Bank Transfer Scams

Edit: New readers to this topic can join in on July 2022 at post 7 by clicking here.

An article warning about bank transfer scams.

Scam or is this really an instance of Fraud.

The victim responded to a claim for payment from a business to whom a debt was due. The email account of the payee is reported to have been hacked, enabling the fraudulent transaction.

I’ve had at least one recent example where a local tradie changed their payment system details.

Perhaps if there is a scam it is in the deficient procedures of our banking system when it comes to electronic transfers.

Systems such as BPay seem to have some checks and balances at the time of the transaction.

Is a secure pay option for electronic banking that hard to implement. One that ensures the account details, payee and claim for payment details are authenticated, prior to accepting the transaction. Given the banks have historically held onto funds in transfer for a day or two, there has been plenty of scope/time in the past for cross checking.

With the promise now of same day same time transaction processing the risks only increase if the system is left as it is!

Agree, it is more likely a fraud…but in some respects the payee has been scammed thinking it was a genuine payment advice.

Unfortunately in today ‘don’t trust anyone’ environment, if one receives a payment advice with new bank details, one should contact the original issuing company to check that their payment details have changed.

Also, I wonder why these businesses don’t have some basic security controls to either prevent hacking or monitor access to their email systems. Such would provide stronger protection than relying on their customers to check before payment.

I heard this on the ABC 7.30 last night and thought that would be an easy solution…however…there are many businesses that use trading names which may be different to the registered name. An example may be a partnership where the bank account may be in the names of the partners, but the trading name for the services rendered may be different.

Hardly something the bank is unlikely to be unaware. It simply needs the bank and business customer to ensure they have the alternate name available as a cross check if ever the banks put a better system in place.

Be careful what you wish for in this world of over-employed people who make specifications or do the coding. The US Post Office, owner of all US addresses had a misspelling of my street name in their official database. Phone calls, photos of the street sign, and property document extracts were summarily ignored.

Since most businesses used the official USPO database to authenticate addresses I had to use the misspelling on all my accounts. If I did not, charges would invariably be declined for an address mismatch. Another instance was the use of the abbreviation ‘Trl’ for ‘Trail’ where only ‘Trl’ would authenticate. No fuzzy or rational logic included.

It took 3 years for the US Post Office to fix their database. Then all my accounts with the misspelt address on file started to fail authentication and required updating.

Payments should have personal metrics as a requirement, but also must be implemented with reasonable fuzziness and at some point exit for human review if they are going to work rather than become new problems of their own.

That would help!
Glass House Mountains with post code 4518 is so spelt by the State Government Qld Rail on the station and the Post Office.

Many businesses including an American parented hire car company we use often enough can only accept the dictionary spelling of the place you grow plants (a glasshouse).

Enough said last year after their system started insisting the details on your license were an exact match.

Perhaps the only thing dumber than a computer in this instance is the … never lived customer experience on the end of their product.
(I’d insert ‘CFO’s’ as one option. Every enterprise has it’s own excuse.)

Confirmation of payee name is an idea that has been around for years now but still too little action.

‘People are losing a fortune’: ACCC urges banks to act as scam losses surge

Australian Competition and Consumer Commission deputy chair Delia Rickard singled out banks’ reluctance to adopt safeguards that have been put in place in UK and Europe as a reason why scams continue to proliferate in this country.

Well I know from experience that some Australian banks do check payee account names as well as bsb and account id. Because I have had transfers rejected due to payee name mismatch.
The real problem here is that the New Payments Platform, designed to solve these problems, is just not being taken up by businesses. So most just use the old insecure “pay anyone”.
The solution exists. The banks are onboard. They would love all their business customers to switch.

What proportion? One transaction doesn’t give us much to go on.

Could you explain how this new platform solves all these problems and how businesses not taking it up prevents the system from being effective and also prevents banks from using the method that ACCC recommends that has worked overseas. And if it is voluntary and effective, why would scammer take up the new system?

Some information for you since you have asked. Note core requirements S2 and S5.
https://www.rba.gov.au/payments-and-infrastructure/payments-system-regulation/past-regulatory-reviews/strategic-review-of-innovation-in-the-payments-system/201211-rba-core-criteria-fast-pay-solution/

If the NPP became the normal method of money transfers by banks and businesses, then it would look very suspicious if some business, potentially a scammer, did not offer it.

The linked paper is ten years old and reads to me like a set of objectives. It doesn’t say:

• How many of these have been achieved in live systems,
• whether the banks ‘on board’ or
• what number of merchants have taken it up or what effect the take up might have on the security of transfers.

I am no nearer understanding.

Those were the requirements. The system has been built and is operational. You will find it as an option on your Internet banking system for pretty much every organization involved in banking in Australia. Certainly all the major banks and credit societies.

Some system has been built and is operational. We are no wiser whether:

“The real problem here is that the New Payments Platform, designed to solve these problems, is just not being taken up by businesses.”

Unless you want to address that claim directly I suggest we leave this.

That claim comes straight from the article you included in your post.

So you are inviting us to accept the bank’s self-exoneration without evidence.

Not inviting acceptance of anything. Just pointing out a few facts, all mentioned in the article.

1. The old money transfer system, since it is only required to check BSB and account number and not account name, has always been a problem with funds going into the wrong account due to typos, and has also been utilized by scammers.
2. A new system has been designed to address that problem, the NPP, and has been adopted and implemented by the majority of banks and other institutions in Australia.
3. It is up to businesses and other payees to offer payers the option of the new system of money transfer, and so far in my experience with payees, few have. Also mentioned in the article.

So maybe it is time for either the RBA, or APRA which both have regulatory oversight of banks and other approved deposit taking institutions, to simply mandate that the old unsafe system for money transfers be shut down, and NPP used. That is my preference.

Or we can demand that all banks spend time and money to fix the old system, when the new one already addresses the problem. Seems that your preference is for this option.

Not my preference, the ACCC. They also provide evidence that payee names matching has worked overseas. Enough for me.

Yes, the ACCC does occasionally awake from their slumber to make comments about consumer issues that they seem to think are new, but in fact have been known for decades, like unsecure money transfers.
What next?. A crackdown on possible price-gouging on lettuce prices in supermarkets.
Oh hang on, the watch puppy is on the job and monitoring the situation.

The weakness of the ACCC is true to some degree. But you are yet to provide any reason why we should accept the bank’s claim the system is fine if only the merchants would use it over the ACCC claim that it is not. All I see is an open question.

The ACCC has recently decided to announce a warning to consumers about money transfers using the system as it stands in the international banking world.
Something apparently new news to the ACCC, and it seems to you.

It has been recognized for a long time that simply transferring money using only the BSB and account number was not enough and unsafe. I have been using money transfer for years and my bank has always warned me that I had better get the BSB and account number right, otherwise the money could go off to somewhere unintended.

Now, some countries, like Australia, decided to address this issue. The RBA led a project to get a new money transfer protocol to address the validation issue, as well as other issues like processing time from maybe days into near realtime.

That is now adopted by the banking system in Australia. That is the NPP, and if you don’t want to know about it, up to you. If payees don’t want to offer it, up to them. Certainly scammers don’t want to offer it, because it would would kill their method of scamming.

Some other countries, like the UK, have only now decided that it would be a good idea to have their banks do what Australia has already done in proper money transfer validation.