Payments System Board Annual Report – 2019 Retail Payments Regulation and Policy Issues

The Reserve Bank determines policy for retail payments systems and undertakes research into retail payments issues under its remit to promote a safe, competitive and efficient payments system. Recent policy work has focused on: the functionality of, and access to, the New Payments Platform (NPP); operational outages in retail payment services; and strategic considerations in the migration of payment streams to the ISO 20022 payments messaging standard. Policy work has also covered a range of issues related to card payments, including the industry's implementation of least-cost routing functionality for contactless debit card transactions and improving the clarity and operation of some of the Bank's existing regulatory requirements. There has also been an ongoing focus on innovation in the payments system, including the use of distributed ledger technology, digital currencies, and policy issues arising from the entry of non-traditional participants in the payments landscape.

NPP Access and Functionality

In 2018/19, the Bank, with input and assistance from the Australian Competition and Consumer Commission (ACCC), consulted on the functionality of, and access to, the NPP. The consultation was partly in response to recommendations in the Productivity Commission's 2018 Inquiry into Competition in the Australian Financial System and concerns raised by other stakeholders relating to services offered through the NPP and the ways of accessing the platform.

The consultation sought stakeholder views on the current functionality of the NPP and what functionality gaps may exist. It also sought views on whether the various ways of accessing the NPP, and their associated technical and other eligibility requirements, were adequate for different business models, or whether other forms of access or eligibility requirements may be justified. There were 19 written submissions to the consultation from a range of stakeholders and the Bank and ACCC held meetings with stakeholders in Melbourne and Sydney, including with most of those who provided written submissions, as well as ASIC and APRA.

A report on the conclusions from the consultation was published in June and contained 13 recommendations directed at NPP Australia Limited (NPPA) and NPP participants.[13] The overall conclusion was that the NPP was enabling payments functionality that largely addressed the gaps identified in the Bank's 2010–2012 Strategic Review of Innovation. However, the report highlighted that the slow and uneven roll-out of NPP services by the major banks was disappointing and that this had likely slowed the development of new functionality and contributed to stakeholder concerns about access to the NPP. Therefore, the report made a number of recommendations aimed at promoting the timely roll-out of NPP services and development of new functionality.

The consultation also identified a number of access issues that could present potential barriers to entry for new participants. Balancing the potential competition benefits of open access to the NPP against the need to maintain safety and security in a real-time payments platform, the report made a number of recommendations for NPPA to take action in relation to its participation requirements, the required capital contribution for participation and the governance arrangements for assessing new participants.

NPPA published a written response to the consultation on 30 July 2019, explaining how it intends to implement the recommendations and over what time period. NPPA has accepted the 13 recommendations and will address each according to the schedule set out in the report.

The Bank has committed, with the ACCC, to undertake another review of NPP access and functionality commencing no later than July 2021. The Board could consider a regulatory solution if there is insufficient progress in addressing the recommendations in the report, or if other issues arise.

Outside of Australia, there has been significant further progress in the development of other fast retail payment systems. In September 2018, the Hong Kong Monetary Authority launched the Faster Payment System, which supports both HKD and RMB payments, the use of QR codes, and is open to both banks and operators of stored-value facilities (SVFs). In November, the ECB launched its real-time payments infrastructure, Target Instant Payments Settlement (TIPS), which facilitates instant cross-border payments in the EU. In addition, in Northern Europe, the P27 Nordic Payments Platform (owned by a number of large Nordic banks) and Mastercard have announced a partnership to develop a real-time and batch multi-currency payments system across the Nordic region. In the United States, the Federal Reserve Board announced that the Federal Reserve Banks will develop the FedNow Service, a new nationwide real-time gross settlement system (RTGS) to support faster retail payments. The FedNow Service will process transactions 24 hours a day, 7 days a week, and operate alongside existing private sector RTGS services for faster payments. It is expected to be available in 2023 or 2024.

Migration to ISO 20022 Messaging Standard

At its February meeting, the Board discussed the announcement by Society for Worldwide Interbank Financial Telecommunication (SWIFT) of its decision to cease support for some existing message formats used in many payment, clearing and settlement systems around the world, including in Australia. By late 2025, certain of these messages will need to migrate to a new format, which uses the International Organization for Standardization (ISO) 20022 standard (see Box B). The Board identified this as a key strategic issue for the Australian payments system and endorsed the Bank undertaking a consultation with the industry on the key considerations associated with migration to the new standard.

SWIFT is planning to cease support for certain categories of its proprietary Message Type (MT) messaging standards and replace them with ISO 20022 formats, for cross-border and correspondent banking payments, from November 2025. While SWIFT has not yet announced an end date for MT formats used in ‘closed user groups’ (which includes Australia's High Value Clearing System (HVCS)), its end goal is to fully migrate all payments and reporting traffic to ISO 20022. Given this, and the number of ISO 20022 migration projects underway globally, the Board judged that it was an appropriate time to consider adoption of the ISO 20022 standard in relevant systems in Australia.

Accordingly, in April, the Bank, in collaboration with the Australian Payments Council (APC), released a consultation paper on the key issues relating to ISO 20022 migration. The intention is to ensure that the migration project is undertaken in a timeframe that does not pose risk to the payment system and that appropriately considers the objectives of migration and broader long-term opportunities for the industry. The consultation paper set out the key strategic decisions that would be required for an ISO 20022 migration and invited submissions from stakeholders.

A wide range of submissions were received from industry. There was broad support for the migration and the need for an industry governance process to ensure that the migration occurred smoothly. There was also support for enhancing the data content of messages, although most stakeholders supported an approach of like-for-like migration followed by inclusion of enhanced content. The Board discussed issues relating to ISO 20022 migration at its August 2019 meeting and noted the desirability of maintaining a dedicated high-value payments system and that it was important for the industry to provide adequate resourcing to a migration project, with appropriate project oversight, for example by the APC. The Board also supported the adoption of enhanced content in future ISO 20022 messaging standards. The Bank and the APC published a second consultation paper in September, summarising the initial consultation responses and setting out some proposed options for implementation. A third paper is planned for early 2020, to present the conclusions from the consultation process, including the agreed scope, governance, migration strategy, timetable and implementation approach. It is intended that the migration will be complete by the end of 2024, ahead of SWIFT's migration timeframe and consistent with other international migration projects.

