Banks and telcos have work to do to build trust and protect their customers from falling victim to scams.
We are in the midst of a scamdemic, with text message and email-delivered attempts to hijack our phones or manipulate us into divulging sensitive information sitting like ticking time bombs in our inboxes.
It is hitting people in the pocket. The government’s cyber security agency CERT (Computer Emergency Response Team) NZ reports the $6 million that Kiwis were scammed out of in the first three months of the year is the tip of the iceberg. Most financial losses from scams go unreported.
I rarely answer my phone these days unless I know who’s calling. Too often, it’s some weird offshore call-centre agent digging for personal information, and probably taking an audio sample of my voice so they can use an AI bot to masquerade as me in some sort of scam.
Psychologist Nigel Latta canvasses all of this in his new TVNZ documentary series You’ve Been Scammed. Last week, he told me the scammers ripping people off were your garden-variety confidence tricksters using easily available tech tools. They are not sophisticated criminal masterminds.
“You just need to work the numbers,” he said. “You send out a gazillion texts, a gazillion emails, you spend some time using very low-level technology, and you can get thousands of dollars out of a business or person”.
Be vigilant, he advises. That’s our front-line defence – pause and think before clicking on a link in a text message that may take you to a website, or decide to call back the legitimate 0800 number of a business to confirm that the smooth-talking salesman you’ve just been talking to is the real deal.
But our telecoms providers, banks and the Big Tech companies who play a major role in our online lives need to do better as well and, if necessary, be compelled to do so with tougher regulations. Education will get us only so far.
Unless you are dabbling in the wild west world of cryptocurrencies, the banks are the gatekeepers who send, on your behalf, thousands of dollars to an offshore account. If you fall victim to a sophisticated scam, your bank may argue that it’s your problem, your loss.
The UK is changing that. A groundbreaking new law will see banks forced to reimburse customers for losses unless they acted fraudulently or with gross negligence. Australia is now considering similar legislation.
New Zealand telcos collaborate with CERT NZ to try to block scam texts and phone calls. But Australia goes further with its SMS spam code, which requires telcos to identify, trace, and block SMS scams. Non-compliance is punishable with a fine of up to A$250,000.
Latta was surprised by the extent to which the likes of Google and Apple profit from scams. So-called fleeceware apps regularly appear in the Apple and Google Play app stores and are designed to scam users into making in-app purchases.
When my Facebook account was hacked in March, the criminals tried to use my credit card details associated with an old business Facebook page to buy advertising for their scam site. Luckily, the credit card had expired, so the transactions didn’t go through. But I received no notification from Facebook that a random new user on my account had attempted those purchases.
The regulatory moves overseas are designed to encourage banks and telcos to innovate. If they know they will be liable for losses and fines, the clever AI tools they use to market mortgages and mobile-phone plans to us will increasingly be applied to blocking scammers and flagging suspicious transactions.
“The arms race will escalate,” Latta told me.
“But I think there are some real opportunities for businesses to build trust with customers and build loyalty.”
In the current scammy climate, those businesses that do more to spare us from the online tricksters have a serious competitive advantage.
