This article was a finalist in the 2024 IA Writing Competition Most Compelling Article category. You can read the excellent work of all our finalists HERE.
*****
As online scams continue to rob Australians of money, banks are doing little to protect customers or reimburse victims who have been targeted, writes Dr Kim Sawyer.
YOU CANNOT KNOW what it is like to be scammed until you are. We were the victims of a large financial scam that has cost us a significant amount of the savings in our pension fund. The money was stolen, put into mule accounts and laundered.
There is a tendency to blame the victims of scams and for the victims to blame themselves. Blaming the victims shifts liability away from scammers and away from their facilitators. Scammers need a facilitator to facilitate their scams; usually, that facilitator is a bank. Banks may not be the thieves, but they do drive the getaway car.
Banks protect customers from credit card fraud by installing checks on their systems, but they did not install the necessary checks to stop the authorised push payment scam we encountered. Scammers find the gaps and use the system to scam, set up mule accounts and launder money. In our case, the scammers knew that there was no confirmation of payee system.
In early 2022, the Australian Competition and Consumer Commission (ACCC) recommended a confirmation of payee scheme be introduced to allow the payer to see the name of the payee.
The ACCC said it would reduce fraud; that when adopted by UK banks, it led to a 35% drop in mistaken or fraudulent payments and for Dutch banks, it led to an 81% drop in fraud. However, the Australian Banking Association (ABA) resisted. The Federal Government did not act.
As a result, many victims incurred significant losses. The banks have now decided to implement a confirmation of payee system — too late for many. The confirmation of payee system will cost only $100 million, but the losses for the victims were many times greater. Should customers pay when banks do not protect them? Evidently, the ABA thinks so.
The banks continue to resist regulators. When the Australian Securities and Investments Commission (ASIC) rebuked banks for their low reimbursements to scam victims, the banks resisted, maintaining the onus was on the customer. In 2022-2023, UK banks reimbursed 66% of the losses of authorised push payment scams under a voluntary code first adopted in 2019 and in October, the reimbursement will be 100%.
Australian banks are reimbursing victims just four cents in every dollar of losses. The ABA argues that reimbursement would create a honey pot for scammers knowing that banks would cover the losses. The Minister for Financial Services also argues against reimbursement. Why? The argument is illogical.
Reimbursement incentivises banks to develop innovative systems to track end-to-end transactions, to identify possible scams and to allow their customers to identify possible scams.
There is no greater incentive than liability. When the money is not theirs, there is little incentive to fix their systems and to trace the funds, but when the money is theirs, there is every incentive. Incentives matter.
Reimbursement not only incentivises the banks, it disincentivises scammers. Scammers would know they are up against banks rather than the victims. Banks can access more information, trace funds and identify mule accounts. Far from being a honey pot, reimbursement would deter scammers.
Reimbursement is also better for banks. A bank may have liability as an accessory. Reimbursement obviates the need for victims to test that liability in court. Accessorial liability has been tested in civil law cases where the losses are less consequential.
In 1973, a copyright infringement occurred at the library of the University of New South Wales, which became a standard for authorisation law. The High Court judged that the UNSW was liable because they extended an unlimited, unqualified invitation to commit an infringement and had failed to take reasonable steps to limit the use to legitimate purposes.
The liability of a bank in a scam is likely to be greater than the liability of a university in a copyright infringement. A bank has greater control over its systems than a university has over its photocopying machines.
A bank has greater information on the transactions and customers. A bank can control the information and share the information with the customers if they choose. A bank can issue specific warnings to customers about specific transactions if they choose. A bank is more likely to be liable than a university.
Banks are benefitting from weak regulations that allow them to deny their own liability; they are also benefitting from the fragmentation of victims who are not well organised. The script to deny liability is familiar. For many years, James Hardie denied its liability for asbestosis, but because of litigation and a 2004 judicial inquiry, it established a fund to cover their future liabilities to victims.
Perforce, the liability of the banks is not that of James Hardie, but banks do have an untested accessorial liability that may be more than reimbursement. Their liability may include damages for not reimbursing victims.
The campaign to incentivise UK banks to stop scams began in 2016 when the consumer advocacy group Which? filed a super-complaint against banks refusing to reimburse victims. Which? maintained that banks should have liability for they were already reimbursing victims of credit and debit card fraud and that consumers could only protect themselves so far.
The argument is still valid. Logically, all transactions, whether credit card transactions or transfers between accounts, should have equal protection from scams and money laundering. The government is the regulator. Systemic failure requires the government to intervene.
Proposals for a reimbursement fund or UK reimbursement model will stabilise the system. Protecting customers will protect the banks.
Dr Kim Sawyer is a senior fellow in the School of Historical and Philosophical Studies at the University of Melbourne.
Related Articles
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Australia License
Support independent journalism Subscribe to IA.
