Australia’s banking industry is evolving as financial institutions and regulators team up to combat a growing amount of scams and fraud. The introduced Scam Safe Accord, backed by the Australian Banking Association (ABA) and the Customer Owned Banking Association (COBA), is set to redefine security standards. At its core, the accord emphasizes biometric authentication and stronger Know-Your-Customer (KYC) measures to protect customers.

In this blog, we’ll answer the following questions:

• Why are Australian banks collaborating for fraud prevention?
• What are the current trends in financial cyber security?
• What are the Scam Safe Accord’s six main initiatives?
• What’s the current state of implementation of the scam safe report?

We’ll also show how modern authentication solutions - like those offered by Corbado - can help banks fulfill the accord’s requirements and stay one step ahead of increasingly sophisticated scammers.

Let’s start by first looking for the underlying reasons why Australia came up with the Scam Safe Accord in the first place.

Not only in Australia but all around the world the high rate of smartphone adoption and digital engagement has led to a boom in mobile transactions. As a result, everyday financial activities - from paying bills to transferring funds - have migrated online. In parallel, biometric methods for identity verification and authentication, such as face and fingerprint recognition, have seen wide acceptance (especially since Apple introduced Touch ID in 2013. In late 2021, research showed that three in four Australians preferred using facial biometrics for authentication, underscoring the public’s openness to advanced security features, which are also more convenient than other authentication methods, such as TOTPs.

While technology has made life simpler, it has also opened the door for sophisticated scams. During 2022, Australian bank customers lost a record $3.1 billion to fraudulent schemes - a staggering 80% increase compared to the previous year. These schemes typically rely on social engineering tactics, such as impersonating trusted entities or tricking victims through phishing and remote access. Notably, the most common payment channel exploited is traditional bank transfers, accounting for about 13,000 reported incidents and over $200 million in losses in 2022 alone.

Moreover, there have been numerous data breaches in Australia in recent years, such as the one at Medibank.

The alarming rise in scam-related losses could no longer be brushed off. Authorities, banks, and consumer advocacy groups all recognized the need for an industry-wide strategy. As Stephen Jones, Australia’s Assistant Treasurer and Minister for Financial Services, remarked: “Australians finally have a government that is fighting back against scams after being left to fend for themselves for years.” This sentiment underscores the collaborative spirit driving the Scam Safe Accord.

The Australian Government also acknowledges this problem and wants to target it head on: The vision is to be the leading cyber security nation until 2030. In order to do so the government keeps releasing regulations that benefit the security landscape (e.g. Cyber Security Bill 2024, Essential Eight Framework, FSC Standard No. 29)

Introduced in November 2023 by the ABA and COBA, the Scam Safe Accord sets out clear, stringent guidelines to be adopted by all participating financial institutions - ranging from major commercial banks to credit unions, building societies, and mutual banks. The Accord is built around six key initiatives, each addressing a different weak point in current anti-scam efforts.

By establishing a unified response, the accord aims to push back against social engineering, phishing, and other methods criminals use to dupe unsuspecting victims.

Let’s analyze these six key initiatives in the following.

Each of the Accord’s six components serves to protect Australia’s banking ecosystem against scam threats. Here’s how these initiatives reshape the industry:

• What It Is: A system that compares the payee’s name and account details before a transfer is completed.
• Why It Matters: Customers can verify they’re sending funds to the intended individual or business, reducing mistaken or fraudulent transfers.

Rollout is scheduled between 2024 and 2025, as banks coordinate technology development and interoperability.

• What It Is: Until the end of 2024, major banks implemented biometric checks (facial, fingerprint, or behavioral analytics) for new accounts opened online.
• Why It Matters: Strengthening the onboarding process helps ensure that fraudsters cannot assume stolen identities to open bank accounts.

These measures align with KYC requirements, reinforcing the broader push toward rigorous identity verification.

