The banking industry says it will, as requested by Commerce and Consumer Affairs Minister Andrew Bayly, investigate a voluntary reimbursement scheme for customers who lose money in authorised payment scams. However, banks are also throwing down the gauntlet to the Government, asking for its help with an Anti-Scam Centre that so far only involves banks.
Bank lobby group the New Zealand Banking Association (NZBA) says banks want the Government to help remove regulatory barriers to the Anti-Scam Centre working effectively, and to set scam prevention expectations for other industries, saying telcos, social media companies, and search engines "need to step up" too. Additionally NZBA wants government operational support through involving the police and other relevant agencies in the Anti-Scam Centre. And it wants Bayly to coordinate this.
NZBA CEO Roger Beaumont confirmed to interest.co.nz that ultimately banks want the Government and other industries to financially support the Anti-Scam Centre too.
"Banks have launched phase one of the Anti-Scam Centre by identifying and sharing more information faster about mule accounts. We’d like to see other sectors in the scam ecosystem contribute to the Anti-Scam Centre, and the Government can help encourage them to do so," Beaumont says.
"If the Anti-Scam Centre continues to grow with input from the Government and other sectors, it makes sense that they would contribute towards ongoing design and operational costs."
In November last year the Ministry of Business, Innovation & Employment estimated nearly $200 million was lost to scams during the year to September, an annual increase of just over 8%. And last September the Banking Ombudsman said almost a third of its annual investigations related to scams, in which victims' average losses were $57,000.
Following an inquiry by Parliament’s Finance and Expenditure Committee into banks’ processes and consumer protections against scams last year, Bayly in February asked banks to come up with a voluntary reimbursement scheme for customers who have been scammed.
In a response to Bayly released on Monday, NZBA says the industry's Code of Banking Practice sets out banks’ current approach to reimbursing unauthorised fraud losses where the customer wasn’t dishonest or negligent, complied with terms and conditions, and took reasonable steps to protect their banking.
"We will investigate a voluntary reimbursement scheme for customers who lose money in authorised payment scams. To do so, we will review international best practice in this area by the end of September. On the basis of that review, we will consider updating the current reimbursement approach in the Code of Banking Practice," Beaumont says.
Beaumont notes NZBA announced a series of anti-scam initiatives last September. They include; introducing a confirmation of payee service, supporting the establishment of a centralised, co-ordinated, multi-sector Anti-Scam Centre, and removing weblinks from texts to customers.
"At this stage only banks are involved in the Anti-Scam Centre. As an initial phase, banks are identifying and sharing more information faster on mule accounts, which are used by criminals to move stolen money. Targeting money mules helps remove an essential part of how scammers operate. Since December banks have identified around 1500 mule accounts through the Anti-Scam Centre," Beaumont says.
"We’re also asking the Government to help remove any regulatory barriers to the Anti-Scam Centre working effectively, and to set scam prevention expectations for other industries."
NZBA wants dedicated police resource for the Anti-Scam Centre, and other government agencies, such as the GCSB and police financial intelligence unit involved. Banks also want government engagement on "any appropriate regulatory waivers" that could be considered, including for the likes of privacy, competition, and anti-money laundering laws, to remove barriers to the Anti-Scam Centre functioning effectively.
"A broader regulatory safe harbour is an option that could be explored," says Beaumont.
'Everyone in the ecosystem needs to step up'
Beaumont says banks are often at the end of a chain of events leading to criminals stealing money from New Zealanders.
"Scams may start when people are deceived by fake websites, emails, texts, social media ads, and phone calls. To truly strengthen New Zealand’s scam defences, everyone in the ecosystem needs to step up – and that includes government, telcos, social media companies, and internet search engines. Banks can’t protect New Zealanders on their own," says Beaumont.
"Banks are removing weblinks from texts to reduce the risk of criminals posing as banks to harvest personal information and access to bank accounts. Some banks have already done this, with others following as soon as they can."
