The new efficient payments system means more efficient fraud
Wednesday 5 September 2018
- Analysis for The Conversation by Steve Worthington, Adjunct Professor, Swinburne University of Technology
Most credit card fraud takes place online or over the phone. It’s not the cards that are stolen, but the details. The Australian Payments Network finds they are used to amass 85% of the money stolen using Australian credit cards, without the need to steal the cards themselves.
Usually, we are not liable for the money lost. It is reimbursed through our card provider if we have quickly reported the breach and taken due care.
The launch this February of the New Payments Platform owned by both the banks and Reserve Bank will make payments instant. It isn’t yet fully adopted, but when it is it’ll allow any financial institution to transfer money from any of its accounts to any other account near instantaneously.
Those transfers will be impossible to reverse.
While each institution will be able to impose limits on the upper value of transfers, the designers of the system expect them to be higher than credit card limits – more like the very high limits at present in place for transfers using BSB numbers.
It will make them magnets for fraud, as they have become in Britain.
‘Friday afternoon fraud’
The United Kingdom Faster Payments System was launched ten years ago. In 2010, the transaction limit was lifted to £100,000. In 2015, it was lifted to £250,000.
Among the most lucrative frauds involves conveyancing, known as “Friday afternoon fraud”, as in the UK this is the day that many property sales are due for settlement and funds are transferred from payer to payee.
Fraudsters hack into emails between solicitors and their home-buying clients and then on the day the money is about to be moved, impersonate the solicitor and send the client an email saying the bank account details have changed and the payments should be made to a different account, created by the fraudster.
The Faster Payments system ensures the money is transferred immediately. The victim usually doesn’t know about it until the following week when they look for confirmation, and find they’ve sent the money to the wrong account.
In the UK, financial institutions have until now avoided paying compensation to the victims, because they themselves authorised the payments. However in August the UK Financial Ombudsman Service told the institutions to stop automatically blaming victims and take a fairer approach.
We often hear from banks that their customers have acted with ‘gross negligence’ and that this means that they are not liable for the money that their customers have lost. However gross negligence is more than just being careless or negligent. The evolution of criminal methods - in particular their sophisticated use of technology, means that gross negligence is an increasingly difficult case to make.
Suspicion will be key
The UK Financial Conduct Authority is considering requiring financial institutions to handle payments fraud complaints in line with other complaints and to publish data about the extent of complaints.
Banks are introducing round-the-clock fraud detection help lines and fast response teams. Defrauded customers will in future only have to deal with their own bank and not the bank into which their funds have been paid.
In Australia, as in Britain, the best advice is to be extremely vigilant about checking emails that ask for payments. Often it will be worth ringing to check that the demands are real.
Extreme vigilance is easy to prescribe and hard to practice. But with payments under the new system impossible to reverse, and with our banks likely to be initially reluctant to help out, as they were in the UK, we’re going to have to become more suspicious.