Visa, the world's leader in digital payments, has today announced a new 
ecommerce security requirement to help Australian businesses combat a growing 
form of cybercrime and gain over 13,000 hours a year in otherwise lost time 
trading.[1]

As commerce rapidly moves online, more businesses are being targeted with 
enumeration attacks, the criminal practice where fraudsters use automation to 
test and guess payment credentials such as Primary Account Number (PAN), card 
verification value (CVV2), expiration date and post code, which can then be 
used in fraudulent transactions. It is the rising use of botnets – which are 
networks of hijacked computer devices – that are being used to carry out and 
scale these attacks. 

In response to the size of the threat, and as part of its new Australian 
Security Roadmap 2021-2023 launched 
today(https://www.visa.com.au/pay-with-visa/security/future-of-security-roadmap.
html), Visa has introduced a new requirement for ecommerce payment providers in 
Australia to ensure they invest in botnet detection capabilities to identify 
and prevent enumeration attacks, by October 2022. 

"Australia is the first country in which we are making botnet detection 
capabilities a requirement, owing to the growth in attacks we've seen in the 
past 12-18 months," said Joe Cunningham, Visa's Head of Risk for Asia Pacific. 

"Botnet detection is now critical in protecting sellers from malicious 
cyber-attacks and we will work together with a seller's acquiring bank or 
payments gateway to ensure that whichever entity is closest to their online 
checkout page has the right controls in place. It's a whole-of-ecosystem 
effort," he said.

Controls for botnet detection include restricting the number of transactions 
that can be processed by the merchant from a single card per minute, scanning 
for anomalies in shopping cart data, blocking accounts after a certain number 
of login attempts and CAPTCHAs[2], which are tasks that are designed to be easy 
for humans and difficult for bots. 

According to new research commissioned by Visa and conducted by YouGov, while 
nearly half (45%) of Australian consumers find CAPTCHA-style tools annoying 
when they shop online, over three quarters (76%) are supportive of merchants 
using the technology if it means keeping their online payments secure. In fact, 
more than half (53%) of Australian consumers have abandoned their shopping cart 
due to concerns their payments were not secure. 

"The way Australians choose to shop is changing, and so is the nature of fraud, 
which means it's vital sellers are ready. Investing in online security 
capabilities is the best way for businesses to protect against attacks that 
could damage their brand and customer experience, or even take them offline," 
added Julian Potter, Visa's Group Country Manager, Australia, New Zealand and 
South Pacific. 

With a team of over 850 cybersecurity specialists, Visa provides 24/7, 
real-time fraud detection and mitigation, analysing millions of transactions 
everyday for known and emerging threats. Visa's artificial Intelligence (AI) 
powered technology is able to spot patterns in data otherwise undetectable by 
humans to identify enumeration patterns and alert affected financial 
institutions and merchants before fraudulent transactions begin.

Visa's new Security Roadmap highlights the steps Visa will be taking across six 
key areas to continue to secure digital payments in Australia, including:

- Preventing enumeration attacks through new ecommerce requirements 
- Driving adoption of secure technologies 
- Securing digital first payment experiences, including contactless ATM access 
- Enhancing the cybersecurity posture of ecosystem participants 
- Preventing Australian consumers and businesses from becoming victims of scams 
- Ensuring ecosystem resilience through real-time artificial intelligence 
solutions

Visa continues to publish up to date best practices for merchants on what they 
can do to guard against cybercrime, as well as some guidance on what issuers of 
Visa credentials can do to reduce the impact of enumeration.

About Visa Inc. 

Visa Inc. (NYSE: V) is the world's leader in digital payments. Our mission is 
to connect the world through the most innovative, reliable and secure payment 
network - enabling individuals, businesses and economies to thrive. Our 
advanced global processing network, VisaNet, provides secure and reliable 
payments around the world, and is capable of handling more than 65,000 
transaction messages a second. The company's relentless focus on innovation is 
a catalyst for the rapid growth of digital commerce on any device for everyone, 
everywhere. As the world moves from analog to digital, Visa is applying our 
brand, products, people, network and scale to reshape the future of commerce. 
For more information, visit About 
Visa(https://usa.visa.com/about-visa/our_business.html), 
visa.com/blog(https://usa.visa.com/visa-everywhere/blog.html) and 
@VisaNews(https://twitter.com/VisaNews).

[1] The number of hours online sellers in Australia could have lost based on 
total merchants impacted by enumeration attacks in twelve months from July 2020 
to June 2021, Visa Risk Operations Centre
[2] CAPTCHA (Completely Automated Public Turing test to tell Computers and 
Humans Apart)

SOURCE: Visa