Then there’s the issue of having to prove banks didn’t fulfil their commitments - a further hurdle for those already out of pocket. Worse still, victims must also prove they took “reasonable care” - unlike the UK, where only “gross negligence” bars reimbursement. In short, we’re miles behind international best practice.
Hell hath no fury like a scammed woman scorned
For me, the issue hits a nerve. Last year, I fell victim to a phishing scam involving a hideous toaster, Facebook Marketplace, and a convincing copycat online-banking website.
Plugging in my details to get the appliance-of-hell to be delivered resulted in a loss of $12,500 two days later, as well as my sanity and appreciation for New Zealand music.
Fun fact: I recently learned those “recording for training purposes” disclaimers can include your time on hold. Swearing into a phone to the dulcet tones of Brooke Fraser is, in fact, on the record.
Long story short: because I “consented” to what’s known as an Authorised Push Payment (APP), the bank’s seldom-read T&Cs could mean I could lose my savings, period. Yet, notifications of the activity for the two-day lag were few and far between. Should the payments have been frozen, delayed, or blocked? I was fresh out of luck.
After two weeks of gun-blazing emails, 40-odd phone calls, and a seven-page brief, I was incredibly fortunate to receive a full ex gratia payment. For those who lost $200 million to scams last year, the line between informed consent and deception seems fickle and arbitrary at best.
What’s more, scamming is on the rise, with latest crime and victim survey data suggesting 11% of adults experienced fraud or cybercrime for the year ending October 2024. The rate was 7.7% in 2018. Only 10% of last year’s victims reported the events to the police.
A patchwork of protection
Enter the Banking Ombudsman Scheme (BOS), which offers a dispute resolution service between banks and customers.
Last year, it saw record numbers of complaints. Scams accounted for 45% of complaints, with victims losing an average of $80,174 - up from $57,000 the previous year. Of the 3704 complaints received, only 5.6% were formally investigated, although 94% were resolved through the scheme’s early resolution service.
But here’s the kicker: the BOS decisions are final, with no right of appeal. Equally, it can only investigate complaints involving losses of up to $500,000 and only from member banks. That leaves overseas banks, fintech apps, telcos, and Big Tech effectively unaccountable.
Lagging behind
Further afield, the UK tried - and failed - to introduce a voluntary reimbursement scheme for APP scams in 2019 through the Contingent Reimbursement Model Code. Citing patchy uptake and inconsistent application, parliament pulled rank and created the Payment Systems Regulator. This was after the UK Supreme Court ruled in favour of the banks back in 2023.
In the landmark case of Phillip v Barclays, the Supreme Court overturned the UK Court of Appeal’s decision, which found the bank owed a scam victim a duty not to carry out their payment instructions if there were reasonable grounds to believe they were being defrauded.
The Supreme Court said the court’s job was to interpret the contractual arrangements between the two parties. Ultimately, the victim instructed the bank to complete the fraudulent transaction, end of story. Large-scale policy decisions about the “growing social problem” of scams were for parliament and regulators to decide, not courts, the decision read.
And so it was. As of October last year, all major UK banks are now legally required to reimburse victims of APP fraud in most cases. Liability is split 50/50 between the sending and receiving institutions, with exceptions only for gross negligence. The burden has flipped - it’s now on the banks, not customers.
Australia is catching up. In November, the government launched plans for a Scam Prevention Framework that could see banks, social media companies, and telcos facing fines of up to A$50 million ($54m) for failing to reasonably prevent, detect, disrupt, respond to, and report scams.
Where to from here?
Will our Government ever take on telcos and tech giants like Meta and Google, the platforms fuelling this crisis? Judging by the weak progress on the Digital Bargaining Bill and limp proposals to strengthen the banking code, it seems the current approach protects financial institutions and Big Tech over people.
In an era of instant payments and increasingly sophisticated deception, it’s no longer a question of if you’ll be targeted, but when. Meanwhile, law enforcement, but more importantly, lawmakers, are falling dangerously behind.
Until the balance shifts and victims are adequately protected, “banking on blame” will continue to serve the bottom line, not your wallet.
