Asia-Pacific · GDP rank #13

Australia

AU · AUD @ 0.7139/USD

Cards dominate by value; instant payments have moved from niche to primary rail in under a decade. The RBA's March 2026 Review confirmed a 1 October 2026 ban on card surcharges and a cut in interchange caps to 0.30% wholesale, alongside a new foreign-card interchange cap from April 2027. Contactless is saturated; PayTo is displacing direct debit; CNP fraud remains the headline security problem.

Tab 06

Fraud & security

Headline fraud totals and typology splits, the rollout of EMV chip, tokenisation, 3DS and biometrics, and the controlling data-protection and payments statutes.

Annual fraud losses

A$913M▲ +30% vs FY2023

AUD · FY2024

Loss rate

7.5bp

basis points on transaction value · FY2024

CNP share of fraud

92%

% · FY2024

Fraud typology

Where losses come from

Card-not-present dominates every developed-market fraud profile — counterfeit and lost/stolen have both been mechanically suppressed by EMV and tokenisation over the last decade.

Share of card fraud

Card-not-present (ecommerce)92%
Counterfeit/skimming (card-present)1%
Lost/stolen5%

Authentication

What's deployed on cards today

EMV is the floor; tokenisation removes PAN from merchant systems; 3DS covers the CNP flow; biometric auth drives device-level wallet transactions. Adoption gaps between markets are the clearest signal of fraud-regime maturity.

EMV chip penetration

100%

% · 2024

Tokenised transactions

41%

% · 2024

3DS coverage · CNP

64%

% · 2024

Biometric mobile wallet txns

95%

% · 2024

Consumer protection

Framework: ePayments Code (ASIC-administered)
Max consumer liability: A$150 where consumer negligence involved
Liability rules: Consumer liability is zero for unauthorised transactions where the consumer has not been negligent; banks bear residual loss. Scams (authorised push payment) fall under 2025 scam code: banks, telcos and digital platforms jointly liable.

Source · ASIC

Security standards

▌PCI DSS 4.0 (mandatory March 2025)
▌AusPayNet Confirmation of Payee standard (2024)
▌CDR Trusted Advisor framework
▌APRA CPS 234 information security obligations