91����ԭ��

Australian regulators are scrambling to protect consumers following a new report showing that Australians lost at least A$3.1bn ($2bn) to scams in 2022.

A by the Australian Competition and Consumer Commission (ACCC) has found that the total amount lost by consumers to scams jumped 80 percent in 2022.

Meanwhile, the average amount lost by each victim hit A$20,000 ($13,500), an increase of more than 50 percent compared with 2021.

“Australians lost more money to scams than ever before in 2022, but the true cost of scams is much more than a dollar figure,” said Catriona Lowe, deputy chair of the ACCC.

“As scammers become increasingly sophisticated in their tactics, it is clear a coordinated response across government, law enforcement and the private sector is essential to combat scams more effectively.”

The report is based on data compiled by the ACCC’s Scamwatch, the government’s ReportCyber, the Australian Financial Crimes Exchange (AFCX), IDCARE and several other agencies.

According to the report, investment scams were the highest source of losses (A$1.5bn), followed by remote access scams (A$229m) and payment redirection scams (A$224m).

Lowe said the findings of the report underscore the need for the forthcoming National Anti-Scams Centre, an ACCC project that received seed funding from the federal government in October last year.

“We continue to lend our expertise and support to prepare for the establishment of the Government’s National Anti-Scams Centre, with the ultimate aim of making Australia the hardest target for scammers,” she said.

Less scams, more losses

Among the most alarming trends in the report is that although the total number of scams reported to the ACCC’s Scamwatch decreased in 2022 by 16 percent, total losses jumped significantly by 76 percent.

Lowe said the trend towards less numerous but higher-value scams can be attributed to new technology and sophisticated new techniques that scammers are using to target victims.

This includes everything from impersonating official phone numbers, email addresses and websites of legitimate organisations, to scam texts that appear in the same conversation thread as genuine messages.

One scam in particular that Lowe said “skyrocketed” in 2022 was the so-called “Hi Mum” scam. This is where a fraudster impersonates a child who has lost their phone, and sends a text message to the child’s parents from a new phone number, asking for money to pay for a new phone.

In some cases, the ACCC said that victims are also asked to send ID documents or credit card details.

Some victims, such as Karlene, lost as much as A$8,000 to “Hi Mum” scammers. Karlene received a text from a person claiming to be her son, saying that he had lost his phone and had to buy a new one using Afterpay, a buy now, pay later (BNPL) service.

Karlene was told that her son’s Afterpay bill was due urgently, and if she did not pay on his behalf he would be charged late fees.

Another point raised in the report is that major data breaches may have contributed to rising losses from scams.

In 2022, according to the Australian Information Commissioner, there were , mostly due to malicious and criminal attacks. This includes the Optus telco breach, covered by VIXIO in October last year.

The ACCC said that these breaches have led to the personal data of millions of Australians being made available to scammers online, and with each new breach there is usually an immediate uptick in scam activity.

“Unfortunately, the more information a scammer has about you, the more convincing they can be,” said Lowe. “Scammers are the most opportunistic of all criminals.”

Regulatory solutions

In a foreword to the report, Lowe proposed several regulatory measures that Australia could adopt to protect consumers from scams, including Confirmation of Payee (CoP), a system for matching bank account details with intended recipients before transfers are initiated.

Lowe also mentioned Singapore’s SMS SenderID registry as a way to quickly identify IDs that are being used by scammers.

But speaking to VIXIO, Feedzai fraud prevention lead Daniel Holmes said the effectiveness of CoP is limited, as the UK’s experience since its launch in 2019 has shown.

“Key lessons learned are that it will likely drive an initial impact, but it will be small and won’t be sustained unless certain principles are applied,” he said.

“All banks must sign up to use CoP. If not, fraudsters will simply instruct victims to send payments to banks that are not enrolled in it. This moves the problem, rather than solving it.”

Holmes added that CoP creates a high number of “false positives”, and can come to be seen by consumers as a “nuisance” rather than a protection, so education on why it is there and how to use it is vital.

He also said that banks must “weave” CoP outcomes into their overall risk decisioning. “CoP should be considered as a control layer, rather than something that is bulletproof on its own,” he said.

“Being a layer means connecting it together with other risk factors such as transaction monitoring.”

Other proposals that have by the ACCC include a Contingent Reimbursement Model Code for Authorised Push Payment Scams — another measure that was introduced in the UK.

But even better, according to Holmes, would be a framework for applying beneficiary liability in the case of scams, meaning that liability would sit with the scammer's bank rather than the victim’s.

“This creates a more holistic approach to fraud prevention and lowers the chances of success for fraudsters as banks get multiple opportunities to stop the fraud, not just one like they get today,” he said.