Australia and New Zealand Group (ANZ) chief executive Shayne Elliot has encouraged the Standing Committee of Economics to prioritise the need to raise further awareness, as well as recommend additional steps industry and government could take, to address the rising number of scams.
In fronting the committee, which is currently undertaking a review of the four major banks and other financial institutions, Elliot highlighted that for the first eights months of 2021, ANZ had seen a 73% increase in scams being detected or reported by customers, compared to the same time last year.
Over the same period, ANZ retail customers sent AU$77 million to scammers, of which the bank was able to claw back almost AU$19 million, Elliot said.
He also noted that ANZ has blocked over 15 million malicious emails every month, and has blocked between 15 to 20 million attacks on its website, including DDoS attacks, during the period.
“The most prevalent and successful scam involves criminals gaining remote access to consumer customer computers and the devices. We’ve also seen a year-on-year increase in investment scams of around 53% and a high proportion of these involve cryptocurrency,” Elliot continued.
“There’s good work going on within the industry and government to tackle the problem. For example, the Australian Banking Association launched a scams awareness campaign yesterday. However, more needs to be done.
“This committee could help by inquiring into the problem, raising further awareness of the dangers, and recommending additional steps industry and government could take.”
Elliot detailed that for “serious attacks” and when the bank can identify the perpetrator, it works with the likes of Austrac, national security teams, and the police to deal with these attacks but urged more needs to be done to help customers who cannot protect themselves.
The average age of scam victims is 59 and 44% are over the age of 65, Elliot reported.
“Thankfully, the Australian banking system and it’s not just an entity that is investing heavily in the area … our concern is more to do with our customers who either don’t have the resources or don’t see the need to do this, so it’s a growing issue.”
On topic of cryptocurrency, Elliot admits it is an area the bank “struggles” to understand in terms of how to service it while remaining compliant to obligations, such as money laundering sanctions and anti-terrorism financing.
“That’s not to say that that’s a forever policy, but right now that’s difficult,” he said.
“Just to give you an example, at the moment, we understand if you’re a crypto exchange you may apply for an Austrac licence but that’s not transparent to me. I have no way of knowing or getting access to whether that licence has been granted or not, so it’s quite a difficult area.
“For now, we have a policy of not providing banking to the crypto exchange world, in particular. But as I said, it’s not a forever policy, it will depend on how things emerge in that space and how we can do so safely.”
A similar view was shared by Commonwealth Bank of Australia chief Matt Comyn who faced the committee on Thursday morning.
“We have very specific requirements when we bank someone, we need to understand the remitter and beneficiary. We have certain obligations. Some elements — and there’s a large dispersion of different types of players in the crypto space — is unquestionably fraud and scam. There are also some reputable players. It is by definition a higher risk industry and category,” he said.
Such discussions coincide with the release of a whitepaper Cyber Threats and Data Recovery Challenges for FMIs, developed by the Working Group on Cyber Resilience, an industry working group that includes representatives including the Reserve Bank of Australia and the Federal Reserve Bank of New York.
The paper highlights the need for greater industry collaboration around: The creation of design principles for housing critical data sets in data bunkers and third-party sites; the need for further guidelines for minimising contagion; the adoption of common standards for assessing third-party risks to the ecosystem; the delivery of industry-wide cyber exercises by an independent party; and a common, yet flexible, definition of service criticality and its prioritisation around resumption.
On Thursday, the Australian Securities and Investments Commission (ASIC) also noted it was concerned that social media posts were being used to coordinate pump and dump activity in listed stocks, which could potentially result in market manipulation and therefore in breach of the Corporations Act 2001.
As ASIC puts it, pump and dump activity can occur when a person buys shares in a company and starts an organised program to seek to increase the share price using social media and online forums to create a sense of excitement in a stock or spread false news about the company’s prospects. They then sell their shares and take a profit, leaving other shareholders to suffer as share prices fall.
ASIC said that it has recently observed “blatant attempts” of such activities, using its real-time surveillance system and by integrating trade data from third parties to identify networks of connected parties and to analyse trading patterns.
“Market participants, as gatekeepers, should take active steps to identify and stop potential market misconduct. They should consider the circumstances of all orders that enter a market through their systems, and be aware of indicators of manipulative trading,” ASIC commissioner Cathie Armour said.