"Our focus is on scam prevention initiatives, which appears to have been successful in Australia, where they saw a 43% reduction in overall scam losses in the 2023 December quarter compared to the same quarter in 2022," says Beaumont.
In terms of confirmation of payee, NZBA says it's assessing a number of options to build a confirmation of payee tool, or to partner with a third-party technology provider.
"To help us determine if there are any suitable third-party solutions, we are currently reviewing proposals from potential providers. We aim to start rolling out a [confirmation of payee] solution by the end of this year," says Beaumont.
Telco group responds
Paul Brislen, CEO of telco lobby group the New Zealand Telecommunications
"Processes are in place for telcos to share information about scams with each other so they can take timely action to minimise the threat to their customers. These processes have been in place since 2018 and are constantly reviewed and refined as threats evolve."
"We also work closely with government agencies, including police, the Department of Internal Affairs, CERT and others, and with partners in banking and other financial organisations to directly tackle the issues of frauds and scams where we can," says Brislen.
Banks under pressure
NZ banks have come under pressure for failing to plug gaps in their systems, including the ability for people to check the names and account numbers they make payments to match. The United Kingdom introduced name and account number checking, or confirmation of payee, in 2020.
Critics have said NZ banks refusal to plug these gaps mean NZ is seen as a soft touch by scammers, using sophisticated schemes including mock websites and detailed investment pitches, to trick people into paying out sometimes hundreds of thousands of dollars.
In August last year the Finance and Expenditure Committee recommended NZ banks adopt confirmation of payee, ratcheting up the pressure on the industry further.
Below is NZBA's letter to Bayly, released Monday. Interest.co.nz has sought comment from Bayly in response to the letter.
Letter to Minister of Commerce and Consumer Affairs
12 April 2024
Hon Andrew Bayly
Minister of Commerce and Consumer Affairs
Parliament Buildings
Wellington
Tēnā koe Minister
Thank you for your letter of 29 February where you set out the government’s response to the Finance and Expenditure Committee’s report on banks’ processes and consumer protections for scams.
You have made three requests of the banking industry, which I am happy to address. I will also set out what the industry needs from government to progress an effective Anti-Scam Centre.
Confirmation of payee
Implementing a confirmation of payee service is a key priority for the industry. We announced this last September, along with a suite of other initiatives to further prevent scams and protect customers.
Confirmation of payee should help anyone making an online payment from one bank account to another to check the name of the account they are paying to make sure it’s the right person or company.
Getting confirmation of payee designed, built, and implemented across the banking industry will be determined by a number of factors, including agreeing an account name and number matching solution, and ensuring it can be delivered by all our retail banks. The solution will also need to comply with privacy law and banks’ obligations to protect customer confidentiality. Banks will need to build and implement relevant changes to their online banking and mobile app platforms. Getting confirmation of payee to go live will depend on addressing all these elements.
We are assessing a number of options to build our own confirmation of payee solution, or to partner with a third-party technology provider, of which there are several in New Zealand and overseas. To help us determine if there are any suitable third-party solutions, we are currently reviewing proposals from potential providers.
We aim to start rolling out a solution by the end of this year.
Code of Banking Practice and customer protection measures
The Code of Banking Practice sets out at a high level what customers can expect from their banks. The Code is not where we list all the things banks are doing to prevent scams.
As noted above, in September we announced a suite of anti-scam initiatives. These initiatives have superseded the committee’s recommendations. They include commitments to:
- Bring in a confirmation of payee service (detailed above)
- Support the establishment of a centralised, co-ordinated, multi-sector Anti-Scam Centre, and
- Remove weblinks from texts to customers.
At this stage only banks are involved in the Anti-Scam Centre. As an initial phase, banks are identifying and sharing more information faster on mule accounts, which are used by criminals to move stolen money. Targeting money mules helps remove an essential part of how scammers operate. Since December banks have identified around 1500 mule accounts through the Anti-Scam Centre.
