A gap in the nation’s banking security is leading thousands of Australians to inadvertently send more than $2 billion to scammers every year, experts say.
The Australian Competition and Consumer Commission (ACCC) is calling on banks to put in place stronger name checking procedures for transactions between accounts.
Currently, Australian banks do not automatically block transactions where the recipient name listed by the sender does not match the name of the receiving bank account holder.
This results in unsuspecting bank customers sending millions of dollars to fraudulent accounts every day.
The scams are sophisticated, with the criminals often infiltrating customers’ email clients to gain access to legitimate invoices the customer is expecting. The criminals then send imitations.
Although banks ask customers to enter an account holder name along with the BSB and account number when transferring money, the name is not automatically checked.
“We do think this is an important issue confirming who the payee is,” says ACCC chairman Rod Sims.
“Some banks say there are other things coming along that will fix the problem. I’d be asking the banks, if you have an alternative, how far away is it?”
The poor security measures are having a devastating effect on many lives.
Braeden Cester told the ABC he lost more than $33,000 – his deposit for his first home – when scammers gained access to his builder’s email system and sent him an invoice.
“I felt pretty sick,” Mr Cester said. “I didn’t expect it to happen – my first big payment for the house.”
He discovered a few weeks later that no invoice had been sent by his builder, and no money had arrived in the builder’s account. He says he contacted the two banks involved in the transaction and was told there was no way to recover his money.
“We’re using their technology, transferring money from one account to another. If it’s not the right details or something like that, they should have a system to stop that from happening,” Mr Cester says.
The security issue is concerning enough but the Reserve Bank of Australia (RBA) says a successful cyberattack on an Australian bank is highly likely.
“[Given] the very large number of attacks, it seems almost inevitable that at some point the defences of a significant financial institution will be breached,” the RBA says in its Financial Stability Review.
“Whether such an attack could result in systemic financial instability will depend not only on the part of the financial institution or system impacted and potential network effects, but also the cyber resilience of that institution and financial system.”
Scams of all kinds have been skyrocketing in the past two years.
“Last year, scam victims reported the biggest losses we have seen, but worse we expect the real losses will be even higher, as many people don’t report these scams,” says ACCC deputy chair Delia Rickard.
“Unfortunately scammers continue to become more sophisticated and last year used the COVID-19 pandemic to scam and take advantage of people from all walks of life during this crisis.”
Have you been receiving more scam text messages and emails during the pandemic? What should be done to safeguard bank accounts? Let us know in the comments section below.
If you enjoy our content, don’t keep it to yourself. Share our free eNews with your friends and encourage them to sign up.