Box B
ISO 20022

Messages used in payments, clearing and settlement systems are often complex and must follow strict protocols so that participants can send and receive the messages with a common understanding of the information they contain. ISO 20022 is an internationally recognised standard that was developed and is maintained by the International Organization for Standardization (ISO). It is a general purpose standard for development of financial industry messaging in payments, securities, trade services, cards and foreign exchange businesses. For payments, the ISO 20022 standard covers messaging related to cash account management, payments initiation, clearing, and settlement.

The general features of the ISO 20022 standard are:

  • Open standard – the message definitions are publicly available from the ISO 20022 website.
  • Flexible – definitions can be adapted for new requirements and technologies as they emerge.
  • Enhanced data content – ISO 20022 messages have an improved data structure (e.g. defined fields) and expanded capacity (e.g. increased field size and support for extended remittance information).
  • Network independent – the adoption of the standard is not tied to a particular network provider.

Over the past decade there has been an international movement to migrate message formats used in payments, clearing and settlement systems to ISO 20022. Australia's New Payments Platform (NPP) and the Fast Settlement Service (FSS) already use ISO 20022 messages, and this is also the message format being adopted by ASX Ltd as part of its CHESS replacement project (see the chapter on ‘Oversight, supervision and regulation of FMIs’).

Migration of other relevant systems to ISO 20022 in Australia will be a major undertaking for the industry and will involve a number of interdependencies with banks' internal systems. Accordingly, it is important that migration occurs in a coordinated way that is not disruptive for other payments system participants and end users.

A number of ISO 20022 migration projects are underway globally, often as part of larger infrastructure refreshes. SWIFT estimates that by 2025, nearly 90 per cent of the value and 80 per cent of the volume of high-value domestic payments messages worldwide will use the ISO 20022 format.

For example, the Bank of England (BoE) plans to migrate high- and low-value domestic payment systems by 2024, with the aims of improving resilience, strengthening risk management, reducing fraud, and promoting competition and innovation. To meet these objectives, the BoE will introduce a Common Credit Message across its domestic payment systems.

The US Federal Reserve has proposed a plan for the migration of its Fedwire Funds Service (an RTGS system) by late 2023, to be undertaken in three phases: preparing for ISO 20022 migration, including ‘cleaning up’ existing message formats; implementing a ‘like-for-like’ ISO 20022 message (limited to existing content); and then expanding content using the improved data capabilities of ISO 20022. This work will be coordinated with an ISO 20022 migration for the private sector high-value payments system, the Clearing House Interbank Payments System.

The European Central Bank (ECB) is proposing to have a ‘big-bang’ implementation of its consolidated TARGET2 and TARGET2 Securities systems in November 2021. Both systems will use ISO 20022 messaging. The key driver for the project is the consolidation of the two systems, though the ECB has also noted the benefits of ISO 20022 supporting extended remittance information.

Operational Outages in Retail Payment Services

Operational outages in retail payment services that impede the ability of households and businesses to send and receive payments can cause significant inconvenience and disruption. With this in mind, the Bank has for some time collected information on retail operational incidents from banks and other financial institutions that use RITS. This information is used to monitor trends in the reliability of retail payment services, and aggregated data are disseminated via Australian Payments Network (AusPayNet) to allow individual institutions to benchmark their operational performance.[14] Where necessary, the Bank also engages directly with institutions to better understand the nature of major retail incidents and the corrective actions being taken.

The Bank's data show a significant jump in retail operational outages in 2018 following a few years of improved performance (Graph 24, top panel). Higher outage time reflected rises in both the number of incidents and the average duration of incidents (that is, the average time taken to restore services) (Graph 24, bottom panel). Nearly all institutions experienced an increase in outage time in the year. By retail channel, around half of the number of service outages in 2018 occurred in either online or mobile banking, whereas outages affecting card payments accounted for around 10 per cent of the total. Some banks also experienced outages affecting their recently launched NPP services. Annualised data for the first half of 2019 indicate that total outage time remains at an elevated level, with a rise in the number of incidents offsetting a decline in their average duration.

Graph 24
Graph 24 Outages in Retail Payments

The most common reported cause of outages in 2018 was software failures. Both the number of software failures and the average time taken to resolve them rose sharply in the year. The increasing complexity of IT environments, together with problems stemming from legacy systems, seem to be important factors contributing to rises in the number of operational incidents and the time taken to resolve them.

Ultimately, it is in the interests of financial institutions to ensure their retail payment services are reliable. But institutions may not take into account the adverse effects their outages can have on other payment providers and the customers of those providers. Moreover, with the increasing use of electronic payment instruments and the reduction in use of cash, the operational reliability of retail payment services is becoming more critical to day-to-day economic activity. This issue is also receiving closer attention from central banks and regulators in other jurisdictions

The Board is regularly briefed on trends in operational incidents affecting retail payments. At its May meeting, it discussed the recent sharp rise in outages and the case for the Bank to take additional steps to encourage improved operational resilience. To improve transparency, the Board endorsed the Bank working with APRA and the industry to develop a standardised set of statistics on operational outages in retail payments to be publicly disclosed by the individual institutions.

In addition, the Bank will be engaging more with key retail payments providers on operational risks in retail payments and how these issues are being managed. If operational incidents continue to rise, then the Board could consider imposing operational resilience standards, as some other jurisdictions have done.

Regulatory Framework for Stored-value Facilities

SVFs encompass a range of facilities in which pre-paid funds can be used to make payments. The Council of Financial Regulators (CFR) initiated a review of the regulatory framework for SVFs in Australia in mid 2018. The project is being carried forward by a CFR working group, chaired by the Bank and with representation from APRA, ASIC and Treasury. Over the past year, the Board has been regularly briefed on the progress of this CFR work stream and on SVF policy issues more broadly.

The CFR review has the following broad objectives:

  • to identify opportunities to simplify the regulatory framework for SVFs
  • to ensure that the regulation of SVFs does not pose an undue obstacle to innovation and competition, while maintaining appropriate levels of consumer protection and system-wide safety
  • to identify any changes necessary to enable regulation to adapt to recent and prospective developments in the payments market, including those associated with advances in technology and new participants
  • to identify opportunities to improve the ‘competitive neutrality’ of regulation
  • to improve the transparency and clarity of regulation, from the perspective of regulated entities, potential new entrants, and consumers and other users.

