Last week, a Sydney couple should have been celebrating the purchase of their new family home.
Instead, they went through a gut-wrenching process of losing more than $1 million to a sophisticated scam.
It’s a traumatising scenario that’s become all too familiar to Ben Young, Westpac’s head of fraud and financial crime insights.
“We know there are a few industries deliberately targeted by this type of scam – conveyancing firms, law firms, construction, companies that hold money in trust; the types of organisations involved in property sales,” Young says.
“And the reason they’re targeted is because there’s usually large sums involved, paid by people to businesses they trust but haven’t paid before so they don’t have a payment history to validate against.”
While each case is different, the scam method is similar – and “worryingly, getting more and more difficult for consumers to spot”, says Young.
“For example, when you’re buying a home, or you’re building or renovating, you expect to receive emails from your solicitor or your builder,” he says.
“You get that email, and it looks legitimate. It might have copies of the correct documentation attached – even documents signed by you – along with details of where to transfer your deposit or down payment.
“But in a heartbreaking number of cases, those emails are from sophisticated criminal impersonators. The only change they’ve made to the legitimate email you were expecting, is to the bank account details.”
Young explains that while banks’ “incredibly robust” fraud detection systems prevent thousands of scam-related and fraudulent transactions each year – and in fact, helped the young home-buying couple last week to recover their money – not all victims of business email compromise or false billing scams are so lucky.
Australians lost a staggering $45 million to these types of scams over the past three years, according to ACCC Scamwatch. Among Westpac's customers, Young says these types of scams are among the top three, alongside investment and romance scams, in terms of volume and value lost.
But he says there is a little-known payment feature available to almost anyone – or any business – with a bank account in Australia that can help combat this type of scam – “PayID”.
“It’s a simple way to receive money and it’s a safer way to send money,” he says of the feature that was introduced as part of the national payment platform – known as the NPP – launched in 2018.
A PayID is an identifier that links to your account, easier for you to remember – and for others to validate – than a BSB and account number, like your telephone number, email address or ABN.
“When a person or business jumps on their online banking to pay you, they type your PayID into the payment field, instead of your BSB and account number, and your display name pops up so they can check they're paying the right person before hitting send on the cash," Young says.
National PayID registrations rose 65 per cent last year to 10 million, according to NPP Australia’s head of engagement Katrina Stuart, who says safety and security was named by PayID users as one of the top reasons for creating a PayID, alongside other benefits such as its real-time speed and ease of transferring money without having to remember bank details.
While registrations are lifting, to date PayIDs have been set up for fewer than 14 per cent of the 76 million accounts which can make or receive NPP payments.
And according to Westpac’s customer data, only a small proportion of those registered for a PayID are businesses. Fewer than 1 per cent of business bank accounts with Westpac have registered a PayID. Among consumer bank accounts, the number is higher at almost 18 per cent.
Stuart says the NPP has observed an increase in the number of businesses – from micro through to larger organisations – choosing to use PayID to accept customers’ payments. She says ongoing use among businesses “will play an important role in PayID becoming mainstream”.
Young would like to see PayID become “the future” of how businesses get paid, alongside BPAY and cards payments.
“For businesses, it’s another way of allowing your debtors to have greater surety over who they're paying without having to call you," he says.
“When people only have the option of a BSB and account number, I will always encourage them to call the business to verbally confirm the numbers, rather than relying on an email which may be compromised. But businesses don't want to get phone calls from every second customer.
“If they just register their ABN as a PayID, their customers can easily validate it without having to call – simply by putting it into their internet banking, or if they really want to be careful, by first validating the ABN in the government’s online register.”
NPP Australia says it is continuing to work with the industry and participating organisations to explore how PayID can be further leveraged as part of broader industry efforts to help prevent scams and reduce mistaken payments, including for business-to-business or system generated payments.
Westpac’s Protect Yourself page offers more information to help avoid scams, and customers can access a Security Wellbeing Check on the mobile banking app for additional protection measures.
By Ben Young
Head of Fraud and Financial Crime Insights