Last week, the Australian Competition and Consumer Commission (ACCC) unveiled a proposal seeking public feedback on a draft determination aimed at enhancing payment security in the country. This initiative focuses on allowing the payments industry to work together in transitioning to a more robust encryption standard for card payments, with the ACCC considering authorization for an eight-year period.
A Necessary Evolution for Payments Security
At the heart of this proposal is the need to replace the outdated Triple Data Encryption Standard (TDES) currently utilized across Australia’s card payment systems. The ACCC is advocating for a switch to the more advanced Advanced Encryption Standard (AES). While TDES remains functional for the time being, AES offers significant advantages: it is recognized as quicker, more efficient, and inherently more secure. As cybersecurity challenges continue to grow, this upgrade is becoming increasingly critical for safeguarding cardholder data in the medium to long term.
The proposal has been championed by AusPayNet, the self-regulatory body representing issuers and acquirers within the card payments landscape in Australia. Should the ACCC grant this authorization, it would facilitate industry stakeholders in developing coordinated strategies and information sharing, leading to a more seamless and unified transition toward AES.
Balancing Public Benefit and Competition
The ACCC acknowledges that while the transition to AES will likely progress naturally, a coordinated approach could significantly quicken the migration process. Without such collaboration, various payment providers might take divergent paths, potentially delaying rollouts or resorting to temporary updates to TDES with “key blocks” to sidestep penalties.
The commission has recognized distinct public benefits that stand to be gained from this transition. A unified approach could lead to faster and more efficient upgrades, ultimately enhancing security for cardholders across Australia. The ACCC assesses the risks associated with diminished competition or inflated costs as negligible, noting that most updates to point-of-sale systems would unfold as part of usual replacement cycles. Moreover, adopting AES wouldn’t require reissuing cards or necessitate significant changes to the consumer experience.
A Window for Public Engagement
The ACCC is currently inviting comments from stakeholders and the general public until August 29, after which it will make a final determination. This public consultation aims to ensure transparency in the regulatory reform process, encouraging a diverse range of views on the proposed plan.
This draft determination supports a broader trend of regulatory backing for significant industry initiatives. Earlier, in December 2024, the ACCC granted interim authorization to AusPayNet for preparatory activities related to phasing out the cheque system. This interim authorization later became finalized in July 2025, extending until the end of 2029 or beyond.
Additionally, a separate authorization issued in August 2025, concerning the future of account-to-account payment infrastructure coordination, continues to be in effect until January 31, 2027.
Regulatory Oversight Meets Collaborative Innovation
The ACCC’s strategy of blending regulatory oversight with cooperative efforts signals a clear intention to maintain Australia’s payment infrastructure’s security and resilience in an age of growing digital threats. As the landscape of payment processing evolves, these proactive measures aim to ensure that the Australian payments ecosystem remains secure for both businesses and consumers.
As the ACCC navigates these changes, the focus on collaborative frameworks will be essential in fostering an environment where security can evolve alongside technology and threats.
