Skip to content   Skip to footer navigation 

The basic check banks aren't doing to prevent scams

Account name matching has prevented thousands of scams in other countries, but Australian banks have yet to get on board. 

woman_checking_phone_scam_lead
Last updated: 01 November 2023
Fact-checked

Fact-checked

Checked for accuracy by our qualified fact-checkers, verifiers and subject experts. Find out more about fact-checking at CHOICE.

Need to know

  • Most Australian banks don't check that BSB and account numbers match the name of the account customers are sending money to
  • Account name matching is a basic anti-scam measure that has blocked many fraudulent transactions in other countries
  • In July 2022, the ACCC called on the banking sector to establish an industry-wide account name checking system, but that has yet to happen

The phrase 'like money in the bank' conjures images of trustworthy institutions whose integrity and reliability is ironclad. But that image has been tarnished in recent years, as many banks have made it all too easy for scammers to take advantage of their customers.

How so? It may come as a surprise that most Australian banks don't check that BSB and account numbers match the name of the account customers are sending money to, a basic anti-scam measure that has blocked many fraudulent transactions in other countries. 

 Most Australian banks don't check that BSB and account numbers match the name of the account customers are sending money to

That's probably why bank transfers are the most common method for paying scammers in Australia. And a lot of scammers have been well paid.  

Australians lost over $210 million in fraudulent bank transfers in 2022, an increase of about 63% over the previous year.

No industry-wide system in place

The technology to check that recipients are who they say they are exists, but much of the banking industry in Australia has yet to take it on board. 

Many people wish they would, including government agencies.  

In July 2022, the Australian Competition and Consumer Commission (ACCC) called on the banking sector to establish an industry-wide account name checking system, but the industry is still in the early consultation stage on the issue. 

As it stands we're in a situation where we could be sending our money to anyone.

Big banks implementing their own systems 

While an industry-wide system isn't yet in place, three of the big four banks currently have their own systems – CBA 'name check', Westpac 'verify', and NAB 'payment prompts'. 

A spokesperson from the fourth big bank, ANZ, told CHOICE "we're in support of a whole of industry solution to name checking, and continue to work with government, regulators, banking and other industries, on a coordinated approach". 

[Australia needs] cross-industry standards that are mandatory, enforceable and have the coverage to ensure scammers can't exploit weak links

National Anti-Scam Centre spokesperson

In July this year, NAB announced that its 'payment prompts' system had been activated in about $270 million worth of payments since March. About 12% of the payments were ultimately cancelled. According to the bank, customers have been putting a stop to approximately $290,000 worth of payments every day after receiving a payment prompts message questioning the validity of the transaction.

customers_talking_to_bank_staff

Banks are often involved in the process of transferring money to scammers, yet very few agree to compensate victims.

Mandatory, enforceable standards are needed 

The ACCC says the steps three of the big four banks have taken won't be enough to stop the onrushing tide of scams across the banking sector. 

A spokesperson for the ACCC's National Anti-Scam Centre told CHOICE in October that Australia needs "cross-industry standards that are mandatory, enforceable and have the coverage to ensure scammers can't exploit weak links". 

Such standards would "lift the bar across the scams ecosystem", the ACCC says. 

Other countries have already lifted the bar.

What are other countries doing?

The 'confirmation of payee' system was adopted by the six largest banks in the UK in 2019, for instance, covering 92% of bank transactions. After the first year, transactions to the wrong account, including scammers' accounts, fell by 35%.

When Dutch banks introduced the IBAN-name check service in 2017, reported scams and fraud ended up falling by 81%

When Dutch banks introduced the IBAN-name check service in 2017, reported scams and fraud ended up falling by 81%.

The UK also has the 'contingent reimbursement model code', which requires banks to take various steps to prevent scams and reimburse victims in some circumstances when they happen. 

The banking sector in Australia currently has none of these protections in place.

No incentive for banks to stop fraud

Simon Smith, a cybersecurity expert who has served as an expert witness on behalf of victims in a number of bank payment scam cases, says the reason Australian banks have yet to adopt an account name matching system is because they're not legally required to do so. 

"They actually don't make money out of stopping fraud, so there's no incentive," Smith tells CHOICE. 

"So unless they are penalised and held accountable, there's no benefit for them and their shareholders in stopping fraud. There's no incentive and no government regulation. It just shows that the wheels in motion are only there to produce a result for shareholders. They're not there to save someone's mum or grandma from getting scammed out of a million dollars."

Change may be on the horizon

Meanwhile, the Australian Banking Association (ABA) tells CHOICE that the process has begun to prevent bank customers from sending money to scammers.

A spokesperson says the ABA has applied for ACCC authorisation to hold industry-wide discussions "about initiatives to prevent, detect and disrupt scams", adding that the authorisation "referred specifically to the topic of payee verification solutions". 

The ABA says industry discussions are focusing on how the big bank models "could be extended across the whole industry", but there's no firm indication of when that might become a reality.

They actually don't make money out of stopping fraud, so there's no incentive

Simon Smith, cybersecurity expert

It'll be too late for octogenarians like Ron and Judy, who recently lost $40,000 in a Telstra bond scam. The payment was facilitated by Suncorp bank, which the couple attended in person. Neither the account nor the BSB number matched the name of the account the money was sent to. 

Smith says the fact it's taken this long for the banks to consider applying such a basic anti-scam check speaks for itself. 

"Hotdog stands have to comply with food, health and safety regulations. Yet, you can send a million dollars to another account, and then it's just gone. There's no actual duty of care on the part of the banks. And that's a big problem."

We care about accuracy. See something that's not quite right in this article? Let us know or read more about fact-checking at CHOICE.

Stock images: Getty, unless otherwise stated.