How can we tackle the costs of scams in New Zealand?

We need a fair compensation and protection model that efficiently defends New Zealanders against scammers.

The widescale success of identity and social engineering fraud means scammers are gouging billions from New Zealand consumers, businesses and the economy each year. Individual New Zealanders are losing millions of dollars each year to scammers – with $9m of this lost in the last quarter (the highest financial loss since records began)¹. This is despite significant efforts from law enforcement, government, consumer organisations and the private sector. The volume of scams and fraud reports increased by 32% from the prior quarter, with $4.8m being lost to unauthorised money transfers alone.

Many scams may go unreported due to the sense of embarrassment that may be felt by victims. While individuals may now be more switched on to look out for phishing, romance scams and fake lottery wins, it seems we have not been so savvy with regards to purchasing goods online. In Q3 2022, Certnz received the highest number of scam and fraud reports related to buying, selling, and donating goods online. There has been an increase in websites imitating well-known brands who then either don’t deliver goods or deliver an inferior product. We have seen that scammers often use tactics to instill a sense of fear and urgency that mean individuals and businesses may not take the time to think and look out for red flags before responding.

What should New Zealand’s scam response look like?

While much of the UK’s approach has merit, there are strong benefits to New Zealand forging its own path with a balanced compensation, prevention and response model that is fair on all parties. Elements to consider include:

• A level of consumer responsibility – The problem with a ‘no-questions’ compensation model is that it can remove any incentive for customer vigilance and places responsibility on banks for consumer actions out of an institution’s reasonable control. Cases have already emerged where consumers are instructing the movement of their funds, due to scams that originate outside of the banking system. Despite repeated warnings from the bank that a payment is suspicious, consumers authorise fund transfers anyway in the knowledge that they will be reimbursed if it is a scam. It seems fair in these cases that the consumer should bear the consequences of lost funds, which would serve to create an incentive to remain vigilant and complete their own due diligence as to where their money is going. Banks certainly have a role to play in protecting consumer funds through customer education and proactively identifying fraud or scams. Where controls fail, banks should rightly be held accountable financially. However, the potential outcomes from any compensation model need to be considered carefully. We need to agree what consumers can expect in terms of protection from scams, but also articulate the limits of this protection so consumers retain responsibility for their actions and are incentivised to remain vigilant.
• An ecosystem approach – Banks should not be the only organisations carrying the burden of consumer protection. Other financial institutions, telcos, digital platforms and messaging services, social media companies and payments system providers also have a role to play in increasing their vigilance and controls to prevent and detect scams. This should include collaborating in sharing information and coordinating community responses as well as establishing a central point to collate information on scams, enabling data-driven analysis of scam activity that can be used to further inform New Zealand’s response to this challenge. While many individual organisations collect scam information, there are too many siloed sources making it difficult to get accurate aggregate information. New Zealand needs a single repository for data sharing across the ecosystem, like Scamwatch⁸ , that participants should be compelled to use. We should also take a more efficient, ecosystem-wide approach to consumer education. The focus should be on guiding customers to more secure channels for payments and improving awareness of the latest scamming trends. The delivery mechanism will also require thought, with a focus on reaching the most vulnerable customers, especially the elderly, who can be missed by digital education campaigns.
• Stronger payment controls – New Zealand needs to follow international peers in driving multi-factor authentication for payments and broader consumer adoption of PayID. The UK has already introduced a payee confirmation system where banks are required to confirm both name and account number before a new payee can be registered. Meanwhile, the Monetary Authority of Singapore has mandated a two-factor authentication process for banks and has a well-established process for banks to complete screening of unusual transaction activity and delays for payments where the recipient is a new third-party payee. These types of controls are effective to some degree in reducing scams but also introduce friction into the system of efficient payments, which can throttle innovation. Further controls such as delaying payments to high-risk destinations where scam proceeds are commonly transferred (e.g., crypto exchanges) would slow the system further.
• Hybrid investigation capabilities – Banks typically have segregated investigation capabilities for fraud, anti-money laundering transaction monitoring and financial intelligence analysts. Synergies between these teams and the data and systems they use to conduct investigations should be explored to improve customer outcomes. Banks also need to develop mechanisms to effectively use information obtained through investigations to inform their efforts around prevention and detection, as well as to inform and cooperate with law enforcement to ultimately capture and punish fraudsters.

There is no silver bullet to solve the problem created by scams, but we cannot continue as is. New Zealand has an opportunity to plot its own path to address these issues and engage all parties in a focused effort to protect our economy and society from scammers.