Latest news with #ThreatMetrix
The Age
19 hours ago
- Business
- The Age
‘Losses will continue to mount': Bank staff's security warnings before massive scam cost customers millions
Similar warnings were made repeatedly in the years to come, according to the ASIC statement of claim filed to the federal court. '[C]urrently, HSBC do not have the capability to stop an online transfer of funds from one bank account to another,' said another presentation given in October 2022 to HSBC's Australian wealth and personal banking fraud steering committee. By July 2023, the court documents show that Matthew Hannan, HSBC Australia's head of fraud management, was making a 'special' presentation about an 'HSBC impersonation scam' in which he had said that 50 customers had lost money in the emerging scam, sometimes after receiving text messages that tricked them into sharing personal information. In September the same year, a slide pack for an HSBC Australia committee meeting discussing impersonation scams said that 'current limitations on desktop banking monitoring and real-time interception are impacting our ability to disrupt and prevent these attacks'. ASIC alleges that HSBC Australia didn't implement adequate real-time fraud payment monitoring, including capabilities to detect and block suspicious activity, across both mobile and online banking until about May 2024, at the tail end of the swindle. The corporate regulator also highlighted other alleged security deficiencies, claiming HSBC did not implement a digital fraud behavioral biometric system called BioCatch, and digital fraud device identification capabilities, via ThreatMetrix, for online banking until June 2024. In January 2022, the minutes of one of the bank's fraud steering committee meetings noted that 'losses resulting from these scam cases and determinations would likely have been avoided with BioCatch/ThreatMetrix implementation for transactional monitoring'. In December 2023, as the reports from the impersonation scam mounted, another internal presentation warned that until these systems were implemented for online banking, the fraud team 'cannot disrupt scams, and losses will continue to mount'. HSBC Australia customers lost $18 million via impersonation scams in the 2023 financial year, and $24 million in the first nine months of 2024, according to court documents. About 950 reports of unauthorised transactions were made to HSBC Australia between January 2020 to August last year. HSBC was due to file its defence in the case early last month, but failed to do so. At a hearing in May, Justice Elizabeth Bennett ordered the bank to provide a written explanation of their non-compliance. A solicitor acting for HSBC Australia earlier submitted that the bank had identified inaccuracies in data presented to the court that it needed to correct before it would be appropriate to file its defence. Asked about the repeated internal warnings of the bank's inability to halt suspicious transactions highlighted in ASIC's statement of claim, an HSBC spokesperson replied, 'as the matter is before the court, we are unable to comment'.
Sydney Morning Herald
19 hours ago
- Business
- Sydney Morning Herald
‘Losses will continue to mount': Bank staff's security warnings before massive scam cost customers millions
Similar warnings were made repeatedly in the years to come, according to the ASIC statement of claim filed to the federal court. '[C]urrently, HSBC do not have the capability to stop an online transfer of funds from one bank account to another,' said another presentation given in October 2022 to HSBC's Australian wealth and personal banking fraud steering committee. By July 2023, the court documents show that Matthew Hannan, HSBC Australia's head of fraud management, was making a 'special' presentation about an 'HSBC impersonation scam' in which he had said that 50 customers had lost money in the emerging scam, sometimes after receiving text messages that tricked them into sharing personal information. In September the same year, a slide pack for an HSBC Australia committee meeting discussing impersonation scams said that 'current limitations on desktop banking monitoring and real-time interception are impacting our ability to disrupt and prevent these attacks'. ASIC alleges that HSBC Australia didn't implement adequate real-time fraud payment monitoring, including capabilities to detect and block suspicious activity, across both mobile and online banking until about May 2024, at the tail end of the swindle. The corporate regulator also highlighted other alleged security deficiencies, claiming HSBC did not implement a digital fraud behavioral biometric system called BioCatch, and digital fraud device identification capabilities, via ThreatMetrix, for online banking until June 2024. In January 2022, the minutes of one of the bank's fraud steering committee meetings noted that 'losses resulting from these scam cases and determinations would likely have been avoided with BioCatch/ThreatMetrix implementation for transactional monitoring'. In December 2023, as the reports from the impersonation scam mounted, another internal presentation warned that until these systems were implemented for online banking, the fraud team 'cannot disrupt scams, and losses will continue to mount'. HSBC Australia customers lost $18 million via impersonation scams in the 2023 financial year, and $24 million in the first nine months of 2024, according to court documents. About 950 reports of unauthorised transactions were made to HSBC Australia between January 2020 to August last year. HSBC was due to file its defence in the case early last month, but failed to do so. At a hearing in May, Justice Elizabeth Bennett ordered the bank to provide a written explanation of their non-compliance. A solicitor acting for HSBC Australia earlier submitted that the bank had identified inaccuracies in data presented to the court that it needed to correct before it would be appropriate to file its defence. Asked about the repeated internal warnings of the bank's inability to halt suspicious transactions highlighted in ASIC's statement of claim, an HSBC spokesperson replied, 'as the matter is before the court, we are unable to comment'.