The CFR's review addresses recommendations from the Productivity Commission's 2018 Inquiry into Competition in the Australian Financial System and the earlier Murray Financial System Inquiry (FSI). In particular, the FSI viewed the regulatory arrangements for purchased payment facilities (PPF), a type of SVF, as complex and subject to potential regulatory overlap. The Productivity Commission recommended that the CFR review the regulatory framework for PPFs.

In September 2018, the CFR released an issues paper on the regulation of SVFs and invited submissions from interested parties. The consultation received nine written submissions and in November an industry roundtable was convened to discuss the views of stakeholders. Since then, the CFR working group has been developing recommendations on a revised regulatory framework for SVFs. A focus has been on determining an appropriate degree of gradation of the regulatory requirements, taking into consideration the need for adequate consumer protection arrangements. The work is nearing completion – once completed, the conclusions will be provided to the Government for consideration.

Least-cost Routing and Dual-network Debit Cards


Least-cost routing (LCR), also known as merchant choice routing, is an initiative aimed at promoting competition in the debit card market and reducing payment costs in the economy. For merchants, the cost of accepting a debit card payment can vary depending on which network processes the transaction. Dual-network debit cards have access to two networks – the domestic eftpos scheme and one of the two international schemes, Debit Mastercard and Visa Debit. The majority of debit cards in Australia are dual-network, and most payment terminals are able to support contactless functionality for both eftpos and the international schemes. LCR is functionality provided to merchants that allows their contactless dual-network debit card transactions to be routed to whichever network on the card costs them the least to accept.

The Board has long supported the issuance of dual-network debit cards and the provision of LCR functionality to merchants, recognising the benefits they may have for competition and efficiency in the payments system. In recent years, the Black Economy Taskforce, the House of Representatives Standing Committee on Economics and the Productivity Commission have all called for the card acquiring industry to provide LCR functionality to their merchant customers. In May 2018, the Board considered whether formal regulation was required to ensure the provision of LCR functionality to merchants. Based on commitments provided by the major acquirers to develop and roll out LCR functionality, the Board determined that regulation was not required at that time. Over the past year, the Board has been regularly briefed on the industry's progress in providing LCR functionality

Industry progress

While a few smaller acquirers began offering LCR in 2018, progress by the major banks and other acquirers was slower. All four major banks launched their LCR functionality between March and July 2019. There are some key differences in the LCR capabilities offered by acquirers, with some providing a version that enables routing based on transaction size and payment network. This allows routing thresholds for different networks based on the transaction value that maximises merchants' savings from LCR. By contrast, other acquirers have not given merchants this flexibility, reducing the potential cost advantages of routing. In addition, for some acquirers, LCR is not yet available on all the payment terminals they support.

In May, the Board welcomed the industry's progress in providing LCR functionality, but also noted that some acquirers were not actively promoting the functionality to their merchants. The Board noted its expectation that banks would promote this functionality to all their merchant customers. Merchant awareness of LCR is an important factor affecting the degree of downward pressure on payment costs in the economy that can be realised from LCR. This is particularly the case where banks and other acquirers offer LCR to merchants on an opt-in, rather than opt-out, basis, or where they offer LCR only on some merchant payment plans and not others. The Board also stressed that the benefits to competition from LCR should not be prevented by issuers removing networks from dual-network cards.

Competitive pressure on interchange fees

Over the past year, as LCR functionality has been gradually rolled out by banks and other acquirers, schemes have modified their interchange schedules to compete more aggressively for some types of debit card transactions. This has typically taken the form of offering low interchange rates for larger merchants that might be contemplating LCR. All three card schemes have introduced new ‘strategic merchant’ categories for debit transactions, and the international schemes have reduced their debit interchange rates for all strategic merchant categories (Graph 25). Strategic merchant interchange rates are only available to select merchants, typically those with large card payment volumes.

By contrast, there have been increases in interchange rates for some types of debit transactions where LCR is not an option, such as online transactions and transactions made on single-network (proprietary) cards. For example, Mastercard has increased its interchange rate on some online transactions such that an online-only merchant now faces an interchange fee of 15 cents on all non-tokenised card-not-present (CNP) debit transactions, whereas previously these would have attracted lower rates. Visa has reduced the interchange rate for CNP transactions under $30 but increased rates for those above $30 for select non-strategic merchant categories. In the case of eftpos, it has set a higher interchange rate for transactions on its proprietary cards where transactions cannot be routed to another scheme, though these cards account for a low and declining share of debit cards on issue.

Graph 25
Graph 25 Strategic Debit Card Interchange Rates

It is likely that there will be increased adoption of LCR by merchants over the coming period and further actions by schemes to compete for transaction flows at the point of sale. The Board will continue to monitor LCR and the debit market closely, and its forthcoming review of payments regulation (see below) is likely to consider the progress of LCR and examine competition in the debit card market as a whole.

The Bank's Card Payments Regulations

The Bank generally undertakes comprehensive reviews of its regulatory framework for card payments around every five years, guided by the Board's mandate to promote competition and efficiency in the payments system. This timing represents a good trade-off between providing some degree of stability to the regulatory framework and responding to any policy issues that emerge as the market evolves. The last comprehensive review took place in 2015–16, and resulted in changes to the two interchange standards and the surcharging standard. As discussed further below, the Bank undertook a narrow consultation in 2018/19 focused on the specific aspects of the interchange standard dealing with the payment of ‘net compensation’ between card schemes to issuers. This consultation resulted in some changes to the interchange standards that took effect from July. The changes were designed to improve the clarity and operation of the net compensation provision and help minimise compliance burden, but did not change the overall policy approach.

The Board has decided to commence the next comprehensive review of the cards regulatory framework in early 2020, with a view to concluding it by the end of the year. This review will look at how the Bank's standards have been working in practice and will consider a range of issues raised by stakeholders. Based on current information, these may include the level of the interchange fee benchmarks and caps, the transparency of scheme and processing fees, competition in the debit card market, the competitive balance between three- and four-party card schemes and the ‘no surcharge’ rules of buy-now-pay-later services. The Bank intends to publish an issues paper for the review in early 2020 and will consult widely with stakeholders.

Interchange fees

Under the interchange standards, designated schemes must comply with weighted-average interchange fee benchmarks. Compliance is observed quarterly based on transactions in the preceding four quarters. The weighted-average interchange fee benchmark is 0.50 per cent for credit cards, and 8 cents for debit and prepaid cards. These benchmarks are supplemented by ceilings on individual interchange rates: 0.80 per cent for credit cards; and 15 cents, or 0.20 per cent if the interchange fee is specified in percentage terms, for debit and prepaid cards.

