Visa to introduce botnet detection requirement

Visa has announced it will require Australian e-commerce payment providers to invest in botnet detection capabilities by October next year.

The new requirement is aimed at helping Australian businesses combat payment fraud involving enumeration attacks — a criminal practice where fraudsters use automation to test and guess payment credentials by using large botnets.

Visa Head of Risk for Asia Pacific Joe Cunningham said Australia is the first country in which Visa is introducing a botnet detection capabilities requirement, in response to a surge in attacks seen over the last 12–18 months.

“Botnet detection is now critical in protecting sellers from malicious cyber attacks and we will work together with a seller’s acquiring bank or payments gateway to ensure that whichever entity is closest to their online checkout page has the right controls in place. It’s a whole-of-ecosystem effort,” he said.

Botnet detection controls can include restrictions on the number of transactions that can be processed by the merchant from a single card per minute, scans for anomalies in shopping cart data, blocking accounts after a number of failed login attempts, and the introduction of CAPCHAs.

Cunningham said research conducted by YouGov for the company found that while 45% of Australian consumers find CAPTCHA-style tools annoying when they shop online, over three-quarters (76%) support the use of the technology if it means keeping their online payments secure.

Image credit: ©stock.adobe.com/au/beebright