Recently, @AndyKollmorgen investigated how a couple in their 80s lost $40,000 to the sophisticated Telstra bond scam in a payment facilitated by Suncorp Bank. The question is, should financial institutions be doing more to prevent this from occurring? Let us know your thoughts in the comments.
Read the investigation:
No way should the banks be liable for what the customer wants to do. Hey, itâs their money, right. Free to blow it away on obvious scams.
But the banks should get more aggressive in shutting down or restricting âpay anyoneâ funds transfer, in favour of Payid.
Iâve said it before but Iâll say it again: the government should regulate an end date for âpay anyoneâ.
But if banks want to do it voluntarily ahead of the government-regulated end date then OK.
âPay anyoneâ was good when it came in. It had its place but you have to ask seriously these days whether the benefit of its existence (now competing against better, safer options) still outweigh the risks (a tsunami of scams).
Everyone always asks that but without saying what the financial institutions should be doing.
Everyone always asks and sometimes someone suggests partial if not perfect improvements, such as Professor Haskell-Dowland as related in this article.
For those disinclined to click through and the read rather long text the salient paragraphs include:
ISP tracing and linking BSB and account numbers to a name during the transfer process should be introduced as a starting point. Automatically delaying larger transfers to unknown recipients until they can be verified is another option that the banks simply ignore, he says.
âSeveral transactions to a non-financial entity should surely raise a reg flag and result in a block being put in place. Thereâs a lot more that can be done in this area and Iâm surprised in the face of evidence, that this isnât being shut down in a matter of days by the industry watchdog. Itâs unacceptable that this is allowed to continue on,â Professor Haskell-Dowland says.
âBanks often hide behind the requirements being too technically difficult or the onus on privacy or that they canât possibly do it, but when pressed on the technical challenges of being able to verify the receiver of the funds, they know itâs not that difficult. I would have some level of sympathy for them if this wasnât 2023,â he says.
PayID and other security measures exist, but arenât mandated, he adds. âAnd of course, other banks in other countries manage it perfectly well,â he says.
They said, and I suspect another they will say. it is not obvious which they has more credibility but our banks do not have much track record of customer care so I start with bias.
Iâm not going to go into bat for banks but this does seem like a bit of a âshoot the messengerâ sort of proposal.
What about the telcos who allow the scam messages to be sent? Or the facebooks of the world who advertise scams on their platforms (and take money for it)? Finally, doesnât a person have to take some responsibility for avoiding investment scams?
Maybe a better way would be to apportion blame based on the whole nature of the scam? What if the bank warns you and you proceed regardless, should the bank still be liable?
There are other topics on the Community linked near the top of this closed one.
and an older dormant one but making the point
A more recent iteration
and others. Few of us here have tunnel vision on the complexity or the basket of those industries who could individually do something about it.
I personally disagree calling the banks out as a âshoot the messengerâ is relevant since the banks are where the rubber meets the road transferring money. While every gullible individual might not be stopped from doing something stupid there is evidence reasonable steps could be put into place to reduce the occurrence.
Whatâs your idea of a reasonable step?
As above. All technologically feasible if the antagonists (banks) are coerced or forced. Dividends are important, customer welfare less so as evidenced by their reticence to do anything at all but educate customers to fend for themselves.
Yes and no.
In the Suncorp case in the Choice article, I believe that the bank has little responsibility. The customer instigated the transaction and Suncorp fulfilled this request. If say Suncorp were told that it was a Bendigo Bank account, did the checks and withheld the transfer because this was the case, what would happen if the customer was in err and the transaction was important, such as a deposit for a house. A deposit which had to be transferred on that particular date. Failure to transfer results in the contract being terminated and someone else buying the house. This would be a reputational disaster for the bank.
Say the Commonwealth Bank account had been flagged in the past (in hours or days before the time of the transaction in the article) as being a potential mule account and the Commonwealth Bank didnât take any action. Action such as blocking ability to send transactions from the account or suspending access to the account. In such case, the Commonwealth would be negligent as they knew the account was potentially used for criminal actions and did nothing, allowing the scammer to succeed with another scam victim. The Commonwealth should be liable in such case.
I personally believe the Australian Banking Association members should be levied to set up a special team which accepts and takes action as soon as a potential mule/account for criminal purposes is reported. Reports from law enforcement, other banks, ScamWatch, victims, telecom providers etc could be reported directly to the team which then immediately suspends the account to prevent further potential victims.
While this wonât stop all scam victims, understanding potentially at least one could occur before a report is instigated and actioned, it would make success of scam decline over time as mule or criminal accounts are shut down. Criminal accounts would also include those say acquired from account holders were accounts are no longer needed.
I also believe that taking an approach that any bank that facilitates a transaction to a criminal/scammer is somehow always liable, will just encourage individuals to take more risks without doing due diligence checks which might otherwise have occurred. If I knew a bank covered me for my actions, I personally would take greater risks.
