Cyber Brief for CFOs: November / December 2024
All the news, tactics and scams for finance leaders to know for November / December 2024.
No matter how many times regulators or scam victims call on Australian banks to guarantee Electronic Funds Transfer (EFT) payments, nothing seems to change. The banks remain steadfast in their opposition to providing any sort of guarantee, let alone refund, whenever an EFT payment is sent to the wrong bank account.
Like it or not, this situation is unlikely to change in the foreseeable future.
If, for whatever reason, incorrect bank details are used to process electronic payments, liability rests solely with the entity sending the payment. The bank assumes no liability whatsoever.
Whether incorrect bank details are entered due to fraud or simple human error, the fact remains that banks are under no obligation to refund a misdirected payment. Put simply, when processing an EFT payment, you’d better make sure you’ve entered the correct information – because if you transfer funds to an incorrect bank account, you’re unlikely to ever see those funds again!
All this begs the question – why don’t the banks guarantee EFT payments and refund the sender?
After all, when other payment methods, such as credit cards, are compromised by scammers, you are able to get reimbursed. So, why is the situation different when it comes to wire transfers?
Whenever a credit card is used to make a purchase, the card issuer, such as Visa or MasterCard, doesn’t immediately pass all the funds on to the merchant. They retain a portion of the funds, known as a “rolling reserve,” for several months. If the transaction is found to be unauthorised, they use the “rolling reserve” money to refund the card holder.
No such system exists for EFT payments.
When you process an EFT payment, the money gets sent to the beneficiary in full, usually within one business day. There is no “rolling reserve” that can be used to refund an unauthorised or misdirected EFT payment.
It’s not simply a case that the banks don’t want to guarantee EFT payments.
You could argue that misdirected payments actually cause the banks a lot of bad publicity. Were the banks able to refund misdirected payments, they would probably avoid a great deal of criticism and bad press.
However, things are not so simple for the banks.
There are a number of over-riding reasons that explain why the banks simply do not have the ability to guarantee EFT payments:
To guarantee EFT payments, the banks would need to be able to name check every transaction before it is processed.
In practice, this would require a bank to verify that every beneficiary Account Name being entered aligns with the beneficiary’s BSB and Account Number each time one of their customers processes an EFT payment. Carrying out name checks for every transaction is logistically impossible due to the fact their customers are sending funds to a wide range of other financial institutions.
To name check every EFT payment, each bank would need to share their entire customer database with all other financial institutions. Needless to say, banks are not exactly enthusiastic about the prospect of sharing their entire customer databases with their competitors. For commercial reasons, banks prefer not to disclose all their customer information to their competitors. After all, this would provide other banks with the information they need to try and poach away valuable customers.
Apart from commercial considerations, banks are also restricted from sharing customer data due to privacy regulations.
Australian banks must adhere to the Australian Privacy Act, which regulates how organisations handle personally identifiable information, or PII. Customer data, including bank account details, can be used to identify individuals. This means that organisations that are custodians of such data are restricted from sharing it with other organisations without the consent of the individual.
Takes I win. Heads you lose.
This sums up what Moral Hazard is all about. It’s a situation in which someone can behave in a risky manner, without ever needing to pay the price for taking those risks. If the risky behaviour results in a negative outcome, someone else ends up paying the price.
If there’s one thing banks are experts in, it is risk. They understand what it takes to minimise their exposure to risk. The banks understand that if they assumed liability for misdirected EFT payments, those sending funds would be less likely to carefully scrutinise the payment information. After all, the payer would know that if the funds ended up in the wrong person’s account, their bank would simply refund them.
Banks want to ensure payers carefully verify all payment details before they process funds. Any bank guarantees would likely lead to payers becoming less risk-averse, thereby increasing the bank’s risk exposure.
With the banks unable to guarantee EFT payments, the onus is on you to ensure your funds are never misdirected. That means you need to prioritise preventive measures that ensure you only transfer funds to the intended recipient.
Thankfully, Eftsure is here to help you!
With Eftsure sitting on top of your existing accounting processes, all your outgoing payments will be cross-matched in real-time against our proprietary database. This helps ensure that the payment details you are using are accurate.
With Eftsure, you don’t need the banks to guarantee your EFT payments, because you prevent the risk of sending funds to an incorrect beneficiary, whether due to error or fraud.
Speak with us today for a full demo of how Eftsure can help protect your organisation.
All the news, tactics and scams for finance leaders to know for November / December 2024.
Each month, the team at Eftsure monitors the headlines for the latest accounts payable (AP) and security news. We bring you all …
Discover key insights from the OAIC report on data breaches, including the impact of human error and strategies for CFOs to protect their organisations.
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.