Obviously we haven’t seen the legislation so … just guessing but … I would assume the bank of the scammed party i.e. the scammee’s bank. (I guess if the two banks then want to fight about it in court for the next 2 years that is between the banks.) Meanwhile the scammer is laughing all the way to the, um, bank.
An American approach would be to put the onus and costs of restitution on the scammer’s bank. Even if off-shore it would be coerced to cooperate by denying its right to operate in the US or potentially even trade in $USD instruments. If a smallish localised bank, perhaps through its corresponding bank. eg there are ways.
Whether UK is of a similar mind, or similar position in the world is another issue.
2 Likes
This legislation because it penalises the Banks, I think would make them more active in fighting the scams before they had to make a payout. It certainly won’t make them any less active. I’m sure every Bank has enough sophistication in their internal fraud assessment structures and industry information sharing to fight most scams before they lose money. They just have to be encouraged to take steps rather than just profit taking regardless of who helps provide that profit.
Some of the recent failures are clear in the investigation of such that the Banks knew, were even complicit in their behaviour of supporting Child exploitation, terrorism and money laundering. Primarily, the driving force the Banks concerned themselves with was how much money they could make. Obligations to adhere to The Law played a very secondary place if they were even considered, until they got caught. Then all the sorry it will never occur again came forth, spewing out like a torrent of effluent.
3 Likes
In Australia we have an agency, that if it operated properly, could provide the information to help banks and senders deal with fraudsters.
Austrac.
Any business engaged in funds transfers is required to register with Austrac and report APPs over 10k within Australia, all International funds transfers, and very importantly, suspicious matter reports (SMR).
If a customer complained to their bank about a transfer that had been sent to some account, and it looked like they had been taken in by a fraudster, then the bank should be required to send an SMR to Austrac.
That account would then be flagged as suspicious, and all banks involved in APPs could check for the account in the Austrac database before allowing a transfer. And either give a very clear warning, or block the payment.
2 Likes
The Super Complaint is along those lines. The banks are to do better identifying the scammers who use their services and preventing fraudulent money going to them, and they have to make it easier to get it back. So if the legislation goes through, those scammers who use UK accounts all move their accounts offshore.
1 Like
Still, what changes could be made that would reduce risk and fraud?
Arguing about who is “responsible” and who is going to pay after a fraud has been perpetrated is too late.
Who wants mandatory 2FA? Who wants not to have mandatory 2FA? (Who currently has it / does not have it on their internet banking?)
You could certainly think that, rightly or wrongly. There are two risks though.
- The total number of scams goes up, so a higher percentage of scams prevented (hypothetically speaking) on a higher total number means no net reduction in the number of successful scams.
- False positives. You can see why a government might want to push this problem onto a bank.
The payment could have moved through half a dozen off-shore banks before jumping off the banking system into cash and/or crypto (and then potentially moving back into the banking system).
That’s one reason why I said: the scammee’s bank.
Thought experiment: What if the scammee’s bank responds by closing the customer’s account? (believing that even though the bank is legally liable, per this new hypothetical legislation, the customer has in fact been negligent or reckless, and no doubt justified on the grounds that clearly the account has been compromised)
Moving the accounts offshore would help avoid scams as International Bank transfers are a bit more complex, they require more input from the user transferring the money and the Banks need certain routing information not usually attached to a domestic account. It would raise more questions about authenticity.
2 Likes
Or a mule account, whose holders are also victims to the scam. Does the mule account holder then become responsible and liable for the monies deposited in their account and moved on. Is this account automatically closed.
What happens if there are multiple mule accounts used before money is laundered through conversion (cash, cryptocurrency, purchases etc), does every mule account take on responsibility/liability… or closed down significantly impacting another victim of the scam.
It becomes very complex and victims of a scam could quickly become victims of compliance action.
It is easy to pass the ball to the (unloved) banks, but this does not solve the scam problem. It only changes the responsibility for the outcome, and doesn’t fix the cause. It is the cause that needs addressing and focus of resources.
