In a statement, Visa said payments leaders CyberSource, Adyen, Rambus, G+D Mobile Security, SecureCo, Ezidebit, eWAY and Bambora had agreed to roll out the technology needed to use COF which makes storing card details, like account numbers and expiry dates, each time a purchase is made, unnecessary.
The statement said COF tokenisation would replace card details with unique digital identifiers ("tokens") that were used for payment without exposing a cardholder’s sensitive information.
Each token is merchant-specific and therefore can only be used with the merchant where it is stored.
“The collective commitment to drive tokenisation across the industry represents a win for Australian merchants, consumers, financial institutions and payments companies alike," said Matt Wood, Visa’s Head of Digital Product and Partnerships for Australia, New Zealand and South Pacific.
"This technology enhances the customer experience, enables greater conversion and loyalty for merchants, and protects against fraud.”
The Visa statement said COF tokenisation enabled vending outlets to update consumer payment details instantly when a card was lost, stolen or expired.
It cited a survey by YouGov that showed about a third (30%) of Australians took more than a fortnight to update their details when they lost a card or when it expired. Twelve percent took more than a month to do this.
Commenting on the Visa move, security firm Secureworks senior researcher Alex Tilley said the decision to limit the personal and card information that could be stored by companies was a welcome step.
"The drastic increase in fraudulent charges across Australia over the past two years indicate the current setup of PCI-DSS has potentially not been as successful as hoped in making sure companies were encrypting consumers' data while it was in transit and at rest," he said.
While there is no way to completely end credit card and identity theft - and hackers will no doubt search for new ways to get around these tokens - it’s a good sign of intent that Visa is serious about protecting users sensitive data.
“Online technology used for card not present transactions, coupled with the already successful emv (chip and pin) implementation for card-present transactions mean that credit card security is moving in the right direction.
"The concern is, if merchants or consumers do not use all security features available they can find themselves or their customers are still at risk of credit card fraud.”