The Weekly Cybers #77
RBA calls for an end to card payment surcharges, Meta reckons its AI needs our personal information to understand Australians, and much more.
18 July 2025
Welcome
We’re just days away from parliament returning from the winter break for what is traditionally called the spring sitting, and for me it feels like the calm before the story.
Meanwhile the media focus has been on the PM’s visit to China and the controversial plan to combat antisemitism — both of which are outside the scope of this humble newsletter. Yes, The Weekly Cybers is all about digital policy here in Australia and related matters.
So while the RBA wants to make some big changes to how we pay for things, this week I’m almost entirely linking to other people’s explanations of a whole raft of stories.
Ban card payment surcharges: RBA
The Reserve Bank of Australia (RBA) has called for an end to payment surcharges on eftpos, Mastercard, and Visa cards.
“Consumers currently pay around $1.2 billion in card surcharges each year,” the bank said in a media release on Tuesday.
“Surcharging is no longer achieving its intended purpose of steering consumers to make more efficient payment choices: avoiding surcharges has become harder as cash usage has declined, businesses are increasingly charging the same surcharge rate across debit and credit and there are significant challenges with enforcing the current surcharging rules.”
The RBA has released a consultation paper as part of its review of merchant card payment costs and surcharging. Submissions close 26 August.
The Conversation has a handy explainer.
New business offers flat monthly rate payment processing
A new Australian company, QwikPay, is now offering businesses a mobile device-based payment processing system for a flat monthly subscription starting at $39.99, rather than the usual per-transaction fees and dedicated hardware.
“The new tech is built on PayTo and PayID infrastructure and part of the global shift away from transaction fees,” says the company’s media release, which I couldn’t immediate find online.
However it does include the words “game-changing”, “most disruptive”, “eliminate the friction”, “next-generation”, “completely transform”, and “completely transparent”. So exhausting!
“Consumers pay securely by scanning a QR code,” they say.
Your writer notes that using a mobile device rather than dedicated hardware — a device which may well be being used for all manner of other purposes — has the potential to open up some new cyber attack vectors, but that is not analysis. Just something to think about.
NEW PODCAST: Any moment now, Donald Trump might cancel AUKUS, the massive defence agreement which among other things would see Australia buying eight nuclear-powered submarines. We still don’t know what’s happening. But do we need it? Sam Roggeveen head of the Lowy Institute’s International Security Program, thinks not. Listen to The 9pm AUKUS and the Echidna with Sam Roggeveen, under The 9pm Edict in your podcast app of choice.
Also in the news
- I mentioned Jillian Segal’s controversial plan to combat antisemitism last week. Since then there’s been quite a bit of news coverage, but so far it’s mostly about the politics of definitions and broader issues, rather than anything which affects digital policy. At least at this stage. But I’ll definitely keep an eye on it.
- Australia will establish a cyber reserves workforce for the Australian Defence Force by early 2026, reports Cyber Daily.
- Meta has argued that it needs Australians’ personal information so its AI can learn Australian “concepts, realities, and figures”. This was part of their submission (PDF) to the Productivity Commission inquiry into harnessing data and digital technology, which is due to report by the end of this year. The Privacy Commissioner does not agree.
- From ABC News, an Australian beautician’s Instagram account was permanently disabled because an image she posted was falsely classified as child exploitation material. An appeal was unsuccessful — but the account was back up soon after the ABC got in touch.
- The government is continuing to advertise and post on X despite the platform’s AI chatbot going all Nazi last week.
- From iTnews, “Victoria Police has incorporated generative AI into a self-service non-urgent crime reporting tool to summarise information in a way that frontline officers are accustomed to receiving it”.
- Clive Palmer’s Trumpet of Patriots and United Australia political parties were hit with data breach last month, as first reported by Crikey ($). Trumpet of Patriots said it was “impracticable to notify individuals”, because they don’t seem to know what data they held.