I donât know what this is but the banks always point out that they simply donât have access to or control over whatever happens in the telecommunications space - and telecomms is clearly part of the problem. Both banking and telecomms are heavily regulated by the government. Only the government can make âISP tracingâ happen in regards to transaction fraud whatever it even means.
There are many reasons not to do this.
So ⊠the government should regulate an end date for âpay anyoneâ.
Then we can stop talking about how to apply band-aids to it. 
Yes, with some caveats:
I think this highlights a problem i.e. the disconnect between a real-time world and the wheels of justice that move at snailâs pace.
While the above could sound good in theory ⊠what about due process? what if itâs your frigging account that just got shut down erroneously on the say-so of the government? how do you resurrect your account? how long does it take? what about the reputational damage to you from that? what about the financial losses to you from that? will you get compensated?
Not necessarily. Sure, if the seller wanted to bail from the transaction (but couldnât because they had no âoutâ from the contract) then failure to transfer will result in that. More likely, as previously commented by me, you will be served with a notice to complete and you will be financially liable for the cost of that notice and for the cost of the delays (which at crazy Australian real estate prices could add up, day by day).
PS to that ⊠I would also like to throw in there ⊠different delays depending on whether the funds are ultimately going overseas (but this would be complex to implement).
Once the funds get overseas you can pretty much say goodbye to them.
An interesting development. I received a notice from my main bank today that their terms and conditions for transaction accounts are changing in November.
I havenât trawled through all the changes in detail, and there are a lot of changes, but the gist of it is that there is a lot more that they will not accept liability for, and I would agree that the bank could charge me the cost of investigating disputed transactions that I had authorised in some manner. Like a pay anyone transfer, or a direct debit.
Nothing like a bank when it comes to understanding the priorities in making money for the management team and shareholders. Still waiting for our bank to return the savings from branch closures and digital services to the customer.
Needing to make an appointment to see a real staffer, how long before they start charging the customer by the minute for the opportunity?
⊠so true, and one might be forgiven for finding it difficult to get terms like âaidingâ âabettingâ and âfacilitatingâ out of ones thoughts, even considering personal responsibility âŠ
On a much smaller scale but completely unnecessary, I transferred $90 to someone who I soon realised was a scammer. 15 minutes after transaction I phoned the bank (ANZ), who of course were no help, they paid the scammers the $90 three days later!!
Donât give them ideas. 
(or equivalently the same thing already available with PayID)
One thing that bugs me about this is that we already know that the substantial majority of money lost to scams in Australia each year is lost to investment scams but âŠ
the two things suggested so far (verified name and delayed transfers) will probably do little to nothing for that scenario.
The delayed transfer does give you a cooling off period and increases the risk for the scammer that someone points out to you that you have been scammed before the transfer happens but at the end of the day if you believe the investment company is legitimate, you will probably not see anything wrong.
A delay could even work to the advantage of the scammer by training people not to follow up on their âinvestmentâ immediately. The scammer can just say that the money hasnât come through yet - and the government via the banking system will be making that true.
An the other thing with investments is payment doesnât often do direct to what is being invested in, but the person or organisation providing the opportunity to invest.
This means linking a BSB to a account number and name will have little benefit in such cases. If a scammer provided the correct BSB to a account number and name for an account, a (un)seasoned investor could assume that these could be correct since it is in effect the agent the investment is being sought through.
This topic is getting lost in the question of what is a scam and a scammer.
The bulk of reported scams by volume are low value phishing and similar problems. Now and then one makes the news because some unfortunate loses a significant amount but they stay in our minds as we all meet them, even if they are not highly dangerous most of the time.
The bulk of reported scams by value, are as Person said, about investments, where banks have little or no influence.
Until we make clear which problem we are talking about there is no chance of agreeing about a solution and blaming the banks for everything is a waste of time.
That was one of the things that I had in mind.
I think there is also a generic problem in dealing with companies as far as âname verificationâ goes.
Hands up everyone who has ever looked at a credit card slip or statement and thought: I donât remember paying anything to Exyparalimotrax Pty Ltd ⊠only to find out later on that that is the actual company name behind the local franchise of whatever. (For the avoidance of doubt, this is just a hypothetical example, not intended to reflect any actual company name, and any similarity is coincidental.)
This could be quite a low value transaction, so not worth following up - but seeing the name could even be more confusing.
Indeed. I took the OP (âsophisticated Telstra bond scamâ) as some kind of investment scam but I admit I havenât looked into the details of that particular incidence of scamming.
Itâs an interesting question of politics though whether the government should focus on âvolumeâ or âvalueâ. The former may be more closely aligned with the idea of treating the perception of crime (thatâs a quote from an infamous former NSW government minister). The latter may be of greater benefit to Australia as a whole.
I imagine that âname verificationâ would be useful against a âHi Mumâ scam, for example.
