Banks no longer protect us from scammers. It’s time they paid the price

We’re sorry, this feature is currently unavailable. We’re working to restore it. Please try again later.

Advertisement

Opinion

Banks no longer protect us from scammers. It’s time they paid the price

If you had to explain to a child why you keep your money in a bank, what would you say? My guess is you wouldn’t say much about high-interest-bearing accounts, the time value of money, or the wonders of direct debit. You’d start with the idea that it keeps your money safe. You’d conjure up images of fortress-like buildings with impregnable safes. Not merely because kids understand that, but because it captures the bank’s fundamental function.

But quietly, digitally, it’s precisely this function coming under assault. Here I refer not merely to the fact that Australians lost more than $2.7 billion – billion – to scams in 2023, but to the fact that increasingly, scammers are doing this by impersonating the banks. We’re not remotely in the world of fake Nigerian princes. Scammers are now posing as the very people whose job is to protect you from scams. It’s like something from the Ironic Crime Subcommittee of Evil Inc.

<p>

Credit: Andrew Dyson

So, you receive a call from someone claiming to be from your bank’s fraud department, who says your account has been compromised. They have all the private information you would expect only your bank to have: your name, address, the amounts in your account, even the details of your most recent transactions. For your own safety, they recommend moving your money into a new, secure account. Then they send you a text containing a one-time security code to complete the transaction – exactly as a bank would. Then they steal your life savings.

And chances are, the bank doesn’t reimburse you. Our big four banks reimbursed about 4 per cent of scam losses in the year to June 2022. The rationale seems to be that the responsibility – and therefore ultimately the fault – lies with the consumer. This is not a case where someone has hacked into your bank account and drained it without your knowledge. It’s a case where you willingly made a payment to someone, and the bank has simply honoured that. The fact it was a payment you never should have made is, in the bank’s view, not their business.

So, when this masthead reported the story of Rod Quantock and Mary Kenneally being scammed of $30,000 in this way, the bank only reimbursed them when the journalist started making enquiries, and even then only as a “goodwill payment”. The subtext is clear: this payment is an act of generosity. It is not, to be completely clear, an obligation.

Should it be? In the UK in about 10 weeks, it will be. Naturally, our banks oppose any suggestion we follow suit, and their argument centres on one basic idea: that it will encourage consumers to be careless, safe in the knowledge that they will pay no price for their laziness and gullibility. This is simply an extension of the banks’ framing of scams as a failure of consumer diligence rather than banking security. Unless the fraud began with some breach of the bank’s security systems, they had no involvement in the fraud. So, why should they be the ones punished?

Loading

It’s a coherent argument. Innocent bystanders don’t normally bear costs, and vigilance is a reasonable thing for the law to demand of people transferring large sums of money. But the trouble is it’s ultimately an argument from the Nigerian-prince era, when scams were reasonably obvious to the diligent, and required credulous victims. Back then you could reasonably (if callously) say to the victim that they should have known better and could have taken more care.

But is a customer who receives a text message from their bank, which appears in the very same thread of texts their bank has sent them over years, entitled to believe it is genuine? Because they’re the kind of texts scammers are now sending, sometimes while they are reciting your history of transactions in minute detail to you over the phone. Do banks want customers to treat all correspondence with them as suspicious? Would they like us to go back to conducting our business with them in all the physical branches they are happily closing?

Advertisement

We’re now in a world where even the savviest, best educated human beings cannot protect themselves. The head of fraud at a British bank had his identity stolen. A finance worker in a multinational firm in Hong Kong transferred about $40 million to scammers after a video call with several colleagues he knew and the company’s CFO – all of whom turned out to be AI-generated deep fakes. How will the rest of us cope? We’re forced to live our financial lives online, but have no way to do this safely.

Loading

In a world like that, fault is a meaningless concept. The idea that a British-style obligation to reimburse scam losses will somehow invite more scammers – that it would turn Australia into a “honeypot” in the phrase of the Australian Banking Association – overlooks the problem that consumer vigilance is no longer the decisive factor.

Scammers’ success is far likelier to depend on whether banks are any good at stopping scam payments from being transferred in the first place. And in Australia, it seems they aren’t because they have no incentive to be.

Our big four banks only stopped 13 per cent of attempted scam payments in Australia during the 2022 financial year. We know they can do better than that because late last year our banks announced a Scam-Safe Accord, listing six major things they could do, all of which are relatively simple. One example is “name matching”, where the bank confirms that the name attached to the bank account number is the same as the person you think you’re paying. Honestly, I assumed that already happened.

Some eight months on, that accord sits unimplemented. Meanwhile, British bank TSB began refunding scam victims about five years ago. It reimburses 97 per cent of claims, and has seen fraud reduce: “I’ve seen firsthand the incentive it places on us to stop fraud happening,” said the bank’s fraud prevention director. And when this becomes mandatory? “I’m really confident … other firms will see exactly the same things that we’ve seen.”

This doesn’t sound like a man presiding over a honeypot. But he does sound like someone who can tell his children why they should keep their money in a bank.

Waleed Aly is a broadcaster, author and academic. He is a lecturer in politics at Monash University and co-host of Channel Ten’s The Project.

The Opinion newsletter is a weekly wrap of views that will challenge, champion and inform your own. Sign up here.

Most Viewed in National

Loading