In October 2021, Anne, a Victorian education consultant, lost almost $100,000 within 48 hours after scammers hacked her email, posed as her and directed her clients to pay invoices into a different account.
“[My client] rang me and said, ‘Did you get the money?’ I said no. But the bank said it was too late, it was gone,” says Anne, who is using a pseudonym for privacy reasons.
Anne might have got her money back had she been in the UK, where some financial institutions have signed up to a voluntary code meaning banks should refund the money unless a customer acted fraudulently or with “gross negligence”.
Banks in Australia don’t have the same kind of code and, with thousands in the country falling victim to scams, the country’s competition regulator and the Consumer Action Law Centre are pushing for Australia to adopt a similar approach to the UK.
Last year more than 239,000 scams worth $570m were reported to Scamwatch, with false billing scams the second most common type reported. The organisation says this is just the tip of the iceberg, estimating that only 13% of all scams get recorded, and says someone who is scammed is unlikely to get their money back.
Tom Abourizk, a policy officer at the law centre, says the “glaring lack of regulations means [Australia is] a wild, wild west”.
“[The UK approach] establishes an onus on the banks, they have a financial interest to make sure their systems are up to scratch,” Abourizk says.
Despite banks investing money in cybersecurity, he says, there are still regular cases where “transactions that would raise alarm bells” are not being properly checked.
“That makes it hard for people to get their money back. The standards of care set for the banks are really low right now. At the end of the day they don’t have the responsibility.”
Sign up for Guardian Australia’s free morning and afternoon email newsletters for your daily news roundup
Abourizk says the onus on the individual to completely protect themselves is unfair, considering that the bank’s job is to keep money safe.
The Australian Competition and Consumer Commission also wants to see a model that would require banks to reimburse scam victims.
“The ACCC considers that reimbursement models should apply particularly in situations where an organisation has failed to take steps that could have protected the consumer or prevented a scammer opening an account,” a spokesperson said.
It also wants banks to implement confirmation of payee (CoP) technology, which is used in the UK to reduce accidentally misdirected payments by checking the name of the payee’s account against other details given by the payer. The technology puts the onus on banks to check, compared with PayID, which is used in Australia and which puts the onus on the consumer.
In the first year CoP was adopted in the UK it cut misdirected payments by 35%, according to the ACCC.
The Australian Banking Association did not respond to a request for comment on whether a model putting onus on banks to reimburse scam victims should be introduced in Australia.
An ABA spokesperson said banks covered almost $103m in customer losses in 2021, while financial institutions reported to the ACCC that they prevented or recovered nearly $341m from scammers in that period.
The ABA said customers should use PayID, which helps protect transactions against scammers, saying the “banking industry is actively encouraging consumers and merchants to use this system”.
Last year Australian banks fought a push from consumer advocates to refund scam victims, telling the Australian Securities and Investments Commission it risked creating complacency among customers.
The federal government pledged during the election to bring in a tough new code for banks. But at a conference last year, the financial services minister, Stephen Jones, pushed back on the idea banks should be liable for losses.
“There should be a high bar on what is expected by all of our institutions – but if they meet all of their obligations it doesn’t seem right that they are liable,” he told the conference. “If banks always pay the net result creates a honey pot for scammers.”
