Last year, Australians lost $3.1 billion to scams last year – an 80% increase from the year before.
People are bearing the increasing costs of scams, while businesses like banks, digital platforms and telcos, who have resources to protect people from this crime, aren’t doing enough. Sign the petition calling on the government to implement strong rules that force businesses to detect and prevent scams – and require banks to reimburse victims: Scams: Detect, prevent, reimburse | CHOICE
The banks are already implementing measures to deal with one of the scam methods.
It’s getting harder to know what is real and what is not. Includes SMS impersonation attempts and emails. Fortunately most of the dodgy emails have equally dodgy source addresses making detection a little easier if one remembers to look.
As ANZ said to ITNews.
ANZ customer fairness adviser Evelyn Halls also said there was an increase in bank impersonation scams seen towards the end of 2022.
Halls said malicious actors were using SMS spoofing to make it appear that scam messages were from ANZ.
“Because of the way the telecommunication system operates, that message will then fit into that chain of previous messages [on a customer’s device],” Halls said.
Halls said ANZ had “put a range of warnings in place” including in-app messaging.
I hope this will be optional. I have a heap of stored BSB/account numbers and I have never taken care to ensure that the stored account name is exact, taking into account all the legitimate ways in which the account name might not be what you expect.
As previously proposed, “optional” could mean “only applying when the transaction exceeds $X where X is set by the customer”. This would mean that I am not troubled by bouncing transactions when the amount is relatively small.
Has anyone ever encountered how this works in practice? (given that the article says that some Australian banks are already doing this)
I can imagine that when lots of old unchecked BSB account transfers start bouncing more frequently, the banks response will be twofold.
One, get the payee to give you the correct account name. Too bad. Not our problem.
Or two, we spent a heap of money setting up the New Payments Platform using registered PayID, so use that. If your payee doesn’t want to do that (doesn’t cost much, if anything) then too bad. Not our problem.
Yeah, thanks for that, @Gregr - gave me a laugh even though that may not be the banks’ intention or your intention.
My question though was about how this is actually working in practice today. Surely, someone in Australia must have had a transaction bounce?
I have had a transfer bounce due to account name being incorrect. That was about five years ago and it was to one of the big four banks. So I know name checking has been a thing in Australia for some time.
Now how much checking is done on the name? Does it have to exactly match or mostly match? Don’t know, but the one that bounced on me was substantially different, as in a different company name. A tradie with a business company, and a private company and got them mixed up.
I have grave reservations about this. One illustration: After falling victim to scams twice, Angela spent months chasing a response from her bank - ABC News
How might a bank respond if a customer costs it more in scam reimbursement than the bank could make in profit from the customer in the customer’s entire lifetime? Is the bank allowed to close the customer’s account, giving the customer cash for the account balance?
One thing that grates for me is that when near real-time bank transfers were floated in this forum, most participants were in favour of it whereas I was not, and I pointed out that that makes it much harder to reverse something that you need to reverse. (It could be because of an error or it could be because of fraud.)
Should we go “back” to overnight bank transfers? Should gullible customers be forced onto delayed transfers?
I have reservations too, with a caveat.
If the bank (or financial institution) is negligent in relation to a customer falling victim to a scam, such as its systems allowing unauthorised access without any input from another party such as the customer or allowing transfers to accounts the bank knows is being used for scams, then they should be responsible and liable. This means banking processes failed.
If the customer facilitated access to one’s account by an authorised party or instigate transfers to an account being used for scams which hasn’t been reported (or bank has no reasonable knowledge of), then the customer should be responsible and liable.
I have raised in the past this distinction is important as making some of the actions of a customer responsibility of the banks… may cause customers to be greater risk takers or not to do their own due diligence checks…or think ‘well even if I find out later it is a scam, the bank will effectively prove cover for my actions’.
In addition to the above, mules also need to be accountable and liable where they are an active party to the scam.
So all businesses and individuals should be forced to wait for transfers because some people need training wheels in case of an oops. That will not be popular.
Oh yes, an annual assessment of competence to show we are not gullible.
Banks should engage a third party to test each customer for gullibility, but the scam destination account is harmless (controlled by the testing company or the bank) and funds will be returned shortly afterwards if you fail the test.
If you fail the test, you are flagged as gullible and restrictions will apply. Gullibility flag is shared among all Australian banks (shared database, not public though).
That is so good. 
Some might suggest simply choosing the bank is evidence enough.
Should banks be tested by a third party to determine how gullible the bank is in allowing the establishment of fraudulent accounts?
Whether one stays with a bank having high loan rates, low savings rates, and is closing branches and ATMs as fast as they can, OR ‘walks’ to a more customer friendly bank (if there are any, all being relative) could be the basic litmus test for gullibility or minimally attentiveness and possibly decision making skills.
That shows nothing about the bank’s security but something about the customer.
Perhaps so. Although that is in no way mutually exclusive with what I wrote. You can do both.
Perhaps the relevant financial authorities already do. It would be like “shadow shoppers” but done on behalf of government authorities.
If the bank fails the test, it may or may not be gullibility. It could be laxness. Either way though, a fail is a fail.
In my dealings with banks they have tended to err on the side of being overly officious when opening accounts. But sure you might get lucky and get a work experience student on his first day on the job and be able to socially engineer your way out of having missing or faulty documents. 
It is noted that mule accounts can be entirely legitimate. For example, one way of getting a mule account is to buy the internet banking details of a foreign person who was legitimately temporarily resident in Australia (e.g. as a student) for a number of years but is then going home. (I think the government needs to look at tightening that up and that could be part of a holistic review of scams although not directly relevant to this topic.)
If banks were required to repay money that customers lost due to scams, then I could envisage a few things happening.
Firstly, access to online banking would require mandatory multifactor authentication. A logon to an account could not be done by a scammer knowing only the userid and password obtained by tricking the customer into revealing it.
Secondly, pay anyone money transfers would be restricted. Maybe a delay of a few days before the transfer was done to allow a victim to realise their mistake and contact the bank. Maybe a charge imposed for all transfers that would act as insurance in case of a scam transfer. Maybe if a customer was scammed and the bank had to repay the money, then the money transfer function is then unavailable for that customer due to risk that it could reoccur.
