Have you ever started an online banking payment, then hesitated before clicking ‘send’ because you weren’t sure you had the recipient’s details right?
As scams persist, banks have launched a new $100 million payment verification system designed to solve the problem.
The new system, called Confirmation of Payee (CoP), cross-checks the details of customer payments to ensure that the account name, BSB and account number of the recipient’s account match what the sender believes them to be.
It targets common scam activity, such as when scammers actively manipulate victims into transferring money to their account – or in invoicing scams, when scammers substitute their account details into real or fabricated invoices from service providers.
Developed by digital payments consortium Australian Payments Plus (AP+), the system “is a simple concept [that] is all about giving customers greater control and confidence when making payments,” AP+ chief payments and schemes officer Adrian Lovney said.
While some banks have independently offered such a service for some time, those services only worked inside each bank; implementing CoP at an industry level extends anti-scam protections so account details can be verified across all Australian banks.
Calling CoP “critical new technology that will help protect a customer from transferring money straight into the hands of a scammer,” Australian Banking Association CEO Anna Bligh said it “ensur[es] customers are protected regardless of who they bank with.”
Big Four banks were heralding the technology’s benefits, with the CBA, Westpac, ANZ, and NAB all showing public support while mutual banks, Customer Owned Banking Association chair Elizabeth Crouch said, welcomed the “big leap forward”.
For scammed customers, it’s about time
Industry-wide support for CoP will be a breath of fresh air for customers who have been frustrated by the inaction of banks, which have continually pushed back against demands they share the onus for cybercriminals’ pillaging of customer accounts.
For years, even careful customers have struggled to get support after being scammed and faced an “uphill battle” for redress – even where cybercriminals attack banks and steal credentials of legitimate employees – leaving them reeling from the losses.
Universal availability of CoP will help smaller banks that, a recent ASIC analysis found, are detecting just 19 per cent of scam transactions – leaving customers to absorb 96 per cent of scam losses as they struggle to stay ahead of ever more versatile scammers.
Regulators have been limited to enforcement action after the fact – with ASIC, for example, suing HSBC late last year alleging that the bank failed to have “adequate controls” to detect fraudulent activity, monitor payments, and verify customer ID.
Earlier this year, the Australian Financial Complaints Authority (AFCA) was given new powers to investigate banks that receive scam funds – yet with new concerns that superannuation funds are next in cybercriminals’ sights, the battle is far from over.
“Technology enables these criminals who can move incredibly quickly,” said Chris Sheehan, a former AFP executive and current executive with NAB Group Investigations.
Calling CoP “another example of the banking industry collaborating to disrupt the scam ecosystem and protect customers,” Sheehan said “we need all parts of the ecosystem focused on prevention to help stop the crime and drive these criminals out of Australia.”
Scammers are still milking the Australian cash cow
CoP’s introduction comes as the National Anti-Scam Centre (NASC) calls for businesses to play a stronger role in disrupting scams – which took $119 million from Australians during the first four months of this year alone despite declining overall.
Investment scams accounted for $73.3 million of this, according to ScamWatch, with 2,870 reported incidents so far this year – and warnings flying thick and fast as scammers impersonate employers, crypto exchanges, and even the ACCC itself.
Scams are expected to surge after this month’s breach of 6 million Qantas customers’ data, with Swinburne University dean of digital research Professor Yang Xiang warning customers to “prepare for a wave of convincing scams that exploit the leaked details.”
“The leaked identifiers are… a powerful weapon for follow-on fraud,” he said, warning “attackers can craft highly convincing phishing emails or text messages that quote a customer’s flight history or status tier to harvest login credentials or two-factor codes.”
While the number of scams reported declined by 24 per cent to 72,230, NASC noted that financial losses from those scams grew by 28 per cent over the same period last year – still down from the $193.2 million lost during the first four months of 2023.
Financial services companies are by far the most common vectors for scams in the APAC region, security firm Group-IB recently reported, with 79 per cent of victims hit by financial services related scams.
“Scams are affecting Australians of all ages, often beginning with an unprompted or unexpected contact via social media and other digital platforms,” ACCC deputy chair Catriona Lowe said.
“Businesses in all industries need to stay alert to the risk of scams and adapt their systems to keep customers safe,” she added, noting that by “sharing information… organisations can help disrupt scams faster and reduce the harm they cause.”
