Australia's scam prevention law aims for AUD $50m fines

Today

The Australian government has introduced a new Scam Prevention Framework aimed at compelling banks, telecommunications companies, and social media platforms to take active steps to combat scams.

The legislation mandates that these sectors take reasonable actions to prevent, detect, disrupt, respond to, and report scams. Failure to adhere to the requirements could result in fines of up to AUD $50 million.

Adrian Covich, Senior Director of Systems Engineering for Proofpoint in Asia Pacific and Japan, remarked, "The Scam Prevention Framework represents a great step forward for Australian consumers while serving as a critical reminder to key sectors from banks, telcos to social media platforms to take accountability for protecting the Australians. This world-leading legislation constitutes a significant move towards the Australian Government's vision of becoming a world leader in cyber security by 2030."

The complexity of the Australian cyber security landscape has increased, with new threat actors and AI-based technologies making scams harder to detect. Covich emphasised the importance of education in this context, stating, "As the Australian cyber security landscape has become increasingly complex with new threat actors and AI-based technology, scams are becoming much trickier to spot. While the key here will be educating customers and users, the burden for scam prevention can no longer be placed solely on them."

Recent figures from the Australian Competition and Consumer Commission (ACCC) highlight the severity of the issue, as Australians have made over 601,000 scam reports in 2023, marking an 18.5 per cent rise compared to 2022. According to Covich, "Online and social media scams are a significant part of this, representing 17,542 of all scam reports in 2023. Text and phone scams were even higher, comprising of 165,033 of all reports last year. Banks are also unsurprisingly one of the most targeted industries for cybercrime due to the high amounts of sensitive information they hold."

Covich also pointed out the necessity of post-scam support and education. "While the framework promises clearer compensation pathways, details remain crucial, especially regarding post-scam actions for victims. Educating customers and users about what to do after they think they have been scammed should be included alongside prevention information strategies. Banks and telcos have made good progress in this area but adopting a human-centric security strategy that protects people across all communication channels before attacks occur will be crucial to forming a united defence against potential scammers."

The framework aims to foster a collaborative approach to addressing scams by creating a coordinated intelligence-sharing ecosystem. As noted by Covich, "The legislation also welcomes a more collaborative approach to tackling scams with the coordinated intelligence-sharing ecosystem a critical component to this. However, its success depends on establishing clear protocols for data sharing, ensuring privacy protections, and fostering real-time collaboration between industry and government agencies."

Share on: