Scams have become a $3.1 billion business in Australia, thanks to the lack of a standardized approach in addressing them. That’s set to change, with the Australian Competition and Consumer Commission approving a move for the financial sector to share insights and collaborate on new industry standards.
This authorization is only an interim one for now and has been enacted quickly because the ACCC is concerned about scam acceleration. It means that all Australian Banking Association member banks — which includes all of the “big four” retail banks as well as large international players, such as J.P Morgan ANZ, HSBC and MUFG — have been given leave to share data and coordinate a response to scam prevention.
This is also a response to the federal government’s upcoming legislation for a cross-industry code that will be imposed on banks, telcos and social media platforms in the near future. The ABA has proposed that a bank industry standard in this area can form the building blocks of the legislated cross-industry code.
- Collaboration is essential to combat scams
- Banks could be doing more
- What other sectors can learn from banking cross-collaboration
- The pressing need to get this right
Collaboration is essential to combat scams
The ACCC said in a statement on why it granted the interim authorization, “A coordinated response across government, law enforcement and the private sector is essential to effectively combat scams that are evolving rapidly and with increasing sophistication.”
The Australian banking sector, for its part, has been looking for ways to work together to combat fraud. In May, 17 banks announced that, thanks to a collaboration between them, they had been able to halve the time it takes to identify and block payments to scam operators.
This effort is powered by the ABA’s Fraud Reporting Exchange. This initiative cross-matches data between participating banks and allows for near real-time communication of fraudulent transactions across the network.
Banks could be doing more
Despite all of this, there are calls for Australian banks to do more. The CEO of the Consumer Action Law Centre Stephanie Tonkin pointed out that the big four banks alone — CBA, NAB, Westpac and ANZ — will make $33 billion in profits this year. They could deploy more resources to help combat the relatively modest loss in scams.
“Despite their increasing profit margins, the major banks continue to underplay a crisis that is affecting thousands of their customers and causing untold financial and emotional distress in the community,” Tonkin said. “Banks argue that it is the individual’s responsibility to recognize and prevent scams, even though scams are becoming increasingly complex, elaborate and sophisticated — often impersonating or replicating the banks’ own platforms.”
“Customers who lose money this way are rarely reimbursed by their bank, and if they are, the amount is often a small proportion of that loss.”
However, there’s more to the issue than simply throwing money at it. Banks often face the tension between security and meeting customer expectations around the user experience. Some banks are turning to AI as a possible solution. In July of last year, Commonwealth Bank announced the use of AI technology to detect suspicious and unusual behaviour on its platforms.
Globally, there’s also a big push towards biometrics as an “unbreakable” approach to security. This will put new pressure on security teams within banks, as biometrics need to be stored within the institution’s systems.
However, in an often-cited example of how effective it can be, Hong Kong and Shanghai Banking Corporation reduced $500 million in fraud using consumer voice and its VoiceID tech. AI can be applied here too, as it’s possible to train algorithms on user behaviour and mannerisms to detect and flag unusual behaviour of users.
To highlight the role that AI will play in intensifying the battle between security and criminal tech, AI will also likely be used by scammers to replicate consumer’s voices in the future, and thus attempt to bypass these protections. For now, creating such voice-based AI applications is too resource intensive to have widespread application among criminals, and social engineering will remain the dominant attack vector. However, it and other innovations loom on the horizon and should remind everyone of the importance of getting on top of this now.
What other sectors can learn from banking cross-collaboration
The banking industry is one of the most highly-regulated, and therefore, how it grapples with regulation and its relationship with the ACCC tends to inform how other sectors will approach their own challenges down the track.
At a time when scams and other threats are on the rise and companies face unprecedented reputational risk, skills are in short supply. How the banks leverage this new cross-collaboration ability should be monitored closely as an opportunity to address both challenges simultaneously because it may well inform the best practices approach by all sectors in the near future.
In particular, there are six ways in which cross-collaboration can support superior security outcomes across all sectors.
1. Unified standards
When major companies within a sector collaborate, they can develop unified standards for dealing with security threats. The resultant benefit of that is that all players in the industry, whether they participated in the initial collaboration or not, can be brought to the same page when it comes to security protocols.
2. Shared resources and knowledge
Collaboration allows for the pooling of resources and knowledge. This collective intelligence may lead to faster and more effective responses to threats, and critically, help to transfer knowledge to those organizations that are currently under-equipped with cybersecurity skills.
3. Coordinated response
A coordinated response across different organizations can help to disrupt scams at a larger scale. If one organization detects a scam, in a more collaborative environment, it will be in a better position to share the data that the other businesses in the sector need to proactively protect their customers.
4. Customer protection
Joint strategies can include measures for customer redress, in collaboration with authorities at that sector level. This not only helps to build customer trust in the entire sector but also deters scammers who know that their actions won’t lead to financial gain.
5. Regulatory compliance
Collaborative efforts are often subject to regulatory oversight, ensuring that collaboration doesn’t lead to anticompetitive practices. This is the case with the banking sector on this particular collaboration, and it can result in the ACCC and other regulatory bodies having a better understanding on how to regulate the sector appropriately for the current market conditions.
6. Cross-industry collaboration
As the ACCC’s note about a legislated cross-industry code indicates, this collaborative approach could extend beyond banking to include telcos, social media platforms and others. This could lead to even more robust and holistic defences against scams.
The pressing need to get this right
There’s always the risk that these kinds of collaborative projects can lead to customer data being used in a way that’s not intended and for those organizations participating in the collaboration to tune it towards anticompetitive behaviour. This is why the ACCC tends to be cautious when authorizing them.
However, with the right monitoring and guardrails, what this collaboration with banks might demonstrate is that Australia’s best defence against scammers and other cyberattackers is to approach problems by sector, rather than leave each business to work out their own approach within the regulatory framework.
Subscribe to the Cybersecurity Insider Newsletter
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays