THE Australian Small Business and Family Enterprise Ombudsman (ASBFEO), Bruce Billson, has welcomed the significant commitment announced today by the banking industry to "better support small businesses to combat scams".
Mr Billson said a $100 million upgrade across the banking sector to confirm who money is being paid to by matching names with account numbers will particularly benefit small businesses who too often fall victim to the invoice substitution scam.
“Nefarious cyber criminals can wreak havoc for a small business but sadly the number of scams and the size of the losses for small and family businesses is growing,” Mr Billson said.
“When a criminal impersonates your business, it not only costs you and your customers money but can damage your brand and lead to a loss of consumer trust and confidence and the ability to operate. Too often, it can be an enterprise-ending event for a small business.”
Scamwatch data shows small businesses lost $13.7 million to scams last year, a 95 percent increase compared with the previous year. The biggest contributor to these losses were payment redirection scams.
Mr Billson said small businesses had been particularly vulnerable to the invoice substitution scam – also called payment redirection scams or business email compromise – where cyber criminals get into their computer system and intercept emails to customers and insert different bank account details.
“A small business sends an invoice to somebody and the criminal changes the banking details," Mr Billson said. "When it lands in the customer's inbox, it looks legit and is a bill they were expecting so they pay it. The money goes to the criminal’s bank account and is quickly shifted, usually to crypto currency, and is gone.
“These jokers run off with the money, the customer has done their dough, and the small business hasn’t been paid," he said.
“ASBFEO has been highlighting the urgent need for a ‘confirmation of payee’ scheme to be introduced in Australia, noting similar programs operate in other countries offering a really practical safeguard. This ensures people can confirm they are transferring money to the person intended and that names are matched to BSB and account numbers.
“Today’s pledge by the banking industry to roll out a new confirmation of payee system will go a long way to stopping scammers being able to divert invoice payments by simply and silently changing a bank account number.”
Mr Billson noted the package of measures announced by the Australian Banking Association and the Customer Owned Banking Association will apply to commercial banks, customer owned banks, mutual banks, building societies and credit unions.
It will include more use of biometric checks and other controls to prevent scammers opening fraudulent bank accounts in other people’s names by using stolen information from driver’s licences, passports and other identity documents.
There will also be increased warnings and payment delays for suspicious transactions, limits on high-risk payment channels, which can include crypto platforms, and greater intelligence sharing across the banking sector using the Australian Financial Crimes Exchange.
However, Mr Billson said beating the scammers relied upon everyone being at their best by doing what they can to tackle the scourge of cyber crime and to “listen to our Spidey senses if something doesn’t seem right”.
“Business owners wouldn’t leave the door open with the light on at night when there's no one there, so they must take the right steps and safeguards in the digital world,” Mr Billson said.
“Telecommunication companies are trying to do their bit via what's called a ‘clean pipes’ initiative, where they cut off a lot of cyber threat traffic through the telecommunications infrastructure.
“And just last week the Australian Government announced two programs offering small businesses practical help to minimise the chance of falling victim to a cyber attack and to better prepare them to bounce back."
Mr Billson said next week is Scam Awareness Week and an ideal time for small business owners to take a few extra moments to check they have appropriate safeguards in place.
“Scamwatch says three in every four scam reports involve criminals pretending to be people we should trust,” Mr Billson said.
The new National Anti-Scam Centre said small business owners who feared they had fallen victim should contact the Report a Scam website (www.scamwatch.gov.au/report-a-scam) and dedicated resources to combat scams can be found at www.scamwatch.gov.au.
The Australian Cyber Security Centre, through the cyber.gov.au website, provides resources and guides for small businesses on how to manage information and secure their businesses, including a free Cyber Security Assessment Tool that can help identify the cyber security strengths of a business and learn how to improve cyber security: www.cyber.gov.au/resources-business-and-government/essential-cyber-security/smallbusiness
The website also contains information on how to recover and small businesses can report cyber attack incidents through 1300 CYBER1.
The ASBFEO website includes simple steps and a checklist to better protect small businesses: asbfeo.gov.au/resources-tools-centre/cyber-security.
ASBFEO's website also has a video offering tips which can be viewed at: www.youtube.com/watch?v=lxoZ1vjbalg