1 Like
The root cause! It’s the weakness of our electronic bank systems. It’s impossible to assure the true identity of the owner of an bank account or business. At least as far as the average consumer is concerned. Without that failure, the current frauds would be far more difficult to perpetrate.
Even when paying by credit card it is up to the consumer to prove their details to the supplier, (CC no and other card details). There is zero ability of the customer to verify the vendor’s CC providers issued identity. The situation with direct transfers to a bank account is equally obscure. The Govt puts the responsibility on our banks to reliably identify account holders etc. For off shore transactions it is more complex.
Does this argue that as it is impossible for a consumer to assure themselves of the payee’s identity? IE no one is able to use electronic payment without risk, suggesting we should all cease using it.
Please bring back COD. Or payment on receipt.
2 Likes
Even with proving identify, this would only fix a limited number of scams. Trust type scams won’t be fixed as these often use mule accounts or non-banking methods (gift cards, cryptocurrency etc). If one impersonates a mule account holder as part of a scam, banking details match the impersonation and the scam continues.
Closing off clear scam banking transactions will only result in shift to non-banking methods or mule account methods. It won’t also prevent those who easily succumb to scams and lack ability to understand the banking system and/or proving identities. While we may understand this, it is likely many who are victims of scams won’t.
This is why trying to fix the outcome is the wrong focus and doesn’t solve the cause. The ACCC approach has merit as it focuses on one avenue scammers use to share their victims. Whether it has long term effect, or causes a shift towards direct contact scams (phone, email) only time will tell. Measures will need to be taken to impact on the proliferation of other scam sources as well.
Focusing on banks as the solution or shifting victim responsibilities to a bank assumes all scams and only money is transferred through banks. Unfortunately this isn’t the case.
1 Like
Anyone seeking and waiting for a perfect solution will never have any solution. OTOH piecewise improvements will be of benefit to the greater community that seems susceptible to being scammed.
An RC revealed how proactive our banks and casinos have been compared to how proactive they were supposed to have been.
Waiting for Godot (or a deity) that can do it all without peripheral seen or unforeseen issues may be a longer time than any of us have.
The UK effort should be educational regardless of whether or how well it falls. Commentary on the pros and cons of the UK effort in the meantime? Entertainment.
3 Likes
Yes, it puts the owner of the account in the position of either having to argue that he or she knowingly participated in a crime (not good) or lost control of the account (also not good). Either way, the bank has a case for its action (closing the account).
My more general point is … if you pass legislation that makes the bank financially liable and you say nothing about what the bank must do about it and you say nothing about what the bank may not do about it … you open things up for a raft of occurrences that you may not agree with e.g. mandatory 2FA, mandatory delay to transactions, account closure, …
Imagine that the banks insured out the risk and required the customer to indemnify the bank for the “excess” (just like regular insurance e.g. health insurance).
That is of course the problem in Australia. (I don’t know whether it is at all the same in the UK.) The banks are an easy target, an easy punching bag. No pollie ever lost votes beating up the banks. That doesn’t make it good policy.
That may be a realistic problem in a small proportion of scams.
For a higher tech solution, given political will, it already existed 20+ years ago: SET and must be very doable with today’s technology (perhaps not so much 20 years ago).
You want to insist on SET (or any comparable later protocol) for high-value transactions, that’s fine.
Would I insist on merchant authentication when I pay for goods at the supermarket? No.
Lower tech solutions also exist e.g. features of the New Payments Platform (NPP) that allow you to transfer money to other than BSB and account number (i.e. to an identifier that may be more readily verifiable).
Neither SET nor NPP will fix all scams where merchant authentication is a concern but these are options that exist. At the end of the day, you can’t fix stupid.
Perhaps this indicates that the banking sector has generated solutions but merchants aren’t adopting those solutions. Both merchants and consumers are opting for convenience over security, which is a very common problem with end users.
That could be a good answer, before we all get locked into a total financial surveillance state. 
