- Analysis
- Money
- Planning & budgeting
- Scams
Who should foot the bill for Australia’s scam epidemic?
By Matthew Spain
The rise of scams has become a pressing issue, with Australian victims losing almost $3 billion to scams last year alone. In a world where our lives are increasingly online, scammers are now exploiting social media platforms and dating apps in creative ways to cause significant financial harm to even the most tech-savvy of us.
Ironically, the technology that helps businesses detect scams is also helping scammers: AI-generated content and deepfakes on social media platforms have only heightened the issue as scams become harder for humans to detect. This raises an important question: who should bear the cost for these losses?
When a victim is tricked into making a payment to a scammer’s account, Australian banks and digital platforms are not currently obligated to reimburse them. Other jurisdictions take a different approach. In Britain, from October banks will be legally required to reimburse scam victims with few exceptions. Whether Australia should adopt a similar approach has ignited debate.
There is a growing expectation that well-resourced companies, such as banks and digital platforms, should do more to prevent scam losses. Banks in particular play a pivotal role in scam prevention, detection and response.
While many banks, digital platforms and telco companies have already developed significant capabilities to mitigate scam risks, some have highly inadequate systems.
But detecting scams is not easy. Of the billions of transactions processed by Australian banks every year, only about 600,000 are reported as scams.
Shifting the blame entirely to banks with a “no questions asked” approach could potentially lead to unintended consequences.
Australia has been working hard over the past decade to ensure transactions are processed by banks instantaneously. The impact on the economy could be devastating if legitimate transactions were slowed down for scam testing or, even worse, if transactions were stopped because scams were incorrectly detected.
While victims of scams would be happy with the result, other customers wouldn’t appreciate payment delays or cancellations for the sake of a fraction of a per cent of the total number of bank transactions that might legitimately be subject to scams.
The Australian government is legislating a Scams Code Framework and new mandatory industry codes designed to be a “whole-of-ecosystem” approach. These focus on systems, processes and information sharing and will initially apply to banks, telco companies and social media platforms, with digital currency exchanges, superannuation and online marketplaces to follow.
It’s unclear when this legislation will be tabled, but the government has indicated it is a priority. There are many obligations proposed for banks under the framework. Banks may have to implement processes to verify that a transaction is legitimate if a customer undertakes activity that’s identified as higher risk than normal. They may also be required to share information with other banks if an account or transaction is suspicious.
But in terms of compensation, banks will only be liable to reimburse a scam victim if they haven’t complied with the Scams Code Framework and the victim loses money.
Where multiple entities in the ecosystem are involved in a transaction or the subject of a scam, the liability may be shared across those entities even if they’re across different industries, such as banks, telcos and digital platforms.
This proposed framework doesn’t go as far as the UK’s new legislation. Shifting the blame entirely to banks with a “no questions asked” approach could potentially lead to unintended consequences, like a rise in legal disputes of this kind.
The circumstances of each scam are different, and in certain situations, there may be a level of user responsibility. Even the best preventive measures by banks or social media platforms, including those proposed in the Scams Code Framework, may sometimes fail to catch a scam in action as scammers become more sophisticated.
If entities in the ecosystem, including banks, give sufficient warnings about scams and attempt to block or prevent them, it would be a harsh outcome if they are required to bear the ultimate loss for every scam.
There is no one-size-fits-all solution to the problem, but the status quo is not sustainable. The issue of who should bear the responsibility for scam losses requires a balanced approach.
A clear framework is needed, one that supports scam victims while ensuring that banks and digital platforms are not unfairly burdened if they have taken all reasonable steps to prevent scams and retrieve losses.
The best type of framework would incentivise companies to invest in technology that can prevent scams and stop transactions to combat a growing and evolving threat.
While the devil is always in the detail, what is known so far about the proposed Scams Code Framework and mandatory codes suggests they go a long way to achieving this. It’s important for the government to ensure the framework is sustainable, achievable and does not go too far.
Matthew Spain is a commercial litigation partner at Clayton Utz.
Expert tips on how to save, invest and make the most of your money delivered to your inbox every Sunday. Sign up for our Real Money newsletter.