In the event that a scheme has exceeded the relevant benchmark, it must reset its interchange fee schedule within two months so that its average interchange fee is below the benchmark (using the transactions of the scheme over the previous four quarters as weights). Schemes can reduce the frequency of required interchange fee resets by setting rates conservatively relative to the benchmark. In practice, however, the international schemes have typically set their credit card interchange schedules in a way that results in upward drift in average interchange rates, and with rates at levels that are as close as possible to the benchmarks.

Card scheme interchange fee resets

In 2018/19, Mastercard and Visa were required to reset their credit card interchange fee schedules in each quarter as their weighted-average credit card interchange fees in each rolling four-quarter period exceeded the benchmark. To bring their interchange fee schedules into compliance, both schemes reduced the rates applicable to ‘premium’ consumer and commercial card categories during the year (Table 5). Mastercard additionally reduced rates on one of its strategic merchant categories, while Visa lowered rates on certain industry categories. Both schemes also introduced new interchange fee categories during the year: Mastercard introduced new categories for tokenised transactions as part of its efforts to promote more secure online transactions, while Visa introduced a rate for business-to-business strategic merchant transactions.

Table 5: Credit Card Interchange Fees(a)
Excluding GST; per cent
Category Mastercard Visa
July 2018 July 2019 June 2018 July 2019
Charity 0.00 0.00 0.00 0.00
Tokenised Contactless 0.80
Tokenised Online 0.18
Consumer Electronic 0.21 0.21
Consumer Standard 0.19 0.19 0.21 0.21
Consumer Premium 0.50 0.49 0.70 0.69
Consumer Super Premium 0.80 0.80 0.78 0.60
Consumer High Spend/High Net Worth 0.75 0.67 0.80 0.79
Strategic Merchant 1 0.18 0.18 0.21 0.21
Strategic Merchant 2 0.23 0.21 0.22 0.22
Strategic Merchant 3 0.25 0.25 0.25 0.25
Strategic Merchant 4 0.30 0.30
Strategic Merchant B2B 0.50
Commercial Executive/Super Premium Business/Corporate 0.80 0.80 0.80 0.80
Commercial/Business 0.70 0.69 0.70 0.69
Business Premium 0.78 0.75
Industry Specific(b) 0.10 0.10 0.25 0.21
Purchasing 0.80 0.80
Recurring Payments 0.10 0.10 0.21 0.21
Mastercard Initiated Rewards 0.00
Benchmark 0.500 0.500 0.500 0.500
Ceiling 0.800 0.800 0.800 0.800

(a) Fees are paid by the acquirer to the issuer, except for transactions involving a cash-out component
(b) Fees applying to Government, utilities, insurance, petroleum/service station, education, and supermarket (Visa only) transactions

Sources: Mastercard; Visa

Weighted-average debit and prepaid card interchange fees remained below the relevant benchmark for all schemes during 2018/19. Although no resets were required for compliance purposes, eftpos, Mastercard, and Visa all made several changes to their debit and prepaid interchange fee schedules through the year (Table 6).

As discussed earlier, some of these changes reflected a competitive response to the rollout of LCR. All schemes introduced new strategic merchant categories and revised their pricing for at least some interchange fee categories relevant to contactless dual-network debit card transactions at non-strategic merchants. Mastercard additionally introduced separate debit categories for tokenised card-present and card-not-present (CNP) transactions, with higher rates applying to non-tokenised CNP transactions; these changes will provide an incentive to merchants to tokenise transactions to reduce fraud risk. Tokenisation of card payments is discussed further in the Technology and Innovation Section.

Table 6: Selected Debit and Prepaid Card Interchange Fees(a)
Excluding GST; cents unless otherwise indicated
Category Mastercard Visa eftpos Proprietary eftpos Multi-network
Charity 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0
Micropayment 2.0
Tokenised Contactless (≤ A$15) 5.0
Tokenised Contactless (> A$15) 15.0
Tokenised Online 8.0
Consumer Standard – Card Present 12.5 5.0 0.20% 0.20% 13.6 11.8 4.5 4.5
Consumer Standard – Card Not Present/Electronic/Digital 12.5 15.0 8.0 8.0 14.5 0.16% 14.5 0.16%
Consumer Premium – Card Present 0.20% 15.0 0.20% 0.20%
Consumer Premium – Card Not Present 0.20% 15.0 0.20% 0.20%
Transit Contactless 6.0
Strategic Merchant 1 2.0 1.0 2.0 1.0 1.8 1.8 0.0 0.9
Strategic Merchant 2 4.5 2.0 4.0 2.0 3.6 3.6 0.9 1.8
Strategic Merchant 3 3.0 5.0 4.0 7.3 5.5 2.7 2.7
Strategic Merchant 4 8.0 5.0 9.1 7.3 4.5 3.6
Strategic Merchant 5 8.0 9.1 4.5
Business Premium 0.20% 0.20% 0.20% 0.20%
Industry Specific(b) 6.0 5.0
Purchasing 6.0 0.20%
Recurring Payments 15.0 6.0 6.0
Mastercard Initiated Rewards 0.0
Benchmark 8.0 8.0 8.0 8.0 8.0 8.0 8.0 8.0
Ceiling 15.0 15.0 15.0 15.0 15.0 15.0 15.0 15.0

(a) Fees are paid by the acquirer to the issuer, except for transactions involving a cash-out component
(b) Fees applying to Government, insurance, transit, service station, education, and supermarket transactions

Sources: eftpos, Mastercard, Payments Australia Limited, Visa

Net compensation

To prevent circumvention of the interchange fee caps and benchmarks, the standards contain a requirement that issuers may not receive ‘net compensation’ from a scheme in relation to card transactions. This requirement is intended to limit the possibility that schemes may use payments and other incentives to issuers (funded by higher scheme fees on acquirers) to effectively replicate interchange fee payments. Schemes and issuers certify their compliance with this requirement annually.

The initial certifications against the net compensation requirement were provided in August 2018 and related to the first reporting period that ended on 30 June 2018. This certification process indicated that the ‘net compensation’ provision was working as intended from a broad policy perspective. However, it also highlighted that there were some issues of interpretation and other areas where minor variations to the standards might be beneficial.