Sometimes piecewise improvement leads to a dogs breakfast i.e. lacking a unifying vision. In other words, the difference between piecewise and piecemeal is a fine one.
Legislation is not unlike software. After a good many years of piecewise “improvements”, it is an unmaintainable, confusing, opaque, inconsistent mess - and due for a total rewrite.
1 Like
That approach is endemic although a standard management style - ie. make no decisions and do nothing until there is no other choice. It minimises the chances of doing it badly since by then the problem is as obvious as it might get, dollars have not been applied unnecessarily as the problem evolved (the Wonthaggi Water Plant being a prime example), and nothing pre-emptively is done because we can all trust the system to do the right thing the right way. Right? The outcome is being on the back foot all the time in public policy and governance. Reactive government on one ideology, proactive on another. There is a middle ground.
A total rewrite of [fill it in] that is helpful and imperfect happens regularly as part of democratic processes and give and take. Having nothing to rewrite suggests a level of fatalism so nothing ever gets done.
3 Likes
I watched a program on the movement money made from people smuggling. An auditor and a senior bank employee who flagged the flow of large quantities of illicit funds through the banks were fired very quickly after reporting their findings, and their reports buried.
The banks, even the largest and most prestigious, will not voluntarily inhibit the flow of money through their accounts, particularly when it involves large amounts. Legislation and the will to enforce the legislation is required to ensure the banks work for their customers, not just their shareholders.
The legislation will most likely be iterative, with holes patched, and improvements made; hopefully.
Enforcement is the key, and we know from the Australian experience that the enforcement here is lackadaisical at best. So a strong independent body that the banks are actually afraid of needs to be created to ensure the legislation is adhered to.
3 Likes
I agree with @PhilT , @meltam and @mark_m that something has to be done now!
As a saying goes if they aren’t part of the solution they are part of the problem. The UK legislation at least tackles a slice of the problem, it may not be perfect, there may be unintended consequences but as @PhilT notes the legislation can be amended to address these problems if they arise. The RC into financial institutions quickly showed that financial business in large part were focused on profit and created much of the problems seen. Any idea of honesty or proactive responses by these businesses to issues, came somewhere far down the list somewhat after level of renumeration and bonuses for the bosses.
The idea that Banks or similar financial institutions are somehow unaware of fraud, of unsafe practices, or scam accounts (even foreign), are laughable. Banks and similar are well aware of the problems that exist, some have just chosen to ignore the issues in light of the profits that can be made.
Mule accounts are just like any other account that is used for fraudulent movements of money, they exist out of greed. Those that have been taken over by identity theft are different. They may/should be able to be closed and new accounts for the victim in these cases made as whole as possible. We do insure banks against loss, we in Australia use taxpayer money to if needed cover losses of everyday accounts to a value of $250,000 per account holder. While this is not about fraud (or maybe it is in a way), it does show that insurance against risk does and is happening.
In the UK this is also provided to £85,000, about $150,000 in our dollars.
As @meltam concludes “ensure the legislation is adhered to”, something that has not properly occurred to date. This remains the issue, there is a large amount of legislation that requires our financial institutions to be diligent in carrying out their duties to combat fraud (internal and external), money laundering, support of terrorism, and similar illegal activities. They have yet to show that they are properly and diligently doing so.
3 Likes
By all means if the solution actually addresses the real problem to some degree, preferably to a considerable degree. The trouble is quick-fix solutions may only address the political problem of being seen to do something. A badly designed urgent solution may by its presence get in the way of better solutions that come later or, as I mentioned above, have perverse outcomes.
Legal and policy changes tend to not have a post implementation reviews to see if they have been effective, many do not even have problem metrics that can be monitored. Which makes it much easier for authorities to ignore further efforts to take action soon after change.
If forcing the banks to act is a solution why is it that nobody can explain what it is they ought to do and how they ought to do it? The concept of forcing some unknown action to be done does not stand out as a well analysed solution.
That may well be the case. It may also be the case that they have no idea how to deal with the conundrum of somehow preventing their customers from authorising payments that they are likely to regret. We are talking about preventing loss to either the individual or bank due to authorised payments, not fraudulent ones.
