Crafting security: Australia’s strategic approach to combatting fraud

by George Iddenden, reporter, The Payments Association

Share this post

Authorised push payment fraud (APP fraud) accounted for 40% of fraud losses in 2022, according to the Payment Systems Regulator (PSR). Since the release of the PSR data, a tricky discourse has emerged regarding the mandatory reimbursement scheme that has followed as a proposed solution for the customer.

On 7 June  2023, the PSR released a policy statement announcing that payment service providers (PSPs) will be required to reimburse victims of APP fraud made via the Faster Payments Service starting in Q1/2024.

The mandatory reimbursement has caused discontent among PSPs, who believe responsibility should be shared among relevant parties involved in the transaction. This has prompted a standoff between the industry and the PSR on the matter.

In the meantime, His Majesty’s Treasury (HMT), alongside other relevant stakeholders, including The Payments Association, is discussing plans for a National Payments Vision and Strategy (NPVS) based on the recommendation of the Future of Payments Review, led by Joe Garner, ex-CEO of Nationwide Building Society and HSBC UK.

The report’s primary recommendation is that the UK government create a National Payments Vision and Strategy (NPVS) to bring together the domestic payments sector around a common strategic goal and simplify the payment landscape over time. The government has embraced this key recommendation and plans to release the NPVS later this year.

While the UK grapples with these challenges, let’s look at how Australia has tackled similar issues, setting a precedent with its strategic approach.

The Australian blueprint

On the other side of the globe, a similar review of the payments ecosystem in Australia commissioned by the government in 2021 prompted a strategic plan for the industry focusing on reducing fraud.

According to the report, there was a lack of leadership at a system-wide level needed to steer the payments ecosystem towards a shared vision and goals. This lack of clear vision has resulted in confusion for the industry and affected investment decisions related to major payments infrastructure.

The lack of preparedness for future changes and conflicting policies significantly weaken the regulatory architecture’s ability to serve consumers and businesses and effectively support productivity-enhancing innovations. It is imperative policymakers take the necessary steps to address these issues to ensure a robust and efficient regulatory system.

During the consultation, key principles were discussed, including efficiency, innovation, access, and trust. Priorities were also identified, such as safety and resilience, regulation, alignment with the digital economy, and modernisation of payments. The consultation also proposed high-level initiatives. After feedback was received regarding any missing milestones and initiatives, the Strategic Plan for Payments was published in 2023.

According to TPA head of policy and government relations Riccardo Tordera, the breath of scope that the NPVS has in the UK is much wider than that of Australia, with an emphasis on creating a new north star for payments rather than the detailed questions of how to combat fraud.

He adds: “That said, fraud will likely be part of our NPVS, and we can look at Australia’s progress in reducing financial fraud and learn from its successes. The main success is due to the National Anti-Scam Centre (or NASC), established to coordinate cross-sectoral action.”

The Australian payments landscape previously suffered from a lack of coherence and integration, with disparate objectives and unclear policy directives creating confusion and misalignment between stakeholders.

However, the introduction of the strategic plan has significantly addressed these issues by providing clear policy objectives and prioritised initiatives. This clarity extends to various aspects such as legacy payment systems, access to cash, cross-border payments, cybersecurity, and combatting scams.

The lack of preparedness for future changes and conflicting policies significantly weaken the regulatory architecture's ability to serve consumers and businesses and effectively support productivity-enhancing innovations.

In terms of governance, the Australian government has instituted a robust framework to ensure the strategic plan’s effectiveness and adaptability. The plan is reviewed regularly every 18 months to keep it aligned with evolving needs and challenges.

Moreover, the strategic plan recognises the importance of legislation, regulation, and industry technical standards in shaping the payments landscape. Regulatory changes, including the central bank’s enhanced authority to designate payment systems and the licensing requirements for all payment system participants, reinforce the implementation of industry standards and ensure the integrity of the payment ecosystem.

