With the Scams Prevention Framework Bill 2024, Australia will soon require that businesses in the technology, banking, and telecommunications sectors step up and combat scams related to their own services and products. The mandatory rules came into force late last year, and they have the effect of holding banks, technology, social media, and telecommunications firms responsible for allowing their customers to be scammed, with fines of up to AU$50 million for non-compliance.
The law comes in response to the worrying growth of online scams, which cost Australians at least AU$2.74 billion in 2023 alone. Experts say that figure is likely to be on the low side, as many victims do not report the losses they incur.
Scams are one of the fastest-growing digital crimes and target a wide cross-section of Australia’s community, exploiting vulnerabilities in software and social media to trick consumers into giving up important financial information and personal details. Common tactics include so-called “phishing attacks”, where scammers send messages via email or social media to unsuspecting victims, redirecting them to malicious websites that spoof real brands in order to steal sensitive information.
Businesses Must Lead The Fight
The Scams Prevention Framework represents Australia’s first coordinated, cross-sector approach to protecting Australians from online scams. It aims to incentivize enterprises to respond to the growing prevalence of scams and lead the fight to prevent them.
Also known as the SPF, it applies to banks, financial service providers, telcos, technology firms and social media platforms, encouraging them to step up and try to detect and block scam activities before consumers become victims. Those companies are now mandated to implement a number of measures to detect and respond to such malicious activity, and to that end, the SPF supports the development of new technologies and tools that can aid in the real-time identification of scams.
It also calls for the creation of a standardized reporting mechanism that can help to track scams and share them with the relevant authorities and industry stakeholders. At the same time, it aims to encourage collaboration between financial services providers, telecoms, social media platforms and digital services so they can share information about emerging threats. The idea is that by creating a united front, private companies and the government can find a way to eliminate the threat of scams.
Enterprises should be aware that the SPF rules, focused on scam detection, reporting, prevention and governance, will be enforced by the Australian Competition and Consumer Commission, which has the discretion to impose heavy fines on those that fail to comply.
The ACCC says it will work closely with other regulators to ensure that enterprises take their obligations under the SPF very seriously. The maximum penalties the ACCC can impose on non-compliant enterprises are established via the Treasury Laws Amendment Bill of 2024, which stipulates a maximum fine of AU$50 million for corporations that fail to meet their obligations. For individuals and non-corporate entities, the maximum penalty is capped at around AU$2.5 million.
How Can Enterprises Stay Compliant?
SPF non-compliance will become a threat to many organizations, and technology-based solutions are providing a way for such risks to be navigated. Scam detection tools are expected to become essential defences for most enterprises, as many lack the expertise and know-how required to detect and remove scams themselves.
Memcyco’s digital impersonation tools can help to remove a lot of headaches around SPF compliance, as they provide access to advanced, real-time phishing and brand impersonation systems that take proactive action against scammers and their malicious websites while providing detailed analytics and enhancing consumer awareness.
Its platform enables companies to ensure compliance with SPF rules while reducing the number of fraud incidents related to their business, meaning fewer compensation claims from scam victims.
While Memcyco is more proactive, companies can also use software like Donesafe to adopt a more reactive strategy. Rated as one of the leading compliance management software providers in Australia, Donesafe offers a suite of tools for controlling, managing and complying with all of major risk, governance and regulatory compliance and workplace obligations relating to Australian firms, unified under a single system.
Its integrated framework makes it possible for companies to visualize and oversee their entire risk management process, identify key risks, implement controls and leverage risk and control libraries with full automation. Enterprises can visualize opportunities and risks pertaining to regulations such as the SPF, WHS, COMAH, OSHA PSM, ISO 45001 and ISO 31000 at a glance to know exactly where they stand in terms of compliance.
In addition to these tools, enterprises can further protect themselves by reviewing their existing security protocols and taking steps to enhance collaboration with industry stakeholders, facilitating the exchange of information that highlights new scam trends and techniques.
Organizations will also need to collaborate on a standardized reporting system to enable the consistent tracking of online scams. Finally, they’ll be required to ramp up consumer education initiatives in order to grow awareness of scams and the techniques used to facilitate them. By helping their customers learn how to spot fake websites and social media messages, they will reduce the chances of them becoming victims of such attacks.
A unique opportunity for Australian brands
The SPF may be controversial, but it’s clear that banks and other big businesses are the best equipped to lead the fight against online scammers. Someone needs to take a stand against online scammers. By taking the initiative to comply with the SPF early, Australian brands have a unique opportunity to shut down these criminal activities and boost their reputation as the foremost protectors of the customers they serve.
