Behavioral Biometrics: Key to Scam-Safe Accord Compliance for Australian Banks
By the end of 2024, all new online account openings in Australia will require at least one biometric check, as mandated by the new Scam-Safe Accord.
This measure, along with other rules in the Accord, aims to enhance protection against scams and target the increasingly successful fraudsters. Let’s explore what this means for financial institutions in Australia.
Fraud has been a concern for Australians for some time. In 2022 alone, they lost AUS$3.1 billion to scams, marking a 253% increase in just two years. Although in 2023 the number of losses dropped slightly to AUS$2.74 billion, the total number of cases grew to 601,000 scam reports. The proliferation of scams is therefore still a serious problem. The disturbing data has led the Australian Banking Association to create a system designed to put scammers out of work.
The Scam-Safe Accord: Tactics and strategies
A new Scam-Safe Accord, publicly presented in November 2023, is a comprehensive set of anti-scam measures across the Australian banking industry. As the Accord applies to all members of the Australian Banking Association and the Customer-Owned Banking Association, it has a profound impact on all commercial and community-owned banks, building societies, and credit unions in the country. Its tactics for fraud protection consist of three main parts:
Disrupt
One of the cornerstones of the Scam-Safe Accord is an AUS$100 million investment to introduce a confirmation of payee system across all Australian banks. Why?
Confirmation of payee is an effective way to ensure that people send money to whom they intend to. The principle is simple: when the name of the receiving account holder differs from the name entered by the payer, the system flags the discrepancy. This makes it more difficult for fraudsters to deceive their victims. The system will be implemented throughout 2024 and 2025 to better secure the total 15.4 billion transactions worth AUS$2.5 trillion that Australians make every year.
Another area of focus is biometric verification. To prevent banks from opening new accounts based on credentials stolen in data breaches (identity fraud), the Accord makes the opening of a new customer’s online account conditional on at least one biometric check (fingerprint, facial recognition, or unique behavior).
The above measures will be complemented by enhanced controls to detect risk transactions. Alerts and payment delays will apply, for example, to account limit raises, payments to new payees, and others. These measures are based on common scam tactics that exploit speed and time pressure. Slowing down the process should give victims time to scrutinize the transaction.
Detect
For banks to track down, freeze, and recover funds lost to fraud more efficiently, relevant data needs to be shared. This is why all members of the Australian Banking Association (ABA) and the Customer-Owned Banking Association (COBA) will join the Australian Financial Crimes Exchange (AFCX) and the Automated Fraud Reporting Exchange (FRX) networks.
Respond
Stolen money is often taken out of the country through crypto exchange accounts, where it is effectively impossible to get it back. Therefore, Australian financial institutions will begin to limit payments made to these high-risk channels. Furthermore, all banks are required to implement anti-scam strategies to enhance oversight of scam detection and response.
Future of anti-fraud policies in Australia
In light of the surge in scams and financial losses in Australia, there’s increased discussion about banks providing mandatory compensation to fraud victims.
Supporters of shifting the responsibility for fraud to Australian financial institutions point to the example of the United Kingdom. Effective October 2024, British banks must compulsorily compensate victims of authorized push payment (APP) fraud. Some other countries and jurisdictions are also planning to shift fraud liability. For example, Europe’s 3rd Payment Services Directive (PSD3) includes a proposal for mandatory compensation for victims of bank impersonation fraud (spoofing).
It is therefore not surprising that the issue of reimbursement is being discussed in the Australian context. According to the Australian Competition and Consumer Commission’s (ACCC) Scamwatch hub, scams cost Australians more than AUS$73 million in the first three months of 2024. Phishing scams accounted for the most reported cases, while investment scams accounted for the highest amount lost.
The vast majority of the damage is now being shouldered by scam victims. According to ASIC’s Report 761, released in April 2023, which examined the four major Australian banks’ approach to scams, a total of 96% of losses were borne by bank customers. At the same time, banks were only able to detect 13% of payments made by defrauded customers.
What does this mean for banks?
With the Scam-Safe Accord being a long-awaited framework that seeks to connect and unite Australian financial institutions in the fight against fraud, the pressure on banks to take a proactive approach against fraud will continue to increase in the future.
Considering the challenges encountered in detecting and eliminating scams so far, banks must confront the situation head-on and enhance their fraud prevention capabilities. The Scam-Safe Accord is a good starting point, but a holistic strategy using state-of-the-art technology will need to be adopted.
Behavioral Intelligence as a silver bullet
Behavioral intelligence can help banks increase their success rate in detecting and preventing scams. ThreatMark’s Behavioral Intelligence Platform offers a comprehensive fraud detection tool that can detect fraud through a combination of transaction risk analysis, threat detection, and user behavior profiling. As a result, the Behavioral Intelligence Platform is proven to detect and stop all types of fraud, including scams and social engineering.
Furthermore, the Behavioral Intelligence Platform assists banks in meeting the requirements of the Scam-Safe Accord for biometric authentication when opening new customer accounts online. However, its capabilities extend beyond this – it acts as a reliable authentication factor in Strong Customer Authentication, enabling banks to enhance the security of their customers’ accounts while reducing friction. ThreatMark’s solution reduces the need for traditional two-factor authentication methods (such as SMS or push notifications) by up to 90%.
Additionally, behavioral intelligence serves as an effective tool against the primary threat to customer funds – scams involving payments authorized by defrauded customers (APP fraud). The Behavioral Intelligence Platform can detect deviations from normal customer behavior, including variations in mouse movements, keystroke dynamics, phone swipes, touch events, and other contextual data gathered during sessions. This comprehensive approach provides reliable information to detect APP fraud as it occurs.
In conclusion, behavioral intelligence stands as a powerful ally for banks in safeguarding customer funds and navigating the evolving landscape of financial fraud. As scams become increasingly sophisticated, the burden of responsibility for fraud prevention is shifting towards financial institutions. By leveraging tools like ThreatMark’s Behavioral Intelligence Platform, banks can bolster their defenses, detect fraudulent activities effectively, and adapt to the changing demands of the industry (not only) in Australia.