Banks' practices

I heard on the ABC NewsRadio (16 May) that Banks announced a ‘crackdown’ on scams that cost Bank customers millions each year – (really? How?) … But does it help the situation if Banks do not ensure that money transfers are at least, being made to correctly named BSB and Account holder Names? Am I right in saying that this is somewhat hypocritical, given the following? …

I have seen a paragraph on more than one Bank’s Electronic Transfer Forms and online banking screens, giving a warning : (the wording varies, but this is my bank’s version from the online banking screen, before one finalizes the transfer :

"It is your responsibility to ensure that the account details you provide are correct. If you enter or select an incorrect BSB or account number, your payment may be unsuccessful or funds may be sent to the wrong account and it may not be possible to recover the funds from an unintended recipient. (This Bank) does not match, verify or check the account names and numbers and relies solely on the account number details to process payments.

It goes on to say that any mismatch means the Payee may not be able to retrieve their funds. (they may as well just declare …“we don’t provide assistance to you in this way”).

Needless to say, there is NO BENEFIT to the Payee in making a mistake: so any mistake will be just that – a mistake.

One of the widely assumed purposes of using a Bank, among other things, would be to facilitate the transfer of funds efficiently and safely – is it expecting too much to assume that Banks HELP (ie do what they can) to detect any errors in the process?

In general, most organisations’ boring, tight security and “ID” procedures often slow our day down somewhat – appearing long-winded and going way beyond what is reasonable. For Banks to more or less say, ‘BEWARE - WE DON’T CHECK YOUR ACCURACY’ seems ‘a bit much’. It doesn’t serve anyone’s interests except their own.

Spelling is paramount, but if we so much as add or forget to add a middle initial in our Passports, things will stall unpleasantly.

Solutions :

Would it be too much to ask that Banks write into their Computer processing software , that any mismatch be flagged for closer scrutiny? [God forbid, this means they must have a real person examine cases thrown up as mismatches]. Yes, there will be many, but should this not be part of Banks’ service to customers, whether they like it or not? I’m sure they could devise a way of charging a fee for sorting it out. That would be fair enough and without any great cost, someone learns from the error.

If this is not acceptable, then have the system reject it and “return-to-sender” until the customer gets it right (like errors with Usernames & Passwords).

To me, insisting that the full responsibility rest with customers ‘not to make mistakes’ is nothing more than cost-cutting, when Banks should be offering to do more, not less, to ensure a legitimate, smooth Funds Transfer process – at their cost, rather than ours.

When I questioned this ‘disclaimer’ paragraph in person, declaring that it seemed to be a strange, “lazy” and counter-intuitive statement from the Banks, I was given the explanation by one Branch Manager, that 'it is for your safety’ … For this to make any sense at all, we would have to conclude that the real meaning is more like …

‘the Bank will take (this rather serious) short-cut in transferring your Funds, so please don’t make a mistake, because we won’t detect it –meaning you’ve probably done your money’.

It seems highly improbable to me that Banks would be allowed to get away with such nonsense if this issue were better highlighted for customers’ or indeed Government, scrutiny.

Unashamedly more concerned with the Interest rates they CHARGE rather than pay out, it is widely known that Banks are not quick to raise Deposit Interest Rates when official interest rates rise. The Government has called them out more than once on this issue, only weeks ago summoning the Banks to account for this, in Canberra.

Customers like you and me provide a major source of the funds Banks use to make their obscene profits. If Banks refuse to even match a Name with an Account Number & BSB for those of us making a transfer of money, it is a sure sign that, like many commercial organisations in this computer-reliant age, they’re always looking for ways of doing less and less for us, that contribute any amount to their costs.

Vince

The banks have had in place for some time a more secure money transfer method using the New Payments Platform.

They would love more of their customers to start using it, rather than keep using the unsafe ‘pay anyone’ that you complain about.

Perhaps the Gov or RBA could help the banks by banning pay anyone transfers. That would force businesses to set up for NPP.

Thanks mate: where would I find this? (doesn’t appear to be an option on online banking screens)…
VC

It would be called something like ‘PayID’. But using it to send money depends on the other end setting up a payid. It is slow on the uptake, but that is the fault of payees, not the banks.

ING only shows that as an option when selecting a new payee during ‘pay anyone’.

Selecting ‘pay anyone’ shows a button for ‘new payee’ and selecting ‘new payee’ shows a ‘payid’ option.

