvious question is what role Australia Post’s might play in securing the NPP once it is up and running.
Australia’s largest credit union, CUA, Travelex and the Queensland Police Service have already confirmed they are adopting Digital iD platform.
It is still unclear whether the federal government’s proposed digital identity credential, being run out of the Digital Transformation Agency, will be able to be used by financial institutions and the private sector.
Digital currency also in the RBA mix
With fintech, regtech, bitcoin and block chain increasingly gaining speed, it’s perhaps not surprising the institution that prints Australia’s banknotes is keeping a close eye on opportunities and threats.
“The Board discussed the role that digital currencies could potentially play in the payments system. It noted recent international work on whether there might be a demand for ‘digital cash’ issued by central banks and, if so, what form it might take,” the RBA statement said.
“Members agreed that the Bank should continue to consider the technical and policy issues associated with digital cash.”
In other words, watch this space.