JENI O’DOWD: The best way to fight cyber fraud is to hold our financial institutions liable for losses

Jeni O’Dowd

The Nightly

6 Min Read

15 May 2024

JENI O’DOWD: The best way to fight cyber fraud is to hold our financial institutions liable for losses Credit: Supplied/The Nightly

Most of us have a story about a scam. It may be a text claiming you haven’t paid for a toll or buying something online that doesn’t exist. Worse, you could lose thousands of dollars by clicking on a dodgy link or simply believing someone on the other end of the phone.

But you’re too smart to fall for it, right? Wrong. While we may only think the elderly with limited IT experience and the lonely fall for scams, they are now getting so sophisticated that experts find them hard to spot.

A colleague of mine is a smart, tech-savvy 41-year-old woman. She works in tech in a senior position but was scammed out of $16,950 a few days before Christmas and to this day, the bank has only refunded her $15.

Get the first look at the digital newspaper, curated daily stories and breaking headlines delivered to your inbox.

By continuing you agree to our Terms and Privacy Policy.

Here’s what happened: someone with an English accent called her, saying they were from her bank’s customer support department and that there had been fraudulent activity on her account.

They listed the last three transactions on her account (which were all correct), so, in hindsight, they must have already accessed her account — but at the time, it just proved legitimacy.

The man on the phone said he had to trigger a security code to reset her accounts and asked her to read it to him when it came. And voila … well, you’ve guessed the rest.

As soon as my friend realised there had been an unauthorised transaction, she rang the bank’s fraud department. Two more fraudulent transactions occurred during that call, totalling nearly $17,000.

“Everyone I spoke to at the bank was so unhelpful, saying, ‘OMG, gosh, I’m so sorry this has happened. It must be devastating’ followed by them telling me they couldn’t give me the money back because I revealed a security code,” she said.

“But I’d like to know why it is so easy for someone to take that amount of money in a matter of minutes without warning, red flags, or double confirmation like in other industries.”

She is so right.

Why haven’t banks implemented sophisticated software that identifies scam patterns and red flags?

Here’s another example.

Brett Newbound, senior financial adviser at Freedom Wealth Services, says scammers regularly approach their clients. Recently, one nearly lost a mammoth $50,000 through a term deposit.

The woman found an offer for a term deposit from what appeared to be an Aussie bank (the rate was only slightly better than the big banks, so it seemed believable).

The website even had licensing details, registered offices and contact pages. When she rang the call centre, the so-called salesperson had an Australian accent and sounded very professional.

The woman decided to transfer $50,000 into what he believed was a term deposit. Luckily for her, her financial adviser found some minor errors on the website after a review. The website was fraudulent.

Banks are powerful institutions with significant influence over our financial lives. With high profits, lavish executive pay, and predatory lending practices, it’s easy to see why bank bashing is so popular.

Last year, the so-called Big Four banks delivered a record profit of nearly $32.5 billion, and their CEOs earned between $6 and $10 million.

Yet, banks take little or no responsibility for the scams on their platforms, costing consumers billions of dollars every year. These losses translate into real human suffering, often wiping out someone’s life savings in one fell swoop.

Consumer advocacy groups have long pushed banks to shoulder greater responsibility for these losses, yet their efforts have yielded little progress.

And now, according to Stephanie Tonkin, CEO of the Consumer Action Law Centre, Australia has become a soft target for scammers — a veritable honeypot — because our laws are so weak.

She believes the Government needs to force telecommunication companies, digital platforms, and banks to invest in significant security improvements to prevent scams.

“The industry must take responsibility for scams on or via their platforms,” she told The Nightly.

“Other jurisdictions are taking faster, meaningful action to prevent scams impacting consumers, and we are seeing greater losses in Australia as a result.”

Recent moves by the banks to limit some transfers to cryptocurrency platforms and commit to implementing confirmation of payee technology are promising.

Still, Ms Tonkin says they can do more and much faster without waiting for government intervention.

She says scam losses are mind-boggling, with customers only reimbursed a paltry 2 to 5 per cent of their losses in 2023, according to ASIC research.

Fake Text message SMS scam or phishing concept. Man hands using smart phone Credit: PANUWAT/panuwat - stock.adobe.com

The Consumer Action Law Centre is one of many groups that believe that if banks were forced to pay back money lost through scams, they would immediately tighten their security.

It has proposed a reimbursement framework similar to the UK, which is now being flagged in New Zealand. This framework would see consumers remediated through a fast, easy-to-navigate system and businesses incentivised to invest in measures that would disrupt scams.

Last year, the Australian Financial Complaints Authority, an independent organisation which works with consumers to negotiate with banks to resolve complaints, registered 8987 complaints related to scams — up a mammoth 95 per cent from 2022.

The most common scams it sees are where people have been persuaded to give remote access to their computer or phone in the belief the person is assisting them with preventing fraud or showing them how to perform a transaction or transfer funds. Remote access is often combined with investment scams or other scam types.

Bank ID spoofing scams are also common. Scammers use readily available software to impersonate or “spoof” their financial firm’s contact details.

The customer will receive a call or SMS from the scammer. At times, the SMS will appear in the same thread as previous messages sent by the financial firm, making it very hard to identify as a scam.

Alyssa Blackburn, director of information management at AvePoint, an Australian company providing advanced platforms to protect an organisation’s data, says with the growth of AI, we can only expect scams to become even more sophisticated and complex to identify and stop.

“Scams will just become mainstream, targeting everyone from individuals to start-ups and small businesses to large enterprises,” she says. “It is imperative for organisations to ensure data is managed securely throughout its life cycle.”

Ms Blackburn says that if a bank fails to adequately protect a consumer from a scam through inadequate security or monitoring processes, there’s a case for the bank to be held financially accountable.

However, she believes there is also a joint responsibility between financial institutions and consumers to ensure vigilance and protection.

“Consumers need to be alert and prepared for the threat of scams, while financial institutions need to use their significant power and resources to detect where and when these scams are happening and cut them off early,” she says.

As custodians of our finances and gatekeepers of financial transactions, banks clearly need to do better.

They have a duty to ensure the security of our money. If their customers fall victim to scams, particularly those involving unauthorised transactions or identity theft, they should bear significantly more responsibility than they do now.

And it’s not like their profits aren’t high enough to bear the cost of extra security measures for the benefit of all Australians.