Accordingly, the Bank sought informal views from stakeholders on how the net compensation requirement could be modified to improve its clarity, minimise compliance burden, or otherwise support the operation of the standards, without changing their purpose or substantive effect. In February, the Bank put forward draft variations to the standards for consultation based on this feedback. These variations were later adopted with some modifications made in response to stakeholder feedback, and came into effect on 1 July.

The standards were varied to require the use of an accrual accounting approach in determining net compensation. In addition, the variations clarified the definitions of Issuer Receipts and Issuer Payments, and made it clear that only sponsoring issuers in aggregator arrangements are required to comply with the net compensation provisions.[15] The revised standards also included transitional arrangements to provide issuers with the flexibility to choose which version of the standards to certify against for the 2018/19 reporting period. All entities will be required to comply with the varied standards in subsequent reporting periods.

Companion card arrangements

Under the interchange standards, interchange-like payments and net compensation payments from the scheme to issuers under American Express companion card arrangements are subject to equivalent regulation to those that apply to the Mastercard and Visa credit card systems. Since the relevant part of the standards came into effect in 2017, the four major banks have each ceased issuance of their American Express companion card products. Accordingly, American Express has requested that the Bank revoke the designation of the American Express Companion Card Scheme. The Bank expects to consider this issue as part of its next comprehensive review of card payments regulation. In the meantime, the Bank has provided a letter to American Express setting out a reduction in reporting requirements for periods where there are no companion cards on issue.


The Bank's surcharging standard, which was revised in 2016, protects the right of merchants to impose a surcharge on payments made using cards from designated schemes, but limits the amount of any surcharge to what it costs the merchant to accept a card payment within each scheme. In addition, acquirers and payment facilitators are required to provide merchants with easy-to-understand information on the cost of acceptance for each designated scheme to help merchants in decisions regarding surcharging. These requirements are complemented by powers given to the ACCC to monitor and enforce the ban on excessive surcharging.[16]

The ACCC has indicated that there has generally been good compliance with the surcharging framework, particularly by large merchants. However, the ACCC has investigated a large number of complaints of alleged excessive surcharging and has taken formal enforcement action against five businesses since the excessive surcharging provisions took effect in September 2016.

Payment Card Fraud

Bank staff regularly brief the Board on developments in payment card fraud in Australia, consistent with the Board's mandate to promote an efficient payments system. As noted in the chapter on ‘Trends in Payments, Clearing and Settlement Systems’, there has been a high and rising level of fraud in CNP transactions over recent years, associated with the rise in online commerce. Fraud imposes significant costs on merchants and other participants in the payments system, and can undermine confidence in the security of electronic payments. For this reason, the Board has identified CNP fraud as a priority issue for the industry to address.

In recent years, the industry has been pursuing various initiatives to tackle the rise of CNP fraud. This includes initiatives focused on protecting sensitive card data from being stolen, including by upgrading security where merchants hold card data, tokenizing card details (replacing card information with unique digital identifiers in transactions) and improving fraud detection tools (such as those that allow for real-time fraud identification).

In addition, the industry, led by AusPayNet, has recently developed a coordinated framework aimed at reducing CNP fraud. The framework, which came into effect in July 2019, requires issuers and acquirers to meet minimum requirements to authenticate online CNP transactions and to keep fraud rates below industry-agreed benchmarks. A key feature of the framework is a requirement for strong customer authentication (SCA) in CNP transactions acquired in Australia when merchants and issuers consistently exceed certain specified fraud thresholds. SCA involves verifying that the person making the transaction is the actual cardholder using two or more independent authentication factors drawn from: something that only the customer should possess (e.g. a card or mobile device); something only they should know (e.g. a PIN or password); and something the customer is (e.g. a biometric feature such as a fingerprint).

Under the framework, certain ‘low risk’ transactions are exempted from SCA requirements, including recurring transactions, digital wallet transactions, and ‘trusted’ customer transactions (where the customer has previously been authenticated by the merchant). Acquirers are responsible for monitoring and reporting on merchant fraud rates and ensuring merchant compliance with the framework. Issuers also have responsibilities to facilitate SCA for online CNP transactions when their fraud rates exceed specified issuer thresholds. The framework has been incorporated into a self-regulatory code governed by AusPayNet, and breaches of the requirements by issuers or acquirers can result in mandatory SCA for all CNP transactions and possible fines.

The Board has strongly supported the industry's development of the CNP fraud mitigation framework and Bank staff will be closely monitoring the implementation of the framework and its impact on CNP fraud. Under the framework, issuers and acquirers must report to AusPayNet on fraud rates and fraud rate breaches; the first data for the June quarter 2019 were provided in mid July. Over time, as SCA becomes more common and familiar to cardholders, there may be scope to reduce the thresholds for mandatory SCA in order to put further downward pressure on CNP fraud. The Bank will continue to monitor trends in payment fraud and will consider whether there are any other actions it can take to help facilitate or encourage industry initiatives to address payment security.

AusPayNet's framework is similar to standards that will come into force in Europe in September 2019 under the revised EU Payment Services Directive 2 (PSD2).[17]

The European standards are less flexible and stricter than the AusPayNet requirements, with SCA required for all CNP transactions (subject to certain exemptions, such as low-value transactions under €30), rather than only being required in response to continued breaches of fraud thresholds. International transactions – those involving either an issuer or acquirer located outside Europe – are not subject to PSD2 SCA requirements.

Digital Identity

The Board has strongly supported work led by the APC to facilitate development of digital identity services in Australia, given the potential for these services to deliver significant security and efficiency benefits for Australia's increasingly digital economy. In June, the APC reached a significant milestone by completing the first version of a ‘TrustID’ digital identity framework. The Bank, in its capacity as an APC member, was involved in the development of the framework and, along with other participants, helped fund the project.

The TrustID framework sets out various requirements to facilitate the emergence of an interoperable network of competing digital identity solutions in Australia. The framework is designed to allow individuals to establish their digital identity online with a preferred service provider and then to use those credentials to prove who they are when interacting online with businesses, including when making online payments. In addition to potentially reducing fraud, it is anticipated that digital identity services will emerge that will improve the convenience and security of many online interactions, enhance privacy and data security, and reduce costs related to identifying customers, such as those associated with ‘know-your-customer’ processes.

