In a country that has become all too familiar with the rising tide of scams, Australia’s financial landscape is witnessing a significant shift.
Traditionally, scam victims have been left to foot the bill for their losses, while banks have offered little in terms of effective prevention or restitution.
However, a recent decision by the Australian Financial Conduct Authority (AFCA) has sparked hope for a more consumer-centric approach. This ruling has the potential to change how scams are handled across Australia’s banking industry, shifting responsibility from individuals to the institutions that should be safeguarding their financial well-being.
A History Of Unequal Burden
Australians lost a record USD 3.1 billion to scams in 2022, according to the Australian Competition and Consumer Commission (ACCC). This alarming figure marks a nearly 80% increase from the previous year, underscoring the accelerating sophistication of scams targeting individuals.
Traditionally, Australian banks have not fully shouldered the burden of these losses. The Australian Securities and Investments Commission (ASIC), in its 2023 review, found that while banks detected and halted a small proportion of fraudulent transactions, the total compensation paid to scam victims was a drop in the bucket compared to the overall losses.
This disparity is due in part to the voluntary nature of the ePayments Code, which many banks rely upon to avoid compensating customers who fall victim to scams. Under this code, banks are not obligated to provide restitution if the customer has disclosed their passcodes, even if under deceptive circumstances. This loophole has left many scam victims without recourse, prompting significant criticism and calls for reform.
A Turning Point Arrives
In November 2024, the AFCA’s decision to order HSBC to compensate a customer who lost more than USD 47,000 through a sophisticated bank impersonation or “spoofing” scam was a game-changer. In this case, the scammer contacted the victim, Mr. T, with a fraudulent text that appeared in a thread of legitimate messages from HSBC, making the scam appear credible.
The scammer also possessed sensitive information that Mr. T believed only the bank would have access to, leading him to reveal his online banking passcodes. This allowed the scammer to make an unauthorised transfer of USD 47,178.54.
HSBC argued that, under the ePayments Code, compensation should be ruled out because Mr. T had disclosed his passcodes voluntarily. However, AFCA disagreed, highlighting that Mr. T had been manipulated under duress and did not “voluntarily” disclose his information.
The ruling stated that the scam had employed psychological pressure and urgency, effectively coercing Mr. T into sharing his credentials. AFCA awarded compensation covering the majority of the stolen funds, lost interest charges, legal costs, and USD 1,000 for poor customer service by HSBC during the claims process.
This determination is significant because AFCA decisions are binding on financial institutions, and HSBC has no direct right of appeal. This not only provides restitution to Mr. T but also sets a precedent that may prompt broader shifts in how scam compensation claims are handled across the banking sector.
Need For Broader Reforms
The HSBC ruling comes at a crucial time, amid growing calls for reform that would make banks more responsible for scams that their customers face. Many scams, such as “push payment” frauds, where scammers trick victims into sending payments directly, fall outside the scope of the ePayments Code, as they involve the customer initiating the transaction. This means there is often no existing framework obligating banks to compensate victims, even if the customer has been deceived into transferring money to a scammer’s account.
A key aspect of AFCA’s jurisdiction is that its determinations are based on what is considered “fair in all the circumstances”, rather than strictly adhering to narrow legal codes. This gives AFCA the latitude to consider broader principles such as good industry practice and the need for banks to act proactively in scam prevention.
In determining whether compensation is warranted, AFCA takes into account the complexity of the scam, the bank’s efforts to warn or protect the customer, and whether the bank acted quickly and effectively when the scam was discovered.
According to the AFCA Ombudsman, David Locke, the ruling reflects the need for financial institutions to improve their vigilance against scams, especially as these frauds become increasingly sophisticated and difficult for ordinary consumers to detect.
“We are seeing scams that even well-informed and cautious individuals can fall prey to,” Locke said in a recent interview. This reflects a broader recognition that detecting these scams is often beyond the capability of individual customers, necessitating greater bank accountability.
In light of these systemic issues, the Australian banking sector has committed to several key reforms. In 2023, the Australian Banking Association (ABA) launched the “Scam-Safe Accord”, a sector-wide initiative designed to protect customers better.
The Scam-Safe Accord includes several measures aimed at detecting and preventing scams before they occur. Among these measures are the introduction of confirmation of payee service to ensure that account details match the intended recipient, delays for first-time payments, and the use of biometric identity checks for account verification.
Moreover, the Australian government is considering the “Scams Prevention Framework” legislation, which aims to impose even stricter requirements on banks, telecommunications companies, and digital platforms. Under this proposed framework, these entities would be required to take reasonable steps to prevent, detect, report, disrupt, and respond to scams.
This approach, drawing inspiration from similar frameworks introduced in the United Kingdom, represents an ambitious push towards collective accountability. In the UK, new rules mandate that both paying and receiving banks share responsibility for scam compensation, up to 85,000 pound (approximately AUD 165,136), unless the customer was grossly negligent. Australia’s reforms are expected to have similar stipulations, potentially leading to increased protections for customers who fall victim to fraud.
Financial institutions are not the only entities under scrutiny. The Australian Communications and Media Authority (ACMA) and consumer advocacy groups have pointed out that many scams are facilitated via digital platforms and social media, with messaging services and fake advertisements being prominent vehicles for scam activity.
The proposed Scams Prevention Framework would also require digital platforms and telecommunications companies to be more proactive in curbing scam proliferation.
According to a 2023 report by the Australian Institute of Criminology, around 70% of scam victims first encountered scammers via online channels, including social media and SMS. Given this, the role of digital platforms in addressing scams cannot be overlooked.
Reforms are expected to introduce more stringent obligations for tech companies, similar to the Online Safety Act, which mandates that platforms take rapid action against harmful content.
Implications For Consumers And Banks
The AFCA ruling against HSBC represents a major step towards acknowledging the power imbalance between customers and the increasingly sophisticated networks of scammers targeting them. For Australian consumers, this may signal the beginning of a new era where banks take more active responsibility for securing customers’ accounts, even in cases of customer error under duress.
However, experts caution that there is a long road ahead. Broadening the coverage of the ePayments Code and enacting the Scams Prevention Framework legislation will be key milestones in shifting the balance of responsibility from victims to institutions better positioned to detect and stop fraudulent activity.
According to Karen Cox, CEO of the Financial Rights Legal Centre, “These changes are a good start, but we need mandatory codes of conduct across the entire financial services industry to genuinely protect consumers. Until then, banks need to do more than just tell customers to ‘be careful’.”
For banks, the ruling sets a precedent that could have financial and reputational impacts if similar compensation claims increase. Banks will need to invest more in fraud detection technology and customer education initiatives. This may include improving customer support during incidents and enhancing real-time scam detection mechanisms, which could reduce both the occurrence of scams and the need for post-fraud compensation.
Addressing the complex issue of scams is not just a matter of caution on the part of consumers—it’s about fundamentally rethinking the responsibilities of financial institutions, technology platforms, and regulators in safeguarding people’s hard-earned money.