The secret partnerships targeting financial crime
By Sarah Danckert and Sumeyya Ilanbey
Law enforcement agencies are increasingly looking to forge partnerships and data-sharing arrangements with big businesses such as banks and telcos in a united effort to stamp out cybercrime and fraud risks for Australian consumers and businesses.
With new scam legislation threatening to pass on some of the cost of the estimated $3 billion lost by Australians to financial crime each year to businesses, they are building an arsenal of systems to help detect and report cybercrime: from ransomware attacks, business email interruptions and scam text messages to AI-driven deepfake frauds.
AFP acting commander cybercrime Dean Chidgey said that public-private partnerships that combine the private sector’s technological firepower with the sophisticated systems of government agencies are helping in the war against cybercrime.
“There were 94,000 reports of cybercrime in the 2022-23 financial year. Certainly, Australia is a target-rich environment. We’re wealthy. We’re online. So this is not a problem that the APF can solve on its own,” Chidgey said.
Chidgey added that while AFP’s powerful tie-ups with the Five Eyes intelligence network and its Joint Policing Cybercrime Coordination Centre, known as the JPC3, have been important, working to harness the data and technology of frontline institutions was also vital.
“Probably the more impactful, or equally impactful, is the private, public partnerships that exist within that coordination centre with financial institutions and industry in particular,” he said.
Chidgey pointed to Operation Dolos, which has stopped fraud attempts to steal $85 million from businesses in the year to date, as another example of a private-public partnership combating business email compromise.
‘If we all uplift at the same time, it’s not just squeezing on one side of the balloon.’
James Roberts, Commonwealth Bank
The burgeoning area of private sector assistance in law enforcement was highlighted at the recent inquiry hearing by the Parliamentary Joint Committee on Law Enforcement, which fielded submissions from an array of private businesses – including cyber specialists and fintech groups – about their efforts to improve the detection of cybercrime.
The upcoming Global Financial Crimes Summit in Sydney will also bring together private business and law enforcement officials from the US, the Philippines, the Australian Taxation Office and the AFP.
Commonwealth Bank general manager of group fraud management services, James Roberts, who will speak at the summit, is optimistic that strengthening relationships between the private and public sectors will further reduce scams.
He points to the National Anti-Scam Centre’s “fusion cells”, which bring industry and government together to disrupt scams. The first fusion cell between August 2023 and February 2024 focused on investment scams, while the second is aimed at disrupting criminal groups advertising and offering jobs that do not exist.
“Everyone needs to uplift,” Roberts said. “If we all uplift at the same time, it’s not just squeezing on one side of the balloon and it bulges out somewhere else. It actually makes the problem smaller.”
A record 600,000 Australians reported scams in 2023 and lost $2.7 billion, according to the latest Australian Competition and Consumer Commission’s Targeting Scams report. It was the first time in six years that scam losses decreased year-on-year with the ACCC attributing it to an increased effort from banks and the federal government last year.
Roberts said there had been several wins over the past 18 months.
About a year ago, CBA alerted Optus to phishing scams some of their customers had fallen victim to, enabling the telco giant to block 47,000 text messages. Recently, CBA and ANZ shared 102 Facebook profiles their customers had identified as posting deepfake scam videos to Meta, which was able to link those accounts to other profiles and IP addresses to ultimately remove 8000 investment scam accounts.
Telstra also alerts CBA if one of their joint customers is on a phone call that “seems irregular and dodgy”, allowing the bank to be on the lookout for fraudulent internet banking. Roberts said it was hard to quantify exactly how much the intervention had saved Australians but that it would most likely be in the billions.
“A telco could block a dodgy website or an SMS from being accessed, but even if they’re doing their bit, the dodgy website still exists,” Roberts said. “So when we get the dodgy SMS, we give it to the telcos, but also public-private goes to the National Anti-Scam Centre’s takedown service, and they then correspond with the domain host to say ‘this is a fraudulent website, please take it down’.”
Banks also second staff to the Australian Federal Police, Robert said, to ensure data is shared with investigators more expeditiously.
Ken Gamble, head of private investigation firm IFW Global, said financial crimes were rapidly evolving, and Australia was facing a crisis that demanded immediate action.
“Law enforcement alone has struggled to keep pace with the sophisticated tactics employed by international scam syndicates,” Gamble said.
A spokesperson for the ATO said success in combating cybercrime and financial crime requires strong collaboration among law enforcement agencies, regulatory agencies and the financial sector.
“Public & Private Partnership (PPP) arrangements provide the opportunity to build relationships, establish trust, open dialogue and share information. The ATO is involved with a number of PPP arrangements both domestically and internationally.”
This includes the Fintel Alliance, a program led by the payments regulator Austrac made up of 29 Australian government and private sector organisations.
The Market Recap newsletter is a wrap of the day’s trading. Get it each weekday afternoon.