Aflac, the brand known for its quacking duck and supplemental health insurance, is a winner of the 2024 CSO Award for its “Quackcess Granted” passkey authentication initiative using Transmit...
6 Initiatives of the ‘Scam Safe Accord’ & a Ready-Made Solution
by Brooks Flanders
Australia’s new Scam Safe Accord is a proactive, bank-led initiative to prevent scams and protect customers from being defrauded of their money. What’s driving this collaborative effort among banks that typically compete? Australians reported losing $3.1 billion to scams in 2022 — up 253% in just two years.
Banks that adhere to this non-binding accord created by the Australian Banking Association (ABA) and the Customer Owned Banking Association (COBA) will be ahead of the curve when new compliance standards are created. A news release by the Minister of Treasury states, “The Government is working on tough new industry codes for banks, telcos and digital platforms, which will set clear, robust obligations to protect Australians.”
Financial institutions (FIs) that embrace the accord will prevent scams and money mule accounts by bolstering Know Your Customer (KYC) compliance with at least one form of biometric verification — one of the six recommendations detailed in this Scam Safe infographic and also below.
In this blog, we’ll cover all six initiatives of the Scam Safe Accord in the most simple terms and explain how FIs can meet the objectives with a unified, easy-to-manage solution that’s ‘Scam Safe’ ready out of the box. But first, let’s examine the problem.
How are consumers being scammed?
Consumers are being enticed by too-good-to-be-true investment schemes, romance scams and coveted tickets to popular concerts. A timely example: scammers are selling tickets (ones they don’t have nor intend to deliver) to Taylor Swift’s Eras tour. This scam quickly racked up $260K in losses within weeks of tickets going on sale in Australia.
Another popular scam often begins as a text or call regarding a bill that’s overdue or a bank account with fraudulent charges. The scammer creates a sense of urgency to convince the victim to immediately transfer money out of their bank account to one controlled by the scammer.
According to a scam report released in 2023 by the Australian Competition and Consumer Commission (ACCC), “Bank transfer remains the most reported [scam] payment method,” accounting for 62.9% of all scams. The challenge with bank transfer scams, also known as authorised push payment (APP) fraud, is two-fold:
The victim authorises the payment themselves.
In most cases, these funds go to money mule accounts used to move and conceal illicit funds from authorities.
Mule accounts are either set up using stolen or synthetic identities or opened by people who are paid to move the funds offshore, withdraw it or convert it to cryptocurrency. Once transferred, it’s nearly impossible to recover the money.
The bottom line: scams cost billions annually, undermining trust and financial security.
The 6 Scam Safe Accord initiatives
Until now, there have been very few ways to stop social engineering scams that manipulate victims into making a quick, often panicked, decision to make a payment or transfer funds. It’s precisely what the Scam Safe Accord is designed to fix — building upon 3 core objectives:
Disrupt: Improve accuracy around identities and payees
Detect: Increase intelligence through interbank sharing schemes
Prevent:Limit transfers to high-risk channels, i.e. suspicious crypto accounts
In brief, the accord’s 6 initiatives include: stronger confirmation of payee, increased warnings, payment delays, biometric checks, threat intelligence sharing and better oversight of scam detection and response — with a complete anti-scam strategy.
Here’s the full breakdown of all 6 initiatives:
1. Confirm the payee with new name-checking technology: Banks are developing a new system that allows customers to confirm they are transferring money to a trustworthy recipient, ensuring the payee’s name matches the intended recipient.
Objective: Mitigate the risk of customers unwittingly paying a scammer.
Implementation: All banks will roll out the same name-checking technology that’s currently in development, funded by a $100M investment.
Timeline: Design and rollout of the new system will occur over 2024 and 2025.
Solution: FIs are developing their own internal solutions to compare payee names and bank account numbers, a capability within their inner sanctum that’s beyond external vendor reach.
2. Prevent identity fraud with biometric checks: Banks will adopt new technology and controls, including at least one biometric check for new individual customers opening accounts. These checks can either detect a person’s behaviour, authenticate a customer’s face or fingerprint to verify their identity.
Objective: Prevent identity fraud, money laundering and mule accounts with stronger verification methods that also bolster compliance with Anti-Money Laundering (AML) and Know Your Customer (KYC) mandates.
Timeline: Member banks will implement biometric checks by the end of 2024.
Solution: Transmit Security offers a variety of biometric verification methods that provide flexibility and layered protection while optimising customer experience:
Identity verification with biometric matching of the selfie & ID photo
Passwordless MFA or passkeys using fingerprint and face ID
Orchestrated services adapt the user flows based on real-time risk and trust, invoking the right biometric method — at the right time
3. Introduce warnings and delays: For transactions involving new, unknown payees, banks will introduce alerts and payment delays.