With Australia’s strategic framework in place, it’s instructive to compare this with the current situation in the UK, where the approach to combatting scams shows distinct differences.

The UK landscape as it stands

Australia’s approach to combatting scams diverges significantly from that of the UK, reflecting distinct regulatory philosophies and priorities. While the UK emphasises the ‘Contingent Reimbursement Model’, primarily focusing on reimbursing victims of unauthorised transactions, Australia adopts a broader strategy. 

It establishes national anti-scam codes, mandating minimum obligations for all stakeholders involved in the scam lifecycle, including banks, digital communication platforms, and telcos.

In the UK, however, reimbursement policies predominantly compensate scam victims, potentially ensuring revenue for criminals. In contrast, Australia’s approach recognises the limitations of reimbursement in curbing scams’ root causes, advocating for broader regulatory measures to prevent scams proactively.

The UK is perhaps getting it wrong because, despite the emphasis on reimbursing victims, there has been a minimal reduction in scam losses, with only a 1% decrease in the first half of 2023 and a 27% increase compared to 2020. In contrast, Australia’s multi-sectoral approach aims to disrupt scams at various touchpoints in the scam lifecycle, potentially yielding more effective outcomes.

Evidence from the UK Home Affairs inquiry into fraud suggests a significant proportion of scams originate from digital communication platforms, particularly Meta platforms.

Having seen the significant reductions in scam activities due to Australia’s rigorous policies, it's worth considering how similar initiatives could reshape the UK's approach to payment fraud.

Australia’s approach acknowledges this trend, seeking to regulate and hold accountable all entities facilitating scams, including digital communication platforms.

In summary, Australia’s strategy acknowledges the limitations of solely focusing on reimbursement and underscores the importance of addressing scams at their source. 

By implementing broader regulatory measures and holding all stakeholders accountable, Australia aims to disrupt scams and prevent their occurrence proactively.

The issue of reimbursement is making waves within the UK’s payments space. According to the Australian model, it should be shared among all stakeholders involved, including consumers, businesses, digital platforms, internet service providers (ISPs), telcos, investment firms, banks, the payment industry, and law enforcement agencies. 

Recognising this, Australian stakeholders advocate for extending national anti-scam codes to encompass ISPs and non-bank payment service providers, ensuring a comprehensive approach.

Similarly to the UK Home Affairs’ findings, critical attention is directed towards digital platforms, notably Meta, where significant vulnerabilities exist. While traditional media adhere to strict advertising standards, digital platforms must also be held accountable.

The primary opportunity lies in halting scams at their source, focusing on where consumers are socially engineered, such as on digital communication platforms, via SMS, or email. Notably, not all scams involve payments, highlighting the need for a broader regulatory framework beyond financial services.

To realise this opportunity, cross-sectoral responsibility must be reinforced by robust regulation. In Australia, the scams code consultation has identified the crucial role of the Australian Communications and Media Authority (ACMA) in regulating digital platforms. Leveraging existing frameworks, such as the SMS sender ID registry, suggests a logical extension to regulating ISPs, ensuring a holistic approach to combatting scams.

How Australia is planning to combat scams

Firstly, Australia recognises APP scams’ immense financial and human impact, predominantly perpetrated by transnational organised crime. Understanding the complexity of addressing scams, it plans to adopt a cross-sectoral approach, establishing the NASC to coordinate action across various stakeholders, including banks, consumer advocates, law enforcement, and digital platforms.

The NASC employs time-limited taskforces, known as fusion cells, to target specific types of scams, such as investment scams, which account for significant losses. Additionally, the government has initiated consultations for national anti-scam codes to impose minimum obligations on all players in the scam lifecycle, starting with digital communication platforms, telcos, and banks. Tordera praises the role of the NASC, citing it as a huge success.

The approach is crucial as scams intersect with various economic crimes and involve multiple touchpoints across the lifecycle. Collaboration among stakeholders, from consumers to digital platforms to banks, is incentivised to prevent and address scams effectively. The scam codes establish a whole-of-ecosystem regulatory framework to ensure appropriate measures are taken to prevent, detect, disrupt, and respond to scams.