1 Like
I know that that is not the case with Suncorp or ANZ.
With Suncorp, I have had larger (EFT) transactions halted because the bank thought they looked suspicious and outside of the norm for past account history. They contacted us by private message (within their online banking platform) to contact their fraud team immediately to discuss the transaction. I contacted the fraud team and after they verified the transaction was authentic, it was released for processing. They also said that they do this regularly for many suspicious transactions.
I have been assisting our elderly (85 years) neighbour with resolving some scams (unauthorised transactions on credit cards). More recently being almost sucked into a telephone scam. During his contact with the ANZ bank, the bank also indicated that there has been external EFTs requested which have been declined by the ANZ as they were suspicious and followed a known fraud pattern, The ANZ also indicated that they monitor accounts for suspicious transactions and will hold up EFTs out of account when they look unusual.
He also banks with Macquarie, and they have placed an additional watch on his accounts for suspicious transactions. I am not sure whether Macquarie does is across the board as standard practice like Suncorp or ANZ, but assume that that would.
I also suspect that other banks are the same. Banks can’t check and monitor or obtain approval for each and every EFT/recurring transaction/credit card transaction as it would make movement of money impracticable and near impossible.
BTW, a lesson from our neighbour…he was issued new credit cards. On signing the back of the credit card the signature didn’t look all that good so he decided to try and remove the signature with acetone. Instead he removed the whole of the signature strip. CVV etc. The bank had to issue a further credit card…while amusing now, wasn’t amusing a when it happened.
The Banking Association provides information on scams and how consumers can minimise their chance of being scammed. Unfortunately scamming involves victims, often who don’t know that they are being scammed and often haven’t followed some simple advice to protect their own personal and financial interests. Shifting responsibilities by focusing who should accept responsibilities for the outcomes, does not solve the scams that we face on a daily basis. Action needs to be taken to block scams at their source, not band-aid the outcome hoping the problem goes way. Consumers also need to protect themselves from being open to scams as well. The later is challenging as no matter what processes are put in place, those susceptible to scams will continue to be the weakest link in finding a long term and robust solution.
2 Likes
ANZ cartel actions have not been innocent. ACCC took them to Court over behaviour.
1 Like
I assume it was a cartel with the scammers, otherwise it is irrelevant. What is relevant is some (if not all) banks have systems in place to try and detect fraudulent transactions. There was a comment earlier they ignore the issue. This is not the case.
Could they improve, like any business, there is always potential for improvement where improvement will have a positive effect.
1 Like
ANZ may be a more vigilant organisation and that is indeed something to be proud of for them.
Some others and 3 of them major players have ignored fraud, they have ignored money laundering, they have allowed suspect transactions to occur. This is not ancient history, it has occurred in the last couple of years. Can we be certain they have improved or has the problem just been more well disguised/hidden. The idea that they have been pure is obviously not true (and I’m not saying that you think that, I’m just pointing out they have carried out criminal behaviour). If a process will make them look even more closely at problems then it should be something that is supported. With Banks making record profits what is the problem with making them use some of that to improve their systems and compliance with the Law? Do we in the majority of the population have a choice to not use them for our financial affairs? No we don’t, some cash transactions still occur but who receives their pay by cash these days when they deal with Governments and most businesses…almost none.
Overseas scammers need access to methods that transfer funds from Country to Country, Western Union and some others can facilitate this but they can be monitored as well and they have processes to track and stop fraud. In saying this, it is obvious WU also had lax practices in place Western Union Admits Anti-Money Laundering and Consumer Fraud Violations, Forfeits $586 Million in Settlement with Justice Department and Federal Trade Commission | OPA | Department of Justice. This may even still be an issue but no certainty exists one way or another. Banks are perhaps the most pervasive means of doing these transfers, making them more responsible is only increasing the security for those less able to see the pitfalls. I know many who are not au fait with what scammers and others do, they are sheep led to the slaughter.
3 Likes
