Australia’s Scam Safe Accord: A Beacon of Hope Emerges?

Paul Warren-Tape

Australia is no stranger to the relentless assault of scams and schemes that threaten the financial security of its citizens. And in an environment where criminal syndicates lurk in the shadows, preying on unsuspecting victims, the nation has felt immense pressure to take action. 

Enter the Scam Safe Accord, a beacon of hope in the fight against fraud, spearheaded by none other than the banks themselves.

An unlikely alliance

At first glance, it might seem peculiar that competitors in the banking sector would join forces. Yet, with Australians reporting a staggering $3.1 billion in scam losses in 2022—a 253%(!) surge over just two years—the urgency for collective action becomes apparent. 

Looking globally, fraud scams and bank fraud schemes resulted in a staggering $485.6 billion in losses last year, according to the Nasdaq 2024 Global Financial Crime Report. Now, let’s be clear: these funds are not being used for good, as the perpetrators aren’t solving world peace or tackling climate change.

In the face of such staggering statistics, it’s clear that the status quo is unsustainable, driving the collaborative effort among banks that typically compete.

Breaking it down

The Scam Safe Accord operates on three fundamental principles: 

  1. Disrupt, 
  2. Detect, and 
  3. Respond. 

Under these guiding pillars are six key measures and a dozen sub-actions, each meticulously crafted to combat the evolving tactics of scammers. 

Given that IDVerse uses generative AI to deliver an end-to-end SaaS solution for identity verification and fraud protection for businesses globally, the rest of this blog will focus on the first principle: disruption. Specifically, the key measure that “banks will take action to prevent misuse of bank accounts via identity fraud”, which requires: 

  1. All banks will adopt further technology and controls to help prevent identity fraud, including major banks using at least one biometric check for new individual customers opening accounts online by the end of 2024;
  2. These checks will be either detectable to a person’s behaviour or involve a check of a customer’s face or fingerprint, enabling banks to use these characteristics to verify their customer’s identity.  

Garbage in, garbage out

For starters, the Accord will require banks to leverage AI-powered technologies in order to meet the above-stated objective. As we have said previously, not all IDV solutions are created equal. From an outsider’s perspective, the tech appears to look and perform the same—it has the same steps and uses the same approaches that leverage AI, machine learning, deep neural networks, and automation to get you a result. 

It’s what’s under the hood that makes the difference in the fight against fraud. IDV companies must be transparent about any bias, limitations, and accuracy. In addition, IDV providers must make sure that we don’t just make good tech, but that we embed accessibility and inclusivity into the process of designing and building it—and that we also feed our AI good input to train it. 

The world doesn’t need “solutions” that exclude whole groups of people any more than it needs AI chatbots tweeting about 9/11. (Go Google “Twitter taught Microsoft’s AI chatbot to be a racist asshole in less than a day” and you’ll see what I’m talking about.)

Papers, please

The first and crucial step in the remote verification process is to validate that an individual has a real government issued photo ID. (We need the photo to biometrically match you to it.)

Using the NIST Digital Identity Guidelines, which are generally accepted as a global best practice, there are two ways you can do this: 

  • Using appropriate technologies, confirming the integrity of physical security features and that the evidence is not fraudulent or inappropriately modified, and/or 
  • All personal details and evidence details have been confirmed as valid by comparison with information held or published by the issuing source or authoritative source(s). 

NIST suggests to get a high confidence of the identity, that you should apply both of these to a government-issued document like a passport or drivers licence. 

Discerning real from fake

In Australia, the authoritative source is the Document Verification Service or DVS. The DVS has a limited ability to prevent fraud, as it only checks that the data is correct without verifying the authenticity of the document. This means that if you acquired accurate stolen/breached data and put it onto a fake document with your own photo, you could impersonate anyone and not be detected by the DVS—even with a biometric check included.

This is why AI-powered document authenticity is so important in the fight against fraud. The accuracy of IDVerse’s fraud prevention is one of our differentiators in the market. And it is not just us saying this, we had it independently tested by BixeLab, and in lab testing identified 100% of the document fraud attacks.  

At IDVerse, our proprietary technology verifies the individual has presented an original identity document through a layered approach

  • The identity document is being presented in real-time, as we control the session on the individual’s smartphone; 
  • The Document Fraud Analysis AI-powered technology verifies the input is a real physical identity document, is valid, and the visible security features are genuine, whilst also detecting fraudulent attempts such as those occurring through fake, tampered, or generative AI-created synthetic documents.

Biometrics are best

But the fight against fraud doesn’t end with onboarding. Biometrics, once reserved for sci-fi novels and spy thrillers, are now poised to become a frontline defence in customer authentication. Once you have biometrically onboarded a user, you are able to leverage their biometrics—with their consent of course—as part of your ongoing customer authentication or interaction with your customers, to ensure they are really them, e.g., for high risk transactions/purchases or when changing their personal details at the call centre.

We see this as one of the emerging cybersecurity changes in the adoption of digital identity, where biometrics will be used as part of strong multi-factor authentication. This approach is in the Australian government’s cybersecurity framework. 

This aligns with what is happening about trying to phase out passwords—the passwordless vision of the FIDO Alliance. The FIDO Alliance is a global open industry association with a focused mission: reduce the world’s reliance on passwords. Their members include all the big tech companies including Apple, Amazon, and Google (as well as a smaller but powerful industry-leading IDV company called IDVerse). 

No surprises, IDVerse also has our very own proprietary product to assist the banks, Face Access. It allows your customers to use their face to unlock anything that requires a password, as the face is by far the most reliable modality of biometric verification.

Off to a great start

As we stand on the precipice of a new era in cybersecurity, the Scam Safe Accord serves as a testament to the power of collaboration. Together, banks can turn the tide against fraud, safeguarding the financial futures of millions. The journey ahead may be fraught with challenges, but with the right technology and a shared commitment to progress, victory is within reach.

So, let’s raise our voices in solidarity, for the battle against fraud is not just a fight for our wallets—it’s a fight for a better, safer world.

For those interested in learning more about evaluating IDV solutions and keeping deepfakes off your platform, check out our comprehensive guide.

About the post:
Images are AI-created. Prompt: Photorealistic image of diverse bankers of various genders and ethnicities wearing business attire, forming a multi-level acrobatic human pyramid, in a serene lush green field on a bright sunny day with a clear blue sky, smiling faces, sense of unity and happiness, overhead angle, faces uplifted, a humorous scene. Tool: Midjourney.

About the author:
Paul Warren-Tape is IDVerse’s GM for the APAC region. He has 20+ years of global experience in governance, operational risk, privacy, and compliance, spending the last 10 years in pivotal roles within the Australian financial services industry. Warren-Tape is passionate about helping organisations solve complex problems and drive innovation through encouraging new ideas and approaches, whilst meeting their legislative requirements.

x  Powerful Protection for WordPress, from Shield Security
This Site Is Protected By
Shield Security