Banks are removing weblinks from texts to reduce the risk of criminals posing as banks to harvest personal information and access to bank accounts. Some banks have already done this, with others following as soon as they can.
Our focus is on scam prevention initiatives, which appears to have been successful in Australia, where they saw a 43% reduction in overall scam losses in the 2023 December quarter compared to the same quarter in 2022.
Voluntary reimbursement for authorised payment scams
The Code of Banking Practice sets out banks’ current approach to reimbursing unauthorised fraud losses where the customer wasn’t dishonest or negligent, complied with the terms and conditions, and took reasonable steps to protect their banking.
We will investigate a voluntary reimbursement scheme for customers who lose money in authorised payment scams. To do so, we will review international best practice in this area by the end of September. On the basis of that review, we will consider updating the current reimbursement approach in the Code of Banking Practice.
Government involvement in scam prevention
Scams are not only an issue for banking. Banks tend to be at the end of a chain of events that leads to criminals stealing money from their victims. Scams often start when people are deceived by fake websites, emails, texts, social media ads, and phone calls. All relevant sectors need to play their part, including government and other industries, such as telcos, social media companies, and search engines. All sectors involved in the New Zealand ecosystem need to step up and join banks in preventing scams.
A New Zealand Anti-Scam Centre (ASC) presents an opportunity for government and industry to work together. While our banks have taken the initiative to establish the first phase of the ASC, international practice is for government to own the ecosystem. Given the urgency of the scam situation, our initial request is for government operational support for the ASC.
We encourage the government to consider taking ownership of New Zealand’s scam prevention. Banks are tackling digital crime as an urgent priority but cannot do this on their own.
At a high level, we ask that the government consider contributing in the following ways:
- Collective urgency across government: Banks are tackling digital crime as an urgent priority but cannot do this on their own. We request government agencies and departments to step up as required, especially by providing operational support.
- Anti-Scam Centre agency involvement: Banks request dedicated Police resource for the ASC and tackling digital crime. We also ask that other key agencies, such as GCSB and the Financial Intelligence Unit (part of the NZ Police Financial Crime Group), be involved in the ASC.
- Regulatory waivers: Banks request that the government engage with the industry regarding any appropriate regulatory waivers that could be considered, including for areas such as privacy, competition, and anti-money laundering obligations, to remove barriers to the ASC functioning most effectively. A broader regulatory safe harbour is an option that could be explored.
- Other industry involvement: As in other jurisdictions, we encourage the government to write letters of expectation to relevant industry participants (including telcos and social media companies), requesting their involvement in the ASC.
- Co-ordination Minister: We request that the Commerce and Consumer Affairs Minister help coordinate action from across government.
Thank you for considering how the government can support us to further protect New Zealanders from scams and online fraud. We look forward to meeting you to discuss this in further detail.
Ngā mihi
Roger Beaumont
Chief Executive
19 Comments
Pretty much a smokescreen from the NZBA.
Were I the Minister I'd respond with, "Let's talk about it when the banks are at least providing the same level of consumer protection that are in overseas jurisdictions. I expect it'll take the banks you represent quite a few years to catch up to what overseas banks have been doing over the last 30+ year to protect their customers. At that time - we can talk more. At the same time we can involve the Commerce Commission to remove the opaque protections banks receive when they quote 'privacy' as the reason for not helping investigators."
Agree wholeheartedly. Add on that they clipped one hell of a ticket when handed the FLP on a plate, and are still creaming it with a history of record profits these last few years. If the one purpose of a bank is to keep the publics money secure, then they had best remember that that is their core function since the invention of banks, or nobody would use them.
