Scams continue to be a significant problem in Australia and around the world, impacting both individuals and businesses. Over the years, reports of scams have dramatically increased, with Australians losing billions of dollars each year. During International Fraud Awareness Week (17-23 November 2024), we will delve into the distinctions between fraud and scams, identify those who are most at risk, and examine the movement towards regulated scam risk management in Australia. Additionally, we will investigate how international banks are working to prevent and identify scam-related payments while pointing out common vulnerabilities and outlining improvements needed for better scam management.
To clarify the difference between fraud and scams, fraud refers to unauthorised actions, whereas scams involve payments that customers willingly authorise. Fraud typically includes unauthorised access to accounts—such as identity theft—and is protected under Australia’s ePayments Code. In these cases, banks generally reimburse customers for their losses; some even provide a money-back guarantee for fraudulent transactions. Conversely, scams occur when individuals are tricked into making payments that they believe are legitimate. Since the customers themselves authorise these transactions, they usually bear the financial burden of any losses incurred from scams.
So, who is most susceptible to these deceptive schemes? In 2023 alone, Australians reportedly lost an alarming $2.7 billion to various scams, according to data from the Australian Competition and Consumer Commission (ACCC). Notably, older Australians experienced significant losses due primarily to investment-related scams; individuals over 65 reported a staggering $120 million in scam losses—a 3.3-fold increase from 2022. The methods used by scammers also reveal troubling trends: phone calls accounted for $116 million in losses; social media platforms saw $93.5 million lost; while text message scams experienced a remarkable 37.3% rise compared to previous years.
Job scams have resulted in a staggering loss of $24.3 million, with individuals from culturally and linguistically diverse backgrounds being particularly vulnerable. These victims often seek part-time employment or supplementary income to help manage the rising cost of living.
In Australia, the landscape of scam risk management is evolving into a more structured regulatory framework. In April 2023, the Australian Securities and Investments Commission (ASIC) released Report 7614, which examined how four major banks handle scam prevention, detection, and response. This was followed by Report 7905 in August 2024, which focused on anti-scam measures across 15 additional banks. Notably, both reports revealed that these financial institutions frequently needed to improve in having a comprehensive scam strategy in place. They struggled with delaying potential scam payments and lacked coherent methods for determining liability while also failing to respond promptly to victims.
In light of ASIC’s findings and the increasing losses Australians were facing due to scams, the government announced an $86.5 million budget initiative in May 2023 to fight scams and online fraud. This led to the creation of the National Anti-Scam Centre (NASC) in July 2023.
By September 2023, significant legislative progress was made with the passage of the Financial Accountability Regime (FAR) Bill through Parliament. This legislation introduced scam management as a crucial function that requires an Accountable Person to oversee various aspects related to it—ranging from development and maintenance to oversight and execution. Furthermore, directors and senior executives within APRA-regulated entities could face financial penalties if they fail to meet their accountability obligations; this includes deferring at least 40% of their variable remuneration for no less than four years for any non-compliance issues.
Entities surpassing certain thresholds will also be subject to new reporting requirements involving accountability statements and accountability maps, thereby enhancing transparency in their scam management practices.
Under the regulations set forth by APRA, directors and senior executives of regulated entities face potential financial penalties if they fail to meet their accountability responsibilities. This could result in at least 40% of their variable compensation being deferred for a minimum duration of four years. Additionally, organisations that exceed certain thresholds will have specific reporting requirements, including the submission of accountability statements and maps.
In November 2023 and September 2024, the Treasury introduced the Scams Mandatory Industry Codes and the Treasury Laws Amendment Bill: 2024: Scams Prevention Framework, respectively. These initiatives aim to implement significant reforms designed to improve governance and enhance efforts in preventing, detecting, reporting, disrupting, and responding to scams. Key measures proposed include a comprehensive range of protections for Australian citizens, visitors to Australia, and small businesses with fewer than 100 employees.
The framework will impose mandatory requirements on initially designated sectors such as banks, telecommunications providers, and digital platform services—focusing initially on social media platforms, paid search engine advertising, and direct messaging services. These obligations will be specifically tailored to address scam activities pertinent to each sector. In cases of non-compliance with these regulations, entities may face fines up to $50 million, while individuals could incur penalties as high as $2.5 million. Furthermore, pathways will be established for consumers seeking compensation after falling victim to scams.
The enforcement of this Scams Prevention Framework will adopt a multi-regulator approach, primarily led by the ACCC but also involving ASIC and the Australian Communications and Media Authority (ACMA). Notably, the proposed legislation includes provisions that would allow for its expansion into other sectors, such as superannuation funds and digital currency exchanges—areas that scammers frequently exploit.
The Australian Government is actively seeking input from stakeholders regarding these proposed changes while also assessing how these new regulations might impact privacy considerations and compliance costs within the framework.
Navigating the Regulatory Landscape for Scam Management in Australia
As Australia shifts towards a more structured regulatory framework for managing scams, many banks, telecom companies, and social media platforms are proactively enhancing their Scam Prevention Frameworks. They are aligning their strategies with the expectations outlined in ASIC reports and proposed legislation rather than waiting for formal regulations to take effect.
Globally, banks have adopted various effective methods to combat scam payments. These include payment profiling techniques that allow them to halt or block suspicious transactions; however, some institutions may still process the payment despite red flags. Additionally, risk-based interventions involve contacting customers to verify transactions and potentially delaying processing if concerns arise. Real-time monitoring plays a critical role as well, enabling banks to identify and block mule accounts—accounts manipulated by scammers for laundering stolen funds—and preventing high-value transfers to cryptocurrency exchanges.