There inexplicably does not appear to be a way to add a payid to an existing address book entry nor to associate an address book entry with a payid.

Strangely ING also promotes the use of payid while seemingly making it as difficult to use as they can.

How would that be done? What are they going to check against? The bank’s records will know if the combination of BSB and account number are valid but that doesn’t help stop scams as presumably to steal your money scammers will supply a correct combination of those.

I agree that banks need to step up and do more but it isn’t as if they have left big holes in their systems that could be plugged easily.

There was a case in the news recently about a person who was scammed who relayed 31 authentication codes to the scammers over a period of 4 hours allowing them to grab over $300,000. Against that much misplaced trust what should the bank do?

If you keep adding more layers of authentication the next thing customers will be complaining that it is too cumbersome and time consuming and all they wanted to do was send a birthday present.

Find out who architected that and tell them to do it properly. My bank clearly separates transfer by pay anyone using bsb and account, and PayID using I presume OSKO.

Nobody seems willing to admit it was architected or if it was that they did it

I also read this and was lost for words.

Scammers have moved on from the UK introducing account name matching. Many successful scams now involve taking over a personal computer using remote access software. As such, account name matching becomes irrelevant as the scammers transfer monies out of an account, not the account holder. Account matching has zero effect in such cases and is a bit of a red herring to try to blame the banks.

Removing multiple instantaneous bank transfers like that planned in Australia may reduce number of successful transfers where a victim identifies they have been scammed soon after it occurs. It won’t stop all transfers to scammers/criminals.

Even with restricting transfers, the scammers will find a way to get around this one as well.

Now that is the total opposite of what the New Payments Platform is all about. Real time money transfer, with authenticated payee. And it is not planned. It has been around for five years and every major and minor bank that I know of supports it.

Apologies, I forgot to add the word multiple. What is proposed includes…

The ability to, where possible, halt multiple fraudulent transactions taking place as part of the same scam

Which is removing ability to carry out multiple instantaneous transfers. I have corrected the earlier post.

More information can he found here:

This topic has been discussed numerous times in this forum. I recommend that you review those existing discussions.

Just putting it out there but (if we try to breath new life into an obsolete payment mechanism i.e. paying by BSB and account number - just stop it already) one different approach on this would be to require all banks to introduce a check digit or other redundancy into the account number (as well as perhaps standardising the length of the account number).

The cost of this would be that
a) every single account number would change (become longer and less wieldy), and
b) all existing paying arrangements would break.

This could be partially mitigated by simply adding the check digit(s) to the end of the existing account number.

This would stop accidental errors (which may be what the OP was concerned about) but will not help with scams.

This avoids having to go down the fraught road of checking the name against the BSB and account number.

I believe that the actual change announced was a new inter-bank communication system so that if a customer complains about a fraudulent transfer, it is possible to react more quickly to stop the funds moving out of Australia / out of the banking system. (I doubt that this will ever be really effective. This might even fall into the category of “theatre”.)

Surprisingly, with the proposals coming from some of the more excitable members of the Australian community, there would be a benefit in making a “mistake”.

Which is what I suggest in this forum each time this topic comes up - or, more accurately, I suggest that the government forces banks to have an end-date for when “pay by BSB+account number” will be accepted.

Exactly what I was going to cite. (Banks must be tearing their hair out with the gullibility of some customers!) But bottom line is that all the BSB+account numbers used in this scam (30 x $10,000 transfers, or similar) must have been completely, exactly correct - and would still be correct even if the corresponding account name were being checked.

One small way that the government could improve things for this scam is change the law around how foreigner accounts are handled once the person leaves Australia.

That particular scam would also he helped by having authentication in the phone system (for all calls, not just overseas calls).

It might have prevented those particular accounts being used, but wouldn’t potentially stopped scam monies exiting through ‘legitimate’ bank accounts as evidenced here:

Many of us have received spam emails or social media adverts about making $1000s per month from home. Yes, $1000s being a money mule. Unfortunately making ‘easy’ money attracts victims which assist in perpetuating the scam.

It is extremely challenging environment as the scammers appear to be at least one step in front of systems to prevent scams. A door is shut and another opens.

I recall hearing something recently on why Australians are targeted. One of the reasons is Australians have moved by mass online including online banking. This means vulnerabilities in the system (Australian banking customers using online banking) are easy to scam/exploit. It would be good to remove the weakest link, but that may mean the end of online banking.