The APC has worked with the Government's Digital Transformation Agency (DTA) to ensure that the TrustID framework is compatible with the DTA's Trusted Digital Identity Framework (TDIF), which establishes the requirements for participation in the Government digital identity system currently under development. For example, the intention is that a digital identity established by a private sector provider under the TrustID framework will eventually be able to be used to access Government services, and vice versa.

The Board has been encouraged by the APC's progress in developing the overarching framework for digital identity, and looks forward to participants continuing to collaborate, where necessary, on its development. The Board is also hoping the framework will spur the launch of digital identity solutions in the Australian market that can start to address some of the challenges of identity verification in a digital economy.

Declining Cash Use

Cash use in Australia has been declining for some years now and so the Board has considered the drivers of this trend and the policy issues that might arise if it continues. The shift away from the use of cash to electronic payment methods for everyday transactions has been occurring because many Australian households and businesses are increasingly finding that electronic payments are better meeting their payment needs. To date, there are no indications that the shift reflects merchants no longer accepting cash or banks no longer providing households and businesses with appropriate access to cash.

In assessing the potential policy issues related to cash access and use (including those related to the ATM system, discussed below), the Bank has drawn on insights from developments in other countries. The issue is particularly relevant in Sweden and Norway where the decline in cash use for everyday transactions is significantly more advanced than elsewhere. The authorities in these countries are concerned about the speed of the shift away from cash and have been considering policy responses, in part to avoid a situation where parts of the population wish to continue to use cash but are unable to do so because of the withdrawal of infrastructure around cash distribution and use. In Norway, the Government has introduced legislation to require banks to provide cash services to customers, and similar requirements have been proposed in Sweden. Sweden's central bank is also considering issuing an e-krona to ensure that, in the event that cash disappears as a payment method, households and businesses continue to have access to a form of central bank money, to provide competition for privately provided payment methods, and to increase the resilience of the payments system.

In the United Kingdom, the United States and New Zealand, where transactional use of cash is still significantly higher than in the Nordic countries, authorities are also considering potential policy responses to declining cash use. In the United Kingdom, the Chancellor of the Exchequer has announced a Joint Authorities Cash Strategy Group, comprising the country's financial sector regulators, to ‘consider how best to ensure access to cash for those who need it’. In the United States, authorities in San Francisco, Philadelphia and New Jersey have banned cashless stores, citing discrimination against low-income consumers who may not have access to credit or debit cards. Closer to home, the Reserve Bank of New Zealand released an issues paper earlier this year on the Future of Cash Use, and will be leading a review of the cash distribution system in the context of expected further declines in cash use.

Issues in the ATM System

In addition to considering the broad policy issues that could emerge in the future in relation to cash access and use, the Board has continued to focus on a number of issues relating specifically to the ATM industry. The number of ATMs in Australia has declined further over the past year, as a number of banks and other deployers have continued to rationalise their ATM fleets. The rationalisation reflects the changing economic incentives of owning and operating ATMs in an environment of declining cash use for transactions. The 2017 decision by many banks to remove their ATM fees further strengthened the incentives for these deployers to reduce or consolidate their fleets. Notwithstanding the reduction in the number of ATMs, recent analysis by Bank staff suggests that the vast majority of Australians currently have good access to cash withdrawal and deposit services through bank branches, ATMs and Australia Post ‘Bank@Post’ facilities (See Box A).

Further consolidation or fleet rationalisation may be warranted as a way to improve the efficiency and sustainability of the ATM industry, though policy concerns could arise if there was a significant decline in ATM coverage that made it difficult for people to access cash, particularly in remote or regional locations. The Bank is aware that some bank deployers have been considering the possibility of pooling their off-branch ATM fleets into some form of jointly owned or outsourced utility. The Bank has indicated that it would have an open mind to arrangements such as these if they help to sustainably maintain broad ATM coverage.

During the past year, the Bank has also continued to engage with ATM industry participants on the future of the ATM access reforms that were introduced in 2009. The reforms were designed to increase competition in the ATM industry by making it easier for new deployers to establish the bilateral connections that were required at that time to become a direct participant in the ATM network. The reforms were also designed to make the pricing of ATM transactions more transparent by allowing ATM owners to set their own fees and compete directly for transactions. These aims were achieved through a combination of an ATM Access Regime imposed by the Bank and an industry-administered ATM Access Code

There have been a number of changes in the ATM industry over the past decade that are relevant to the question of whether the current access framework should be maintained. One of these is the development of ATM network switches and other hub-based infrastructures that have reduced the reliance on bilateral connections and made it easier and cheaper for new entrants to join the ATM system without necessarily having to establish bilateral connections with all other direct participants. Another is the decline in the use of ATMs associated with the reduced use of cash for transactions, which has recently prompted many deployers to begin rationalising their ATM fleets. While there may be further changes in the structure of the ATM industry over the next few years, possibly associated with the establishment of an ATM utility or banks outsourcing their ATM fleets, it seems less likely that there will be new entrants wishing to join an industry that is more likely to shrink than expand in the future. The policy rationale for focusing on ATM access is therefore likely to shift from encouraging competition from new entrants to ensuring that the existing industry structure is able to adapt in a way that will promote the efficient and sustainable provision of ATM services across the country.

Against this background, the Bank has recently consulted with industry participants on the future of the ATM Access Regime and Access Code. The Board has previously indicated that it would be open to the possibility of removing the Access Regime if the industry was able to demonstrate that it could deal with any remaining access concerns on its own. While a number of participants supported removal, some others preferred to keep the Access Regime in place for the time being, mostly because it is seen as supporting the ability of existing participants to retain or change their direct bilateral connections on fair and transparent terms. Without the Access Regime, there is a risk that participants might be forced to change how they connect in ways that could undermine competition or that it could become more difficult for the industry to adapt in ways that might help support the sustainable provision of ATMs. The Board discussed these issues at its August meeting and agreed that while the policy case for retaining the ATM Access Regime was not as strong as when it was introduced, the Access Regime still served a useful purpose in ensuring reasonable access to the ATM network in an environment where there is no single centralised connection hub.

