As Australians succumb to scams at breakneck pace, the banking industry has redoubled its efforts to promote the New Payment Platform (NPP)’s PayID service as a way of stemming losses by customers that handed over more than $2 billion to scammers last year.
PayID, which links bank account details to a mobile number or email address that can be used to direct real-time NPP payments, has been positioned as an easier-to-use alternative to conventional BSB and account number methods – which can see funds sent to the wrong account if even one number is entered incorrectly.
More than 11 million PayIDs have been registered since its February 2018 debut – with the service now carrying more than 17 per cent of all real-time payments – but a new Australian Banking Association (ABA) campaign is aiming to increase those numbers even further.
The campaign, called ‘Australian Banks: Working To Protect You’, is designed to “accelerate the growth of these payments,” ABA CEO Anna Bligh said in helping launch the awareness initiative.
PayID “helps to stop scams,” she added, “because unlike a traditional payment, the payer can see a confirmation screen, which includes the intended PayID name, before they confirm the payment.”
The additional verification will be particularly useful for businesses targeted in payment redirection scams, in which fraudsters impersonate a business by sending one of its customers an invoice with their own account details.
Payment redirection scams took $227 million from Australian businesses last year alone – a 77 per cent increase compared to 2020 – and a recent ACT tribunal decision confirmed that even victims suffering demonstrable fraud may still end up paying stolen amounts twice.
The partnership between banks and the ABA – which includes a range of promotional material to educate customers about PayID’s anti-scam capabilities – has been welcomed by the Customer Owned Banking Association (COBA), which has thrown its weight behind the initiative.
The campaign “is a strong message to scammers from both the ABA and COBA that Australian banks will continue to invest in digital security and educate the public on how they can protect themselves and their finances from fraud,” COBA director of financial crimes and cyber resilience Leanne Vale said.
“We will continue to promote activities that keep people safe from financial crime.”
In PayID we trust?
For all the support behind the awareness campaign, however, it is just part of the response of a banking industry that is under increased pressure to help stem the $2 billion in losses reported during 2021 alone.
That included $701 million lost to investment scams last year – an amount that is already on track to be beaten this year, with more than $205 million lost by Australians between January and April, up 166 per cent from the same period last year.
“As a community we need to focus more effort on disrupting and preventing scams,” ACCC deputy chair Delia Rickard said in introducing that agency’s recent Targeting Scams report, “both by stopping scammers connecting with potential victims in the first place as well as stopping money reaching scammers.”
Rickard called for “confirmation of payees by banks” as a key initiative that would help step payment redirection scam losses.
By pushing to increase the use of PayID, the new ABA campaign answers that call by increasing the visibility of financial transactions – although it still leaves the onus on payers to ensure that the recipient of their money is the person or entity they intend to pay.
PayID has faced its own challenges in the past, such as a 2019 incident in which an attacker stole the details of 100,000 Westpac customers by abusing the service’s lookup function; in another incident that year, an architectural vulnerability was found to have exposed a range of customer details.
With PayID a clear target for cybercriminals, such incidents reflect the high-stakes battle between banks and those who would abuse their technological investments.
“There is no case to relax our efforts,” Rickard said, “as we are in the equivalent of an arms race with scammers constantly finding new ways to get around disruption efforts.”