Just got off a call with a friend who has 15+ years of experience in security with a couple of big UK banks and quite a bit with a NZ bank. Their comment runs along the lines of:
"How many scams involving 000's of dollars require cold hard physical cash? Bugger all. Ergo, there are two banking systems at each end of an electronic transaction. The banks have huge amounts of ancillary data they could use to detect suspect transactions. And each electronic transaction has a unique transactional ID so banks can trace transactions when they've made mistakes. But they claim they can't trace them?"
They went on about the most obvious one: The name on the bank account & name matching in a transaction. It seems NZ banks are woefully behind what is done overseas. They have tested multiple account names and name matching scenarios they know would fail overseas - or would trigger ongoing detailed monitoring - but our banks simply don't do this. Ditto what goes in the transaction reference columns. Ditto anti-money laundering compliance.
Open Banking really can't come fast enough as it helps in so many areas.
Interested to know what jurisdictions you are referring to? I see this line trumpeted out a lot regarding NZ being decades behind, however it appears that confirmation of payee is about the only area we are currently behind in? I don't see any overseas jurisdiction claiming they have solved the issues of scams and frauds?
Scams and frauds are still prolific overseas, which indicates that whatever countries have done hasn't really worked? - Personal Fraud, 2022-23 financial year | Australian Bureau of Statistics (abs.gov.au)
It makes sense to me to call for a solution which involves Banks, telcos, government, & social media etc.
USKiwi,
Taken from that article; UK banks have warned of “an epidemic of scams”. Barclays said last year that more than 70% of scams were happening on social media, online marketplaces and dating apps.
Would it be reasonable to assume from that, that having confirmation of payee has helped reduce the direct bank related scams and pushed many of the scams elsewhere?
Cyber security has made it harder to hack accounts, banks directly. But humans are easy to hack, we call that scamming.... people display lots of information on different platforms, where they work, their friends, if the are on holiday etc etc on different platforms. Scammers collect and use this to hack people and their contacts.
Lots of people are lonely, or mentally not that sharp. Even easier to hack, maybe 3 factor authentification required on some people???
No doubt - confirmation of payee may have helped in some cases, but nevertheless, the article states fraud losses are up to $2.3bn in the UK (i.e. customers have $2.3bn less in their bank accounts than they should - so there was some bank involvement in this, even if 70% stemmed from social media etc.).
All I'm saying is that is seems logical to place some responsibility on social media, telcos, government, police & banks to combat frauds and scams. Some commentators seem to forget that Banks are typically the very last step in a scammers process.
once you start getting into tougher jurisdictions you start dealing in the likes of the below which the people become mind-bogglingly stupid or fall into a hallucinogenic state like they are under a spell
https://www.thecut.com/article/amazon-scam-call-ftc-arrest-warrants.html
remove the opaque protections banks receive when they quote 'privacy' as the reason for not helping investigators
This one is frustrating. Does it really breach someone’s privacy to identify the name of the other side of a transaction? Privacy here is being misused, including by people who have knowingly received funds wrongly but refuse to pay it back.
The fact that PoLi payment was enabled let alone allowed, is a huge red flag to me that the banks do not give a 5hit about the security of their customers accounts.
How about they take 5% of those billions in profit and invest them in anti-scamming and cybersecurity measures?
God, PoLi and heaven forbid you use a mortgage broker too lazy to read half a dozen PDF's and they insist you log in to your online banking via "bankstatements.com.au".
256bit encryption and 2048 bit keys, on the legitimate site. One big problem with scams is people being duped into think it's a legitimate page. Let's just reinforce bad habits by having legitimate third party sources webcrawl your internet banking login.
"NZBA CEO Roger Beaumont confirmed to interest.co.nz that ultimately banks want the Government and other industries to financially support the Anti-Scam Centre too."
He can not be so naive, I mean he is asking the tax payer to fund these for the banks ?
Seriously, get real.
We welcome your comments below. If you are not already registered, please register to comment.
Remember we welcome robust, respectful and insightful debate. We don't welcome abusive or defamatory comments and will de-register those repeatedly making such comments. Our current comment policy is here.