Scambusters: Opinion – what banks are doing about scams and how others can help

Roger Beaumont

Published in the New Zealand Herald

Scams are on the rise and becoming increasingly sophisticated. They’re like ‘digital ram raids’ and the impact can be devastating, with some people losing their life savings. Banks are stepping up to help prevent scams, but they can’t do it alone.

Scams are not just a bank problem. Banks tend to be at the end of a chain of events that leads to a criminal stealing money from someone. Scams often start when people are deceived by fake websites, emails, texts, social media ads, and phone calls. Everyone needs to play their part in preventing criminals from scamming New Zealanders. Government and other industries, including telcos, social media companies, and search engines also need to step up and join us in this battle.

A lot of scams we’re seeing today lead to ‘authorised push payments’ where someone is tricked into paying a criminal. The hook into these scams is often a fake website result from a search engine, or a social media ad – and taking them down, or not allowing them going up in the first place, would go a long way to preventing the harm caused by scams. The Banking Ombudsman has called for digital platforms to remove fake websites more quickly and we fully support that position.

To better protect New Zealanders from scams we need a co-ordinated multi-sector approach where everyone plays their part and takes some responsibility. Banks can’t do this alone.

Banks already invest significantly in fraud analytics and prevention to identify unusual customer spending patterns, warn customers of potential scams, and shut down fake bank websites and phone numbers used in scams. Some banks facilitate two-factor authentication, which allows customers to stop unauthorised payments from their account. They may also provide pop-up messages in online banking and mobile banking apps to alert customers to activity occurring in their accounts.

Last September our retail banks announced further commitments to help fight scams, including:

  • Supporting the establishment of a centralised, co-ordinated, multi-sector national Anti-Scam Centre
  • Bringing in an industry-wide ‘confirmation of payee’ account name checking service
  • Removing weblinks from texts to customers.

Banks got the ball rolling on the Anti-Scam Centre in December by focusing on detecting and sharing information on mule accounts, which are used by criminals to transfer stolen money. Mule account owners may be complicit with the criminals by receiving and making payments on their behalf, or unwittingly allowing access to their account for the fraudsters to make those transactions. Identifying and sharing information on mule accounts helps break an important link in the chain that scammers use to move stolen money.

Banks previously shared some information on money mules, but now they’re sharing more information faster. Banks targeting mule accounts is working. From December to February banks identified nearly 1000 mule accounts operating in New Zealand.

To take the Anti-Scam Centre to the next level, we need to involve other sectors like telcos and social media platforms to do things like take down fake websites. Removing the links in a scam chain, like fake websites and money mules, is critical to fighting this crime.

Banks are also bringing in a confirmation of payee service to enable anyone making an online payment from one bank account to another to see the name of the account they’re paying. This will help people check who they’re making a payment to and may help identify payments to scammers. It will also help people avoid making mistaken payments to the wrong account. It’s a useful double-check when making payments.

Getting confirmation of payee designed, built, and implemented across the banking industry will be determined by a number of factors, including agreeing an account name and number matching solution, and ensuring it can be delivered by our retail banks. The data sharing solution will also need to comply with privacy law and banks’ obligations to protect customer confidentiality. Banks will need to build and implement relevant changes to their online banking and mobile app platforms. Getting confirmation of payee to go live will depend on addressing all these elements.

We’re aiming to start rolling out confirmation of payee by the end of the year. Australia is also working on a similar solution and our proposed timeframe aligns with theirs.

Scammers often use weblinks or hyperlinks in text messages to gain access to people’s bank accounts. To help reduce this risk, banks are removing links from texts to customers. Some banks are already there, with others following as soon as they can.

We’re also looking at liability and reimbursement when a bank customer loses money in a scam. Banks already reimburse fraud losses in cases of unauthorised payments from a customer’s account, so long as they complied with the bank’s terms and conditions and acted reasonably.

We are going to investigate reimbursement in cases of authorised payment scams. We’ll have a look at what’s happening around the world and see if we can then update banks’ existing reimbursement practices.

Banks are committed to fighting fraud and can’t do it alone. Banks are usually at the end of the scam chain, and to effectively crack down on scams we need all participants in the chain to play their part to help stop this crime.