In terms of detection strategies, many banks are leveraging artificial intelligence for fraud modelling and behavioural biometrics to spot anomalies. They conduct real-time network analyses that help identify mule accounts receiving scam-related funds while also improving dynamic warning systems designed to disrupt the scam payment process.
Despite these efforts, FTI Consulting has pinpointed several significant gaps in banks’ approaches to preventing scams on a global scale. Not all financial institutions conduct thorough scam risk assessments or maintain detection rules explicitly tailored to various scam tactics. There is often a lack of real-time network analysis capabilities and insufficient monitoring of customer interactions while banking online—such as whether they are on calls during transactions. Moreover, protection against brand spoofing remains inadequate along with missing orchestration layers that could enhance risk scoring across different technologies aimed at monitoring scam transactions.
Additionally, there is little oversight regarding operational costs associated with managing scams and a failure to recognise customers who may be particularly vulnerable to such threats—resulting in responses that do not adequately address individual needs. Finally, awareness around deepfakes and bank spoofing continues to lag behind the evolving tactics employed by scammers.
The current landscape reveals a significant need for real-time network analysis, leaving banks unable to monitor whether customers are engaged in phone conversations while conducting their banking activities. Additionally, there is inadequate protection against scammers who impersonate bank brands, further complicating the situation. The absence of orchestration layers means that risk scoring for monitoring scam transactions needs to be more cohesive and effective. Furthermore, banks need to be more effectively tracking operational costs associated with scams, leading to a failure in identifying customers who may be particularly vulnerable and tailoring appropriate responses to their needs.
The rise of deepfakes and bank spoofing techniques highlights the urgent need for customer awareness and detection strategies. This concern is especially pressing given that digital account openings frequently involve selfies, which can easily be manipulated through deepfake technology. Scammers are also becoming increasingly sophisticated in their methods, capable of mimicking bbankholdmusic and recorded messages with alarming accuracy. To combat these threats, treater customer education is essential.
Currently, many banks rely on manual data collection from various sources while deploying large fraud operation teams on a broad scale. This approach falls short compared to the potential benefits of implementing automated systems powered by artificial intelligence that could streamline investigations by consolidating disparate data points more effectively, guiding alert handlers through the process, and assisting in drafting initial case findings.
Banks have put forth a list of essential changes that could significantly enhance their operations. One key proposal is the establishment of a consortium for data sharing, which is vital for creating an integrated payment network that can effectively identify threats and facilitate monitoring of destination accounts. They also emphasise the need for increased involvement from social media platforms in combating payment scams. Currently, banks notify these platforms about fraudulent activities, but there is potential for improvement through more proactive measures to detect and shut down scammer accounts and their operations.
Another suggestion involves implementing a cooling-off period before recipient banks are allowed to release funds funnelled through various accounts. The rapid nature of faster payments has led to challenges in recovering scam-related funds, as they often quickly move through mule accounts and offshore entities, complicating recovery efforts. Slowing this process down would make it easier to reclaim scammed money.
Additionally, there is a call for a government-led campaign focused on scam awareness that mirrors the historic Slip, Slop, Slap initiative aimed at skin cancer education. While banks are initiating their awareness campaigns, they recognise that individuals who do not bank with them may need to pay attention to these messages. This underscores the necessity for a strong governmental effort to raise awareness about scams.
Furthermore, banks advocate for the ability to report global scam methods and enhance information sharing regarding typologies that are emerging in different markets. Scams often originate in one region and expand globally if they prove lucrative; therefore, facilitating worldwide information exchange would allow banks to customise their awareness initiatives and transaction monitoring systems better, ultimately improving their capacity to prevent and identify new scam tactics as they arise.
Maxthon
In today’s digital age, safeguarding your online banking information is crucial, especially when using the Maxthon browser. To begin with, it’s essential to create strong passwords for your banking accounts. Opt for unique combinations that incorporate uppercase and lowercase letters, numbers, and special characters. Steer clear of easily guessable details like birthdays or pet names.
Next on the list is enabling Two-Factor Authentication (2FA) if your bank provides this feature. By activating 2FA, you add a security layer; typically, this means you’ll receive a code via text or email that you need to enter alongside your password.
Regularly updating your Maxthon browser is also vital. Keeping it current ensures you benefit from the latest security patches and enhancements designed to shield against potential vulnerabilities.
Another essential practice is frequently clearing your browsing data. By regularly deleting your history, cache, and cookies, you eliminate any sensitive information that hackers who might access your device could exploit.
Utilising Maxthon’s privacy mode can further enhance your safety while conducting online transactions. This feature allows you to browse without saving data, such as cookies or site information, from your sessions.
Additionally, consider installing reputable security extensions or antivirus plugins compatible with Maxthon. These tools can offer real-time protection against phishing attempts and malware threats.
It’s equally important to remain vigilant against phishing scams. Always verify the URL of the banking website before logging in, and avoid clicking on links in emails or messages that claim to be from your bank unless you’re sure of their authenticity.
Finally, remember to log out of your online banking session after completing any transactions. This simple step helps prevent unauthorised access should someone else use your device afterwards.
Adhering to these guidelines will significantly enhance the security of your online banking activities when using the Maxthon browser.