Galexia

Submission - Joint submission to the 2007 Review of the Electronic Funds Transfer (EFT) Code of Conduct to ASIC (May 2007)

Q6 – Is the growth in, and growing publicity given to, fraud issues having an impact on online transacting in Australia at present?

Online fraud is undoubtedly becoming an increasingly prominent form of identity theft. For example, the Anti-Phishing Working Group (APWG), a worldwide association consisting of over 2600 members (including several prominent financial institutions) received 23 610 reports of phishing attempts on the Internet during February 2007, representing an increase of more than 12 000 compared with the corresponding figure for the same month in 2006.[20] Of particular interest is that of the 16 463 unique phishing websites detected by the APWG during February 2007, over 92% of those sites attempted to falsely identify themselves as belonging to organisations in the financial services industry.[21] This emphasises the necessity for financial institutions to improve their response to the problem of online fraud being perpetrated against their customers.

APACS, the UK trade association for payments and for institutions who deliver payment services to customers, reported that in the first six months of 2006, incidences of online fraud caused the loss of 22.5 million pounds (approximately $54.5 million AUD), representing an increase of 55% compared with the corresponding period in 2005.[22]

The Australian Payments Clearing Association (APCA) has also reported that there were 37 952 incidents of card-not-present fraud (which includes online fraud) perpetrated in Australia on Australian-issued cards during the period from July 2005 to June 2006, with a total value of over eleven million Australian dollars. There were also over 38 000 incidents of card-not-present fraud relating to cards issued outside of Australia with a total value of over ten million Australian dollars.[23] Given the growing incidence of phishing attacks worldwide, it is realistic to expect these already significant figures will continue to rise at a rapid rate. If more is not done by financial institutions to control the growth of online fraud, this will undoubtedly affect the confidence of their customers in using the online channel to perform banking transactions and hence the continued viability of online banking generally.[24]

The fragile nature of consumer confidence in Internet banking and electronic payment systems in Australia appears to be resulting in some financial institutions using phrases such as ‘we guarantee the security of your money’ on Internet banking sites. However, such a claim is usually accompanied by a considerable degree of fine print.

A small selection of ‘guarantees’ are included in the following table:

Institution

Claim

CBA

The Commonwealth Bank’s Security Guarantee

The Commonwealth Bank’s Security Guarantee guarantees the safety of your money as long as you keep to the NetBank terms and conditions.

Westpac

Our Security Guarantee

Subject to investigation, we guarantee that you will not be personally liable for any unauthorised transactions on your Westpac accounts, provided that you:

Were in no way responsible for the unauthorised transaction

Did not contribute to the loss

Complied with the Westpac Internet Banking terms and conditions

ANZ

Our guarantee to ANZ Internet Banking customers

When you do your banking with ANZ Internet Banking, we have security measures in place designed to protect your transactions. You will be protected against unauthorised transactions carried out on your account as a result of using ANZ Internet Banking where you have complied with the Electronic Banking Conditions of Use and it is clear that you have not contributed to the loss.

St George

Our guarantee: St. George Secure

In the unlikely event that an unauthorised transaction does occur on your account, we will refund the full amount. Read more about our commitment to you. (This link then leads to further qualifications but they don’t appear on the home page)

The lesson from the use of these ‘guarantees’ in Internet banking promotional literature is that financial institutions need to convince consumers that they can use Internet banking with confidence. Reliance on these guarantees is conditional on the underlying terms and conditions and subsequently on the standards imposed by the EFT Code.


[20] Anti-Phishing Working Group, Phishing Activity Trends Report, February 2007, <http://www.antiphishing.org/reports/apwg_report_february_2007.pdf>, page 2.

[21] Anti-Phishing Working Group, Phishing Activity Trends Report, February 2007, <http://www.antiphishing.org/reports/apwg_report_february_2007.pdf>, page 4.

[22] APACS, Latest figures show UK card fraud losses continue to decline in first six months of 2006, 2006, <http://www.apacs.org.uk/media_centre/press/06_07_11.html>.

[23] Australian Payments Clearing Association, Credit and Charge Card Fraud, 2006, <http://www.apca.com.au/Public/apca01_live.nsf/WebPageDisplay/FraudStats_2006A_CreditAndChargeCards>.

[24] Tubin G, The Sky Is Falling: The Need for Stronger Consumer Online Banking Authentication, TowerGroup, April 2005, <http://www.bnet.com/>, page 3.