Australia’s financial regulator is backing a tightening of the voluntary code of practice regulating electronic payments that would limit its usefulness as a mechanism for consumers to recover losses from scams.
The Australian Securities and Investments Commission (ASIC) on Monday reported [pdf] on a long-running review of the ePayments code, which “contains important consumer protections” for ATM, eftpos, card, internet and mobile banking transactions.
The code is eventually going to be made mandatory by the government – work on that will start this year.
ASIC is hoping that it can make “modest” updates to the voluntary code in the interim that may then flow into the government process.
However, some of the changes ASIC intends to push ahead were substantially criticised by consumer groups.
These include a plan to stop collecting yearly data on unauthorised transactions, and to focus instead on ad hoc or one-off reporting.
But a larger set of changes to the code would effectively remove ambiguity that ASIC admits has “in some instances had beneficial outcomes for individual consumers” that were fooled into paying scammers.
The changes, consumer groups argue, could also limit recourse for victims of financial abuse that are coerced to make certain transactions.
ASIC wants to clarify that a payment made as a result of a scam won’t be classified as a ‘mistaken internet payment’ under the code.
The regulator currently sets out a mechanism that allows internet banking customers some recourse if they accidentally direct funds to an incorrect recipient.
Some changes proposed by ASIC would allow for partial recovery of funds in future, insead of the current ‘all or nothing’ approach.
However, ASIC does not believe the mechanism should be on offer for customers that are tricked into sending money to a scammer.
In addition, the commission said that “the speed with which scammers withdraw their victims’ funds from the receiving account means that the process of retrieving the payment through the code’s mistaken internet payments framework is generally unable to be carried out with sufficient speed to secure the lost funds.”
An additional change to the code would “clarify that an unauthorised transaction occurs only where a third party has made the transaction without the consumer’s consent.”
This would specifically exclude “scenarios in which a consumer themselves has made the transaction in question”.
Banks, ASIC said, sought a direction that would “expressly exclude” all scams from the code.
Consumer groups lobbied for the rules to remain, since they provided consumers with some recourse in the absence of a specific code around how the industry should deal with the victims of financial scams.
Consumer groups “argued that financial institutions should shoulder more responsibility for money lost to scams made by internet transfer, just as they generally reimburse customers who lose money to unauthorised card transactions or other fraudulent account activity.”
ASIC said it intends to partially close off this avenue of recourse, arguing that work should be conducted separately to create a specific code for dealing with scams.
It added that “some types of ‘remote access scams’ (where the scammer initiates the payment without authority from the consumer, after having gained access to the consumer’s internet or mobile banking, for example) may still meet the definition of an unauthorised transaction” under the code.
That won’t go far enough for the banking sector, but may appease consumer groups somewhat.
ASIC’s next steps are to change the wording of the code with industry assistance, with a view to publishing it later this year.
ASIC commissioner Sean Hughes noted that the updated code would “not address or resolve every issue raised with us through the consultation.”
“This interim refresh will target a range of key issues with the code to support its ongoing relevance and effectiveness, pending the government’s broader consideration of a mandatory code,” he said.
“This includes taking into account significant developments in technological innovation and preserving the intention for the code to be simple to apply and easy to understand.”