Accessibility of Retail Payments

During the past year, the Board has considered a number of issues associated with the impact of new technologies on the accessibility of retail payments. A particular focus has been on the challenges that people with vision and/or motor impairment face when using payment devices that require PIN entry on a touchscreen without physically distinguishable keys. Devices such as these have become more common in recent years as they offer enhanced capabilities for merchants and an improved user experience for the majority of cardholders. However, given the accessibility challenges they raise, the Bank has welcomed the work of AusPayNet in developing best practice accessibility guidelines for payment terminals. These guidelines recommend that all touchscreen terminals incorporate an accessibility mode and they describe a number of common features that accessibility modes should incorporate. While the guidelines do not specify a single approach to accessibility, they are aimed at encouraging a more consistent experience for people with vision and/or motor impairment. Over the longer-term, the wider adoption of mobile devices with biometric authentication technologies (such as fingerprint or facial recognition incorporated into smartphones) could also help overcome some of the accessibility challenges posed by touchscreen terminals. As the use of cash continues to decline, the Board believes it is important that all Australians have access to convenient and secure electronic payment methods. The Bank will continue to monitor how the payments industry deals with accessibility challenges of touchscreen payment terminals and any other accessibility issues that may arise.

Technology and Innovation

The Bank monitors developments in technology and innovation relevant to the payments system, and staff periodically brief the Board on these developments and their implications for safety, efficiency and competition in the payments system. Some of these developments were discussed in the chapter on ‘Trends in Payments, Clearing and Settlement Systems’. Over the past year, the Board has considered a number of policy issues related to technology and innovation in the payments system.

To inform its work on innovation in payments, the Bank regularly engages with a range of industry participants, including potential new entrants, representatives from industry groups and technology providers. The Bank also engages with other domestic regulators in relation to payments innovation, both informally and through formal channels. For example, the Bank is an observer on ASIC's Digital Finance Advisory Panel and chairs the CFR Regulatory Perimeter Working Group. The Bank also chairs a CFR Working Group on Distributed Ledger Technology (DLT) with representatives from ASIC, APRA, Treasury and AUSTRAC. The Bank regularly communicates with other central banks about their work in the area of payments innovation, and participates in relevant work streams of the international standard-setting bodies. For example, the Bank is a member of a Committee on Payments and Market Infrastructures (CPMI) Working Group on Digital Innovations, and a member of the Financial Stability Board's Financial Innovation Network, which considers the financial stability implications of financial sector innovations, such as those related to crypto-assets and the involvement of big technology companies (‘BigTech’) in financial services.

Innovation in card payments

Over recent years, the ways in which consumers can initiate payments over the card networks has expanded. While in the vast majority of cases, card transactions still involve tapping or dipping a physical plastic card, transactions that use card credentials stored electronically on mobile devices such as smartphones are becoming more popular. This trend is likely to continue over the coming years as more card issuers in Australia are beginning to support the use of their cards in third-party digital wallets like Apple Pay. Wearable payment devices – including smart watches, rings and bracelets – have further expanded the range of devices through which card payments can be initiated. The take-up of these new payment options may reflect the additional functionality, convenience and/or security they offer relative to physical plastic cards. These developments may also have implications for competition in the card payments system. For example, competitive pressure in the debit card market would be weakened if only one network from dual-network debit cards was able to be provisioned in a digital wallet. More generally, the Bank has indicated that it would be concerned if, as plastic cards are supplemented by a variety of other means of accessing a customer's account, any actions are taken by schemes or scheme participants that have the purpose or effect of diluting or preventing competition between networks, by removing choices previously available to cardholders and merchants.

The international card schemes have also introduced a number of innovations aimed at improving the security of online (card-not-present) transactions, including expanding the use of their tokenisation services to online transactions. In this context, tokenisation refers to the process of replacing sensitive card data (such as the number on the front of a card) with another number, referred to as a token, which may only be able to be used in certain circumstances (for example, at a specific merchant). During a payment authorisation, the token is converted back to the card information by a ‘token service provider’, usually provided by the card scheme. In an online context, this can improve security by allowing merchants to only store tokens rather than actual card details. If the tokens are stolen, they are less likely to be able to be used fraudulently. Besides the international card schemes, a number of other entities in the card payments ecosystem (such as payment gateways) provide tokenisation services. The Board is supportive of industry efforts to improve payments security and reduce fraud. However, similar to other innovations in payments, tokenisation – particularly when provided by a scheme and not interoperable with other networks on a card – can potentially have implications for competition in the payments system. In March, the Bank reminded industry participants that it would be concerned if scheme rules or policies on tokenisation limited the ability of merchants to choose to route card-not-present transactions through their preferred network.

New entrants and new business models

As noted in the ‘Trends in Payments, Clearing and Settlement Systems’ chapter, new players and new business models are changing the payments landscape. These include the emergence of ‘buy now, pay later’ (BNPL) services, the growth of mobile wallet applications and the associated increased use of mobile devices like smartphones for payments, and the entry of new tech-focused firms into the international money transfer sector.

The Bank will consider the policy implications associated with the growth of new entrants and new business models as part of the forthcoming comprehensive review of card payments regulation (see above). For example, BNPL services are relatively expensive for merchants to accept and they usually restrict the ability of merchants to apply a surcharge to pass on these costs to the customers that directly benefit from the service. Accordingly, an issue for the Bank is whether policy action in relation to these no-surcharge rules should be considered.

A number of other jurisdictions have begun, or are also planning, to review aspects of their regulatory arrangements in response to recent changes to the payments landscape, including the emergence of new business models and non-traditional participants. In June, the Bank of England (BOE) published the Future of Finance report, which recommended that UK payments regulation should be reviewed in light of the potential risks posed by new entrants (particularly technology companies) with new business models to the industry. The UK Chancellor endorsed this recommendation and announced a Treasury-led Payments Strategy Review that will evaluate: the appropriateness of the regulatory framework; how to ensure effective supervision of the overall payments value chain; the role of data-sharing between platforms and payment companies; and ways to reduce fragmentation and complex regulation in the United Kingdom. In Canada, the Government has proposed legislation to implement a new retail payments oversight framework that would require payment service providers to establish operational risk management practices and to protect users' funds against losses. In Singapore, a new Payment Services Act was passed in early 2019 that is intended to account for new developments in payment services and their risks. Broadly, the new legislation gives the Monetary Authority of Singapore (MAS) the power and responsibility to oversee payment systems and to license and regulate payment service providers. The legislation also expands the scope of regulatory supervision to crypto-assets (‘digital payment token service’), stored-value facilities (‘e-money issuance service’) and exchange services (‘money-changing services’). The MAS has been consulting on the regulations it will issue under this legislation, with the regulations expected to take effect later this year.