- Bunnings wants privacy laws changed so it can reintroduce facial recognitions in its stores.
- Australia has adopted AS IEC 62443 as its national cyber security standard to protect critical infrastructure.
- Are you a communications services e provider? The Critical Infrastructure Security Centre (CISA) has finally released its Telecommunications Security Risk Management Program (TSRMP) Rules 2025, which is handy because “responsible entities of telecommunications assets” only have until 4 October to become compliant.
- Telstra says its network upgrade funds are being eaten up by compliance costs.
- A consortium led by Optus will be building a new sovereign Australian low earth orbit satellite here in Australia.
- The Auditing and Assurance Standards Board has issued an overview of how auditors and the like should best use AI. See their rather dry Impact of AI on Auditors.
- The ACCC is urging consumers to be alert to a growing list of recalled wireless power banks, ”which have the potential to cause serious burns and property damage”.
- With the next Census coming up in 2026, the Australian Bureau of Statistics is trialling the use of myGov for accessing the forms. According to The Mandarin, next month’s test will comprise “about 60,000 households in Rockhampton, Gladstone, and Yeppoon (Qld); Melbourne (Vic); Perth, Albany, and the wheatbelt region (WA); and Coonamble and Gilgandra (NSW)”.
BONUS LINK: Feeling nostalgic? You might enjoy my piece Lessons from the Censusfail omnishambles (15 September 2017) from the now-defunct DirectorTech.
Elsewhere
- Five EU nations are going to test an age verification app to, you guessed it, protect children. They are: Denmark, France, Greece, Italy, and Spain. It’ll work as part of the EU Digital Identity Wallets, somehow. I haven’t had to chance to read this yet, but it seems to be at the large-scale pilot stage.
- Roblox will soon require a facial scan or government ID to show they’re over 13 to have unfiltered chats, which means chats can include “inappropriate language like ‘butt-head’ and personally identifiable information”. Although chats with Trusted Connections can be unfiltered, Roblox will monitor the conversations for “critical harm”.
- I am still laughing about this one. “Someone ‘worked on a book with ChatGPT’ for weeks and then sought help on Reddit when they couldn’t download the file. Redditors helped them realized [sic] ChatGPT had just been roleplaying/lying and there was no file/book.”
- Software developers who use AI think they’re 20% faster but they’re actually 19% slower.
IF YOU’VE FOUND THIS NEWSLETTER HELPFUL, PLEASE SUPPORT IT: The Weekly Cybers is currently unfunded. It’d be lovely if you threw a few dollars into the tip jar at stilgherrian.com/tip.
Inquiries of note
There’s the RBA inquiry into card payment surcharges mentioned above plus this one:
- The Australian Communications and Media Authority (ACMA) is seeking comments on amended rules that will govern Australia’s SMS ID Register when it begins operating from 15 December. Submissions close 13 August.
What’s next?
Parliament is scheduled to return on Tuesday 22 July, which is now just four days away.
We already have the draft legislation programs, but bear in mind that almost anything can be added in on the day to suit the government’s news cycle needs.
The Senate program includes debate on the Health Legislation Amendment (Improved Medicare Integrity and Other Measures) Bill.
The House of Representatives program is dominated by new MPs’ first speeches, which suggests to me that some big-splash legislation will be introduced.
DOES SOMETHING IN THE EMAIL LOOK WRONG? If there’s ever a factual error, editing mistake, or confusing typo, it’ll be corrected in the web archives.
The Weekly Cybers is a personal look at what the Australian government has been saying and doing in the digital and cyber realms, on various adjacent topics, and whatever else interests me, Stilgherrian, published every Friday afternoon (nearly).
If I’ve missed anything, or if there’s any specific items you’d like me to follow, please let me know.
If you find this newsletter useful, please consider throwing a tip into the tip jar.
This is not specifically a cyber security newsletter. For that that I recommend Risky Biz News and Cyber Daily, among others.