May 29 • 2023
Australia stepping up the regulatory response to scams – is this the start of liability shift?
Cybercrime is low risk, low investment, and high return. Not surprisingly, illegal financial gain is one of the biggest reasons for cyber-attacks. The result is a predicted USD 10 Trillion of damages by 2025. Our vision is to change that.
Written by Rob Tharle, Head of Product
I recently wrote here about the level of scams in Australia and the actions being undertaken. Over the last two weeks that have been two important announcements in Australia. First there was an announcement that the Australian Bankers Association has launched the Fraud Reporting Exchange. The FRX will help speed up the process for banks to share the details of mule accounts between them, to help attempt to stop further onward movement of the funds and allow a higher level of repatriation.
Secondly, the Australian Securities and Investment Exchange announce that it would bring in a cross industry code to hold multiple parties liable for refunding customers. This would cover banks, telcos and social media platforms as I’ve discussed recently here.
It will be interesting to see how these progress as these do not appear to be backed up by legislation yet, but neither was the UK’s first approach.
At CYBERA we are clear that greater data sharing is a key way to improve the response to scams. It’s why CYBERA exists, so it’s great to see this sort of thing developed as part of a wider set of activities to reduce fraud and scams.
But as the article points out, this type of data sharing is just one element of what’s required to help improve scam prevention and the response when it happens, building on these initiatives and the after the event data sharing of FRX.
What should FI’s do in order to improve their ability to detect, prevent and manage scams?
Firstly, FIs should have an easy and simple way for customers to report their fraud and scams to them. This is a key element in determining the speed of response. This needs to capture the correct details to enable action to be taken so needs to include details of the mule accounts. This can help reduce the operational costs of victims being on the phone as well as proving an improved experience.
Ideally, the victim is also provided with additional support resources for example how not to become a victim again, improving their online security and the ability to track progress of their case. This really helps the victim understand that there is action being taken, as well as allowing them to protect themselves.
In addition, victims need to report the case to law enforcement, so if the FI can do this on their behalf this simplifies the process for the victim when they are having a difficult time. And not just the local law enforcement, but also the law enforcement for the country of the beneficiary as these are increasingly multi-jurisdictional, especially when crypto is involved.
FIs then need to share the details with the Beneficiary organisation which is where the FRX comes in. However, it is not just domestic fiat payments, that need to be covered, but also international payments and crypto. Being able to get a quick response internationally can also lead to funds recovery.
Undertaking all these steps is key to improving the victim response and increasing the level of refunds and repatriation rates.
But it doesn’t stop there. FI’s should be taking more action against mules. As I’ve written here, FI’s also need to do more to combat mules as part of the wider need to disrupt cyber criminals and improve prevention and detection rates.
How should FIs improve their response to mules and scams?
FIs should take a multi-layered approach to these scams, throughout the customer lifecycle, to limit the ability of mules.
At account opening, check the applicants details against lists of known mules to reduce the number of mules onboarded. These checks should be undertaken regularly matching existing customers and their transactions against these data sets on an ongoing basis.
As well as participating on data exchanges domestically, FIs should also be checking globally for any references of their accounts being used as mules to gain intelligence at an earlier stage. This can form part of an overalls mule detection strategy.
Then there is Inbound and outbound fraud and financial crime transaction monitoring. Checking for known mule accounts and aliases such as phone number where appropriate to prevent fraudulent payments whether first or subsequent generations. This is a key part of prevention and helps to stop the customer being a victim in the first place.
CYBERA can help with all of these points, being completely complementary to schemes like the FRX. Reach out to us to find out more and checkout one of our case studies here.
At CYBERA we’re on a mission to stop money laundering and help protect customers from scams and other financial cybercrime. We close gaps that allow cyber criminals to thrive by sharing crime data in real-time with financial institutions, fintech, and crypto exchanges, and coordinating a global response to support customers who have become victims of financial cybercrime.
CYBERA VSRTM enables firms to quickly implement a professional and automated scam reporting solution to speed up the response to scams globally. Victims reports can be quickly ingested into core systems and it provides reporting to beneficiaries and law enforcement saving you and your victim time and effort.
CYBERA WATCHLISTTM helps support firms to reduce fraud and money laundering as part of a holistic fraud and financial crime strategy.
CYBERA WATCHLISTTM Integration Points throughout the lifecycle:
- Call within the payments processes to enrich the Fraud &/or AML Decision Engines
- Payment APIs IBAN, Name, Username, email, Phone
- Call at onboarding to enrich the Fraud &/or AML Decision Engines
- KYC API — Name, Username, Email, Phone, IBAN
- Case Manager calls to enrich investigation, when alerted for ODD or Mules
- Manual Investigation
Financial Institutions (FIs) can check against the WATCHLIST for confirmed mule accounts when processing payments. For outbound & inbound payments, where there is a match on either IBAN (Account Number & Sort code) or on Name the transaction can be flagged as high risk.
At account opening and ongoing CDD, email, phone and name can be used to match to CYBERCRIME WATCHLISTTM to reduce opening new mule accounts.
CYBERA VSRTM further supports by providing users with alerts of any of their accounts reported as mules directly in their dashboard.
Unlike other data sources, CYBERA is a global solution, so is well placed to support the increasing levels of cross-border real-time payments.