Objective: Protect customers from scams that create a sense of urgency.
Timeline: Banks will implement it by the end of 2024.
Solution: Transmit Security detects scam signals in real time with AI-driven multi-method detection, fusing anti-fraud and identity into a consolidated identity-security platform that offers superior risk/trust detection accuracy.
Crucially, this includes payment and payee anomaly detection directly within the application, allowing for more immediate threat responses earlier in the transaction flow.
Our powerful orchestration engine correlates all risk/trust signals and automates decisioning, adapting user journeys to meet security, compliance and UX requirements in real time.
Most notably, Transmit Security is the only vendor that’s leveraging generative AI to intercede with a chat session when there are signs of social engineering. The goal of this is to:
Inject friction while educating the customer
Verify if the money recipient is legitimate
Thwart the transaction if it’s a scammer
4. Share intelligence across the banking sector: Banks will invest in a major expansion of intelligence sharing across the sector all ABA and COBA members will join the Australian Financial Crimes Exchange (AFCX)
Objective: Use shared threat intelligence to improve scam prevention and recovery of stolen funds.
Implementation: All ABA and COBA members will join the Australian Financial Crimes Exchange (AFCX) and the Fraud Reporting Exchange.
Timeline: From mid-2024 to 2025.
Solution: Transmit Security ingests web-based scams signals, including fraud ring analysis and blocklists of known fraud faces to bolster shared threat intelligence. As a unified solution with a conversational analytics chat tool, threat intelligence is instantly interpreted for better understanding and deeper insights.
5. Limit payments to high-risk channels: Banks must be able to make risk-based decisions in real time to limit payments when money is being transferred to a high-risk getaway vehicle, like a cryptocurrency account.
Objective: Protect customers by limiting their losses based on risk levels.
Implementation: Banks will make risk-based decisions to limit payments to channels identified as high-risk, recognizing that once stolen funds reach these channels, recovery is extremely difficult.
Solution: Transmit Security enables real-time payment limits and detects anomalies at the application layer — before banking systems are even engaged. Better yet, AI-driven security with context-aware intelligence is able to assess risk and trust in real time so that no money is lost, not just limited.
6. Implement a comprehensive anti-scams strategy
Objective: Enhance the oversight of scam detection and response.
Solution: Transmit Security delivers a complete anti-scam strategy — in a unified, easy-to-manage platform that fuses customer identity and access management with enterprise-grade cybersecurity and fraud prevention.
By replacing disparate, multi-vendor products with a consolidated, layered solution, banks can seal the security gaps and eliminate data silos that otherwise hinder the visibility and agility you need to stop scams in real time.
Transmit Security Scam Prevention
Detecting suspicious behaviour and transactions It’s essential to detect suspicious behaviour based on intelligence collected throughout the user journey. Is the user pausing more than usual? If so, this may indicate the customer is being coached. Or perhaps they’re “too fluent,” moving along more quickly than usual. Maybe they are carrying out an activity outside of their normal patterns.
Any behaviour that strays from that individual’s norm could indicate a fraudster is in control. With Transmit Security’s advanced behavioural biometrics, you can detect aberrant user activity based on robust user profiles built across time.
Analysing transaction intelligence It’s essential to continually analyse a broad range of signals to detect anomalies with accuracy. Transmit Security detects if a money transfer is going to a new or atypical recipient and if similar transactions are happening at a high frequency. Transaction size can also indicate scams; for instance, if the amount is slightly below the bank’s threshold for additional controls, this could be a fraudster trying to fly under the radar.
Assessing the full context Transmit Security checks device and network reputation, mule accounts and lists of targeted, higher-risk banks (typically ones with easier account opening processes). It even looks at call centre intelligence and weighs the customer’s age as a factor since the elderly are commonly targeted by scams.
Leveraging machine learning and AI Our detection and response service analyses risk signals within the full context of all that’s happening in real time — to detect suspicious transactions and stop social engineering and scams before the money is gone. With a generative AI chatbot, we’re able to increase interaction with the customer, introduce friction and verify the money recipient — to accurately assess the level of risk and prevent scams.
Transmit Security redefines fraud management, offering an all-encompassing solution that combines cutting-edge technology and user-centric design, ensuring you stay ahead of evolving scams. Discover the industry’s only identity-security platform — purpose-built to stop scams with supreme accuracy.
In 2004, the same year the U.S. launched the National Cyber Alert System, Brooks launched her career with one the largest cybersecurity companies in the world. With a voracious curiosity and a determination to shed light on a shadowy underworld, she's been researching and writing about enterprise security ever since. Her interest in helping companies mitigate deceptive threats and solve complex security challenges still runs deep.