In Australia, fraud victims foot the bill for the overwhelming majority of cash lost to fraud every year.
2023 review by the Australian Securities and Investments Commission (ASIC) found that banks detected and stopped only a small proportion of frauds. The total amount paid by banks in compensation pales compared to their total losses.
So it was a robust statement this week when it was revealed that it had been made by the Australian Financial Conduct Authority (AFCA). ordered bank – HSBC – to compensate a customer who lost greater than $47,000 to a complicated bank impersonation or spoofing scam.
This decision was significant. The AFCA decision is binding on the relevant bank or other financial institution that holds it no direct right of appeal. This may have an effect on the way similar cases are treated in the future.
The ruling comes amid a broader push for sector-wide reforms that will allow banks to be more accountable detectiondeterring and responding to fraud, fairly than simply telling customers to be “more careful.”
Here’s what it’s good to learn about this landmark ruling and what it could mean for consumers.
A highly sophisticated spoofing scam.
You may be accustomed to push payment scams, which trick victims into depositing money right into a fake account. These include “Mom, I lost my phone” fraud and others romance fraud.
The a recent case concerned an equally damaging ‘bank spoofing’ or ‘counterfeiting’ scam. The complainant – referred to as ‘Mr T’ – was duped into allowing the fraudster access to his HSBC account from which the unauthorized payment was made.
tsingha25/Shutterstock
The scammer sent Mr. T a text message, purporting to ask him to research an attempted Amazon transaction.
While trying to reply to a (fake) unauthorized purchase on Amazon, Mr. T revealed security codes to the fraudster, allowing him to transfer $47,178.54 from his account and disappear with it.
The proven fact that Mr. T. was coping with fraudsters was not obvious – the fraudsters had details about him that might reasonably be expected to be known only to the bank, e.g. his bank username.
Moreover, the fraudulent text message appeared in a thread of other legitimate text messages that had previously been sent by the real HSBC.
AFCA decision
HSBC argued to AFCA that under Art E-payment codea voluntary code of conduct administered by ASIC.
Under this code, the bank is just not obliged to compensate the customer for an unauthorized payment if the customer has disclosed his password. The bank argued that the complainant had voluntarily disclosed these codes to the fraudster, which meant the bank didn’t must pay.
AFCA disagreed. He noted that the deception worked by making a sense of urgency and crisis. AFCA found that the complainant had been manipulated into revealing the access codes and had not acted voluntarily.
AFCA awarded damages covering the overwhelming majority of the disputed transaction amount, lost interest accrued on the home loan account, and $5,000 to cover Mr. T’s legal costs.
He also ordered the bank to pay $1,000 in damages for poor customer support in handling the matter, including delays in communication.
Mick Tsikas/AAP
Other cases may be more complex
In this case, the determination was relatively easy. It found that Mr T had not voluntarily disclosed his account information and was due to this fact not excluded from receiving compensation under the Electronic Payments Code.
However, many payment frauds fall outside the scope of the Electronic Payments Code because they involve the customer sending money on to the fraudster (versus the fraudster getting access to the customer’s account). This means there isn’t a code for direct compensation.
Nevertheless, AFCA’s jurisdiction is broader than the mere application of the Code. When considering compensation for losses arising from fraud, AFCA must consider what’s “fair in all the circumstances.” This means taking into consideration:
- legal principles
- applicable industry codes
- good industry practice
- previous AFCA decisions.
Relevant aspects may include whether the bank has been proactive in responding to known fraud, in addition to the challenges individual customers face in identifying fraud.
Wider reforms are underway
At the heart of AFCA’s findings is the recognition that it might increasingly be nearly inconceivable for customers to detect sophisticated fraud, which can mean they should not acting voluntarily when making payments to fraudsters.
Similar reasoning has been utilized in quite a lot of recent reform initiatives that place greater responsibility for detecting and responding to fraud on banks fairly than on their customers.
In 2023, the Australian banking sector committed to introducing a brand new “Fraud-safe agreement“. This means a commitment to implement latest customer protection measures, including recipient service confirmation, delays for latest payments and biometric identity checks for latest accounts.
Primakowa/Shutterstock
The changes on the horizon may be more ambitious and significant.
Proposed Fraud prevention framework the laws would require Australian banks, telecommunications corporations and digital platforms take reasonable steps to forestall, detect, report, disrupt and reply to fraud.
It would also include a compulsory external dispute resolution process, comparable to under AFCA, for consumers in search of compensation in the event of failure to comply with any of those institutions.
Fighting fraud is just not just an Australian problem. Newly introduced in the UK rules require paying and receiving banks to compensate customers for losses resulting from fraud as much as £85,000 (S$165,136), unless the customer is grossly negligent.
