The Future of Scam Prevention

Australia’s future anti-scam centre will be the new frontier of regulatory and enforcement action and ‘high frequency’ information sharing between enforcement agencies and regulators. 
 

The recent major data breaches, fraud, and scams have been a significant focus for industry and regulators. The Australian Competition and Consumer Commission will set up the proposed National Anti-Scam Centre (NASC) by 2025. 
 

ACCC Deputy Chair Catriona Lowe said in an official statement earlier this month in response to the Budget announcement, “Through increased sharing of scam reports and other initiatives, the centre will help inform finance, telecommunications and digital platforms sectors to take more timely and effective steps to stop scammers.” 
 

The new centre will work closely with the Australian Securities and Investments Commission (ASIC) in its first year of operation.
 

ASIC highlighted financial scams as one of the priorities and provided guidance to consumers who might have been impacted by the Latitude Financial breach earlier this year.  

Last month, the securities and investments regulator also released REP 761: Scam Detection, Prevention and Response, calling on the central banks to improve their prevention and mitigation strategies against scams. 
 

The regulator highlighted that those 31700 customers lost $550 million last financial year due to scams. 
 

ASIC Deputy Chair Sarah Court noted in a formal statement upon the release of the REP 761 that while there had been significant investment by major banks to tackle the risks posed by scams, a lot more still needs to be done. 
 

Court added, ”ASIC expects that this review will aid banking and other financial service businesses, telecommunication providers, digital platforms and other organisations in developing consumer-focussed scams management practices and strategies.”

 

Last year, the Australian finical intelligence unit (FIU) published risk assessments for Bullion Dealers and Remittance providers, highlighting fraud and scams as items th to be considered for the regulated entity’s risk register.  

 

The Office of the Australian Information Commissioner (OAIC) Notifiable Data Breach Report for July 2022 to December 2022 saw 497 notifications predominantly from the health and finance sector.  
 

70 per cent of which was classified as malicious or criminal attacks. In the same report, the OAIC offered advice on how to deal specifically with preventing or mitigating the impact of potential scams that could result from a major data breach:
 

Entities are advised to have robust controls and identity verification processes in place to minimise the risk of impersonation fraud or social engineering, including:

• training staff about identity verification processes and how to report and escalate fraud
• automatically notifying customers when there are changes to their account or failed authentication attempts, or when their account is accessed from a new device or location
• a data breach response plan that sets out clear lines of authority for escalation and decision-making in the event of any actual or suspected data breach incidents.

The ACCC deputy chair said, “The centre will bring together the expertise and resources to disrupt scammers making contact with Australians, raise consumer awareness about how to avoid scams, and link scam victims to services where they have lost money or had their identity compromised.”