In a forward-looking proposal introduced last week, the Australian Competition and Consumer Commission (ACCC) has invited public submissions on a draft determination that would permit the payments industry to coordinate its migration to a more robust encryption standard for card payments. The agency, through this authorization, is considering granting the approval for a period of eight years.
A Necessary Evolution for Payments Security
The move centres on replacing the ageing Triple Data Encryption Standard (TDES)—currently used across Australia’s card payments ecosystem—with the more advanced Advanced Encryption Standard (AES). The ACCC noted that while TDES remains serviceable in the short term, AES is widely regarded as faster, more efficient, and intrinsically more secure. This encryption standard is essentially a medium-to-long-term necessity as cybersecurity threats evolve.
AusPayNet, the self-regulatory body representing issuers and acquirers in Australia’s card payment systems, has spearheaded the proposal. The authorization, if granted, would pave the way for industry participants to enter into agreed arrangements and share relevant information to oversee a smoother, more unified transition.
Also read: Credit Card Fraud: How To Protect and Prevent From Theft
Balancing Public Benefit and Competition
The ACCC acknowledges that while the migration to AES would almost certainly occur organically, such coordination could greatly accelerate the process. Without it, different providers might pursue varying paths potentially delaying implementation or focusing on upgrading to interim TDES standards with “key blocks” instead, as a means to avoid penalties.
In its assessment, the ACCC identifies clear public benefits: a quicker, more efficient migration, leading to enhanced security for cardholder data across the nation . Conversely, the ACCC judges that the risk of harm, such as reduced competition or increased costs—would be minimal. Most upgrades to point-of-sale terminals, for example, would occur naturally through replacement cycles and AES adoption would not necessitate reissuing cards or altering consumer experience.
A Window for Public Engagement
The ACCC’s current call for comments runs until August 29, after which a final determination will be made. Stakeholders and the broader public are encouraged to weigh in on this proposal, ensuring transparency remains at the heart of regulatory reform.
This proposal builds upon a broader pattern of regulatory support for industry initiatives. Earlier, in December 2024, the ACCC granted interim authorization to AusPayNet for preparatory work tied to winding down the cheque system. That authorization eventually became final in July 2025, extending until end-2029 or beyond.
Moreover, a separate authorization granted in August 2025, covering coordination around the future of account-to-account payment infrastructure, remains in force until January 31, 2027.
The ACCC’s approach of merging regulatory oversight with collaborative pragmatism signals a deliberate shift toward ensuring Australia’s payments infrastructure stays secure and resilient, even as digital threats burgeon.