Recognising the importance of criminal justice in combatting scams, Australia emphasises treating scams as crimes and leveraging international relationships, such as Five-Eyes and Interpol, to overcome jurisdictional challenges and disrupt economic crime syndicates.

According to Australian Payments Network chief executive Andy White, there are similarities between both the UK and Australian initiatives. “There are two areas worth highlighting: modernising payments infrastructure and reducing the prevalence of scams”.

On modernising the payments infrastructure, White discusses the phasing out of cheques, upgrading systems and maintaining access to cash. He adds: “The last of these is analogous to the UK government’s protection of access to cash services.  

“Meanwhile, the modernisation of payments infrastructure—including the Australian government’s intention to wind down the cheques system and support of an industry-led, phased transition away from BECS (the equivalent of BACS in the UK)—will have learnings for the UK’s New Payments Architecture (NPA) programme.”

On fighting the growth of scams, White explains that Australia’s approach differs from the UK’s contingent reimbursement model, and instead focuses on its NASC—established on 1 July 2023—and the forthcoming mandatory anti-scam codes, both of which involve multiple industries, thereby including digital communication platforms and telecommunications providers, as well as banks. That approach has seen some early success, with a 29% year-on-year decrease in scam losses over the last six months.

Having seen the significant reductions in scam activities due to Australia’s rigorous policies, it’s worth considering how similar initiatives could reshape the UK’s approach to payment fraud.

The results of the plan – is it working?

The effectiveness of Australia’s efforts is evident, with a nearly 30% reduction in scam losses over the past six months. This success can be attributed to various factors, including bank-imposed risk-based friction on payments, particularly concerning crypto transactions. 

For instance, an initiative from leading Australian bank Westpac involves asking customers key questions to assess transaction risks. The Commonwealth Bank of Australia (CBA) has imposed restrictions on crypto payments, resulting in a 37% reduction in scams. Positively, similar measures in the UK have led to a staggering 97% reduction in AI fake celebrity crypto investment scams, proving coherent strategies can have a massive impact.

Furthermore, Australia’s focus on combatting investment scams is underscored by the introduction of the Australian Securities & Investments Commission (ASIC)’s investment scam website takedown service, which removed 3500 such websites in the latter half of 2023, averaging 20 takedowns daily. Additionally, law enforcement agencies have ramped up actions against various forms of economic crime, both domestically and internationally, further contributing to the decline in scam-related activities.

Tordera attributes this to the fact that there is a greater shared responsibility among the payments community in Australia. He says this should be the same in the UK: “One of the key issues between this approach and the PSR new rules for FSP is that rather than just banks compensating victims, the wider community of telcos, big techs and social media platforms are brought into the mix of those who should share data and at the same the burden of responsibilities for financial crime.”

Strategic outlook

By targeting scams at their origins, the UK can substantially reduce the success rate of fraudulent attempts, shielding consumers and businesses from potential harm. 

Implementing measures such as confirmation of payee and risk-based friction in payments offers additional layers of security, instilling confidence and reassurance among stakeholders.

Enhanced trust in payment systems should extend beyond financial transactions to encompass digital communication platforms, phone communications, and messaging services. Ultimately, bolstering consumer and business confidence serves as a catalyst for broader economic benefits, mitigating the drain on resources caused by scam proceeds and fostering increased productivity through a more secure and resilient payments ecosystem. 

Given the successes observed in Australia, the UK must now consider adopting a more unified and proactive strategy to not only catch up but potentially lead in the fight against payment fraud.

Payments Review Summer 2024
Read the entire Payments Review summer edition here

More To Explore

Membership

Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.

Welcome

Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Continue reading

UK and Australia diverge on combating scams, focussing on reimbursement vs. broad regulatory measures. Subscribe to Payments Review to read the full article.

Subscribe to continue reading

Already a subscriber? Please log in to continue

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?