Access to Exchange Settlement Accounts

The Bank's policy on access to Exchange Settlement Accounts (ESAs) was liberalised in 1999, including to allow non-ADI providers of third-party payment services to apply for an ESA to settle clearing obligations with other providers. A small number of non-ADI payment service providers (PSPs) currently have ESAs. In recent years, a number of other central banks have also extended settlement account access to non-bank PSPs, but in most cases access is only available to entities that are regulated by a relevant supervisory authority within the central bank's jurisdiction.

In recent years, developments in technology have allowed a wider range of non-ADI entities (including ‘fintechs’) to compete directly with banks in the payments system. As a result, the number of entities applying for or enquiring about ESAs has increased. Given this increased demand, the Bank recently reviewed its ESA Policy and determined that a range of changes would be appropriate to provide more information about the eligibility requirements and application process, including the risk management criteria applicants would be required to meet. In July, the Bank published its updated ESA Policy. The main changes to the Policy include:

  • requirements for an applicant to demonstrate an adequate understanding of the liquidity management, operational and business continuity requirements for operating an ESA, including the impact that the applicant's operational, liquidity and business continuity arrangements have on other RITS members
  • a requirement for an applicant's description of its business model to include a complete and accurate description of the types of customers it has and the types of activity that it provides payment services for. In addition, the application must include an attestation that the applicant complies with all applicable laws in Australia and in any other jurisdiction in which it provides payment services
  • a provision for the Bank to commission a report relating to the conduct and standing of the applicant, or its directors, key management personnel, shareholders or other related entities
  • that as part of the application process, or as a condition of approval, the Bank may require an applicant to obtain, at its own cost, a report from an independent expert approved by the Bank assessing the applicant's policies and procedures related to sanctions and AML/CTF, and the applicant's compliance with sanctions and AML/CTF legislation and other regulatory requirements
  • that the Bank retains the discretion to decline an application where, in its view, the provision of an ESA would adversely affect the reputation of the Bank.

These changes seek to ensure that the ESA Policy continues to promote competition in the market for payment services by providing access to ESAs for non-bank PSPs, while also ensuring that operational, liquidity and other risks are appropriately managed. Additional changes to the ESA Policy were also made in relation to the requirements for clearing and settlement facilities; these are discussed in the ESA policy section of the ‘Oversight, Supervision and Regulation of Financial Market Infrastructures’ chapter.

The Bank's Innovation Lab

In late 2018, the Bank established a small in-house Innovation Lab as a way to engage with and improve understanding of new and emerging technologies that are relevant to its policy and operational responsibilities. The Innovation Lab will help the Bank to more efficiently and rapidly build knowledge and capabilities in emerging technology areas and to respond more nimbly to changing technology trends and priorities. The intention is that the Innovation Lab will be used for targeted and relatively short-duration research ‘projects’ or experiments. For example, the Innovation Lab has been used as a dedicated space for a cross-functional team to collaborate in the Bank's continuing research on central bank digital currencies (CBDC).

The Bank has been exploring whether there is a role for a digital Australian dollar (that is, an Australian CBDC) in the context of its responsibilities for issuing the currency and overseeing the payments system. As has been discussed on other occasions, the Bank does not presently consider that there is a strong case to issue a digital currency for retail (or household) use. There are a range of safe and convenient electronic payment methods already available to households, with the NPP now providing additional capabilities, and it is not clear that there would be strong demand for a CBDC as a means of payment. However, the Bank has been exploring some of the technological and policy implications of a wholesale settlement token based on distributed-ledger technology that could be used in transactions between financial institutions and other wholesale market participants.


The Bank also monitors market developments in relation to private crypto-assets. As noted in the chapter on ‘Trends in Payments, Clearing and Settlement Systems’, Bitcoin and the large number of crypto-assets that have launched after it have not become widely used as a means of payment for a number of reasons, including the volatility of their prices. Recently, there was an announcement from Facebook and a consortium of other organisations including Visa and Mastercard that they were planning to launch a ‘global cryptocurrency’ called Libra.[18] Facebook also announced the establishment of a subsidiary called Calibra that is intended to provide payments services for Libra, and which would give it the potential to access Facebook's 2.4 billion users worldwide, including 15 million active users in Australia. While Facebook is planning for Libra and Calibra to launch in 2020, it is not clear how realistic this is given that various technical, operational and regulatory issues still appear to be unresolved.

In August 2019, the Board had a preliminary discussion of the potential policy and regulatory implications that may arise from the launch of a crypto-asset like Libra and services related to it. The Board noted that there was only a limited amount of information available on the proposed crypto-asset. These issues are also being discussed by other regulators at both a national and international level, and the Bank is participating in a number of cross-regulator discussions. The Bank will continue to monitor developments in relation to Libra and work with other regulators to identify and address any policy issues that may arise. The Board noted that any policy issues identified by Australian regulators are likely to overlap with those raised by regulators in other jurisdictions, and that accordingly, the proposal – and any others of a similar nature –will be subject to considerable scrutiny ahead of any launch.


NPP Australia Limited is the company that owns and operates the NPP. For more information, see: NPP Functionality and Access Consultation: Conclusions Paper. Available at <https://www.rba.>. [13]

The Bank also monitors incidents where retail payment services are disrupted across numerous financial institutions at the same time – for example, because of an outage in centralised payments infrastructure or at common service providers (e.g. telecommunications networks). These types of incidents are not currently included in the Bank's data collection. [14]

Aggregator arrangements are those in which an aggregator, also known as a sponsor, has a direct relationship and contract with a scheme and handles particular scheme-related services and obligations on behalf of a number of (typically) smaller financial institutions. [15]

For an overview of the surcharging framework see: Dark C, C Fisher, K McBey and E Tellez (2018) ‘Payment Surcharges: Economics, Regulation and Enforcement’ RBA Bulletin, December, viewed 16 August 2019. Available at <>. [16]

The European Banking Authority has allowed that, on an exceptional basis and to avoid unintended negative consequences, national authorities may grant limited extensions to the implementation deadline to give some firms, such as e-merchants, more time to prepare for the new rules. Extensions have been granted in a number of countries including the United Kingdom and France. [17]

Some crypto-assets are commonly referred to as cryptocurrencies. This is often the case where the crypto-asset has been designed to be used for payments. However, it should be noted that, while commonly used, the term cryptocurrency is not the best descriptor as ‘currency’ is often thought as being synonymous with money and no cryptocurrencies currently have the key attributes of money. [18]