Digital banking could open door for scammers, experts say

When Amy received a call from her bank last year, she had her mind on other things.

She was used to receiving calls from her bank from a No Caller ID number, but she was still hesitant to trust the man with a British accent on the other end of the phone.

“I didn’t trust them at first,” Amy said, who asked for her name to be changed because of concerns about her privacy.

“But they knew where I lived, my date of birth, and what transactions were going in my account.”

The man said her bank account had been compromised and he needed to verify her identity.

He followed a script Amy had heard before from ubank, and a text message was sent to her phone and she read the code out to him.

Amy then watched as her savings were drained in front of her eyes.

Ubank interface
Ubank customers have been the target of scammers in the past. (ABC News)

Amy fell victim to a common scam targeting digital banks where fraudsters persuade their victims to authorise immediate push payments.

Ubank, which was taken over by NAB in 2021, is what’s known as a neobank – online-only financial outlets that have operated in Australia since 2018.

Steve Worthington, a marketing professor at Swinburne University, said there was optimism digital banks could stimulate a “stagnant” financial market and offer services that appealed to digital natives.

But there have been security challenges.

“Neobanks and digital banking in general has opened the door for fraudsters,” Professor Worthington told the ABC.

“They can persuade their victims to transfer money themselves with immediate authorised push payments.”

12-hour wait for answers

Many neobanks still allow instant payments to new payIDs and new account numbers.

They also text customers and use a No Caller ID for security communications.

And with no branches, and generally no call centres, customers in crisis are often left struggling to get help.

Amy tried to reach ubank’s customer service hotline as soon as she got off the phone to the scammers.

“It wouldn’t go through,” she said.

“The line kept on ringing, and ringing and ringing – it took four or five times for an actual operative to pick up.”

When she finally got through, it was too late.

“The [customer service agent] said she would stop all transactions from going out of my account,” Amy said.

“But at that point, $16,000 had been lost already.”

It was another 12 hours before Amy was able to speak to someone from ubank’s team about where the money had gone.

Out of the $16,000 taken from her account, $7 was recovered.

Amy later found out her money had been sent to a bank account that was opened using stolen details.

“I was in such a vulnerable spot, and I was very depressed at that point, and in a situation where I was vulnerable, ” she said.

“My bank said ‘well, too bad’.”

Text messages shown on a mobile phone held in the palm of a hand
Many experts have referred to the increase in scams in Australia as a crisis. (ABC News: Eric Tlozek)

Unique challenges for online banks

Ubank’s head of everyday banking Andrew Wright said the bank would always do “whatever it could” to get stolen money back from criminals, and was working on toughening up its security and online presence.

“Unfortunately, recovering funds is extremely difficult for a number of reasons including the speed with which criminals move money, often overseas or to unregulated cryptocurrency platforms,” he said.

“Ubank processes tens of thousands of payments every day and scams are often extremely hard to detect because, in many instances, a scammer has coerced a victim into giving away important security details.”

Mr Wright said ubank accepted this was the customer authorising the transaction, and there was little they could do.

“We are working proactively with industry, regulators and law enforcement to continually enhance the way we facilitate fast payments for customers whilst helping them identify scams and protect themselves from losses.”

The National Anti-Scam Centre said ubank had appeared in at least 490 of its complaints in the past year, and the total reported financial loss for that period was just over half a million dollars.

Last year, Australians lost $2.74 billion to scams, with a significant majority relating to banking and finance.

Online banks easy for scammers to copy

University of Melbourne cybersecurity expert Shaanan Cohney said as banks moved online and away from the typical brick-and-mortar model, experts were witnessing more security challenges.

“If a consumer is used to dealing with a bank through wholly online means, they are less likely to be surprised if they get a message that purports to be from the bank over one of those online channels,” he said.

“These scams are totally not limited to ubank, and you’ll see similar scams purporting to be from the Commonwealth Bank and similar.”

He said often neobanks use more casual language to appeal to younger customers, which could be easier for scammers to replicate.

“Some of the messaging that they’ve used legitimately can be used by scammers,” Dr Cohney said.

“That doesn’t mean they’re targeting ubank because ubank has weak security: it means they’re able to replicate the messaging that those types of banks use to the customers.”

Who pays the price?

According to a report by the Australian Institute of Criminology into scams, data leaks have also made it easier for scammers to set up accounts with stolen details.

Consumer Law Action Centre policy director Tania Clarke said her organisation had written to the Australian Prudential Regulation Authority about banks failing to pick up criminals using banks.

“APRA is responsible for making sure that the banks are following its risk standards and codes – including making sure banks aren’t using money for proceeds of crime and money laundering.

“The banks have a liability because they’re allowing it to happen.”

A person holds an iPhone with the banking apps for ANZ, Commonwealth Bank, NAB and Westpac open.
Data leaks are making it much easier for scammers to set up accounts with stolen details. (ABC News: Dannielle Maguire)

Ms Clarke said her organisation was calling on banks to reimburse customers who were scammed.

The UK established a payment systems regulator to address Authorised Push Payment (APP) fraud, after nearly 500 million pounds was lost to the scams in 2023.

And from 7 October, payment service providers will have to reimburse victims of APP fraud.

Prof. Worthington said the UK regulator would also name and shame banks that did not investigate scams and reimburse customers.

“There are other countries where confirmation of payee is imposed, and banks are forced to confirm that the person is genuine,” he said.

“They are also pushing for big tech and telecommunications companies to pay in the fight against scams.”

Australian Banking Association chief executive Anna Bligh said Australian banks had some of the strongest anti-scam protections in the world, noting a 13 per cent drop in scam losses last year.

She said banks endorsed the government’s plan for mandatory industry codes, but rejected the concept of reimbursing customers who were victims of scams.

“Scam losses are reducing at a much faster rate in Australia than in the UK,” Ms Bligh said.

“A reimbursement-style scheme would put an even bigger target on the back of every Australian.”

A smiling woman in a dark blouse.
Anna Bligh says Australian banks have some of the strongest anti-scam protections in the world. (ABC News: Michael Barnett)

Vigilance is key

University of Griffith professor of finance Robert Bianchi said Australia was playing catch-up with the rest of the world.

“This is why scamming is very prolific here,” he said.

Professor Bianchi said there should still be obligations for banks to provide face-to-face support.

“Banks hold our life savings … they have a social obligation to offer a branch, physical offices and give out physical cash,” he said.

“It might not be the profitable part of the business, but that’s the cost of being a bank in Australia.”

Prof. Worthington said without a physical branch to help verify accounts, customers needed to be vigilant.

He said scammers have been increasingly hacking into emails to impersonate conveyancers or real estate agents to provide false account numbers.

This could lead to customers losing entire home deposits.

“You need to be very sure with this confirmation of payee that you are paying digitally to the right person with a valid, genuine bank account,” he said.

“Because digital banking is a gift to fraudsters … the thing to bear in mind is that when you act with speed, you may also regret with leisure.”

© 2020 Australian Broadcasting Corporation. All rights reserved.
ABC Content Disclaimer

The Conversation
The Conversationhttps://theconversation.com/au/who-we-are
The Conversation Australia and New Zealand is a unique collaboration between academics and journalists that is the world’s leading publisher of research-based news and analysis.
- Our Partners -

DON'T MISS

- Advertisment -
- Advertisment -