• What It Is: Whenever customers add new payees or request higher transaction limits, banks will issue warnings, ask clarifying questions, and may delay transfers.
• Why It Matters: This creates a safeguard against impulsive or fraudulent transactions. It also grants banks time to flag suspicious activity.

• What It Is: All ABA and COBA members joined the Australian Financial Crimes Exchange (AFCX) and will join the Fraud Reporting Exchange (FRX) until the end of 2025 where they share real-time or near real-time reporting, analysis, and dissemination data of financial crime
• Why It Matters: Sharing real-time scam data across all financial institutions allows for quicker identification of fraud patterns and faster recovery of stolen funds.

This community-based approach helps banks work together, rather than in isolation, to dismantle scam networks.

• What It Is: Banks will make risk-based decisions to prohibit or curb transfers through suspicious channels - particularly certain cryptocurrency platforms used for money laundering.
• Why It Matters: Once scammers move money into high-risk channels, it becomes very hard to trace and recover. Blocking these channels can strongly discourage fraud.

Customers may face additional scrutiny or limitations when transacting through channels with elevated scam risks.

• What It Is: A formalized plan that each Australian bank must adopt to boost oversight, detection, and response protocols for scam-related activities.
• Why It Matters: Ensures every financial institution meets consistent anti-fraud standards, fostering industry-wide accountability.

The accord symbolizes a shared commitment among banks to prioritize consumer protection. For years, Australian bank customers bore the burden of guarding themselves against increasingly cunning scams. Customers also shared problems with phishing and impersonation scams on socials on a daily basis. Now, with clearly defined measures, mandatory intelligence sharing, and advanced verification, the financial sector is taking a unified stand against fraudsters.

Moreover, the accord underscores Australia’s position as a global leader in adopting digital solutions and becoming the Top 1 cyber security nation.

NAB highlights its commitment to fighting scams through ongoing investments and initiatives, including a new confirmation of payee system and measures like removing links from text messages and introducing payment alerts. From 2022-2024, these efforts have helped prevent or recover over $200 million in scam losses. NAB stresses the need for a coordinated national response to further protect Australians.

CBA is enhancing anti-scam efforts by expanding its NameCheck technology to other banks, helping prevent millions in scam-related losses. It has also partnered with Telstra to roll out Scam Indicator technology to detect phone scams and introduced CallerCheck for in-app caller verification. Additionally, CBA has implemented payment controls on cryptocurrency exchanges, including holds, declines, and limits.

Westpac highlighted key updates on the Scam-Safe Accord, including biometric checks for secure onboarding, a $100 million investment in a Confirmation of Payee (CoP) system to verify payment recipients, and expanded intelligence-sharing across banks. With Australians losing $2.74 billion to scams in 2023, these measures, rolling out through 2025, aim to block fraud at critical points and adapt to evolving scam tactics.

ANZ also partners in this initiative, however specific actions are not publicly available. There's only a general scams and fraud page on their website.

Due to the push to meet the Scam Safe Accord’s guidelines, banks and financial organizations will be looking for comprehensive, modern authentication solutions. Corbado offers an advanced approach in the authentication space with phishing-resistant passkeys developed by the FIDO Alliance:

Passkeys are inherently resistant to phishing attacks. Unlike traditional passwords, passkeys are domain-specific and can only be used on the legitimate websites or apps they were created for. This means that even if a user is tricked into visiting a malicious website, their passkey cannot be used to authenticate on that site, significantly reducing the risk of credential theft and scams through phishing attempts.

Since passkeys use public-key cryptography, only the public key is stored on the server. Even if a server is compromised, the stolen public keys are useless without the corresponding private keys, which remain securely stored on the user's device (in the hardware security module).

Passkeys eliminate the risks associated with weak or reused passwords, as each passkey is unique, complex, and automatically generated. This prevents credential stuffing attacks and removes the vulnerability of using the same password across multiple accounts.

Australia’s Scam Safe Accord marks a monumental step forward in combating fraud and safeguarding online transactions. With the start into 2025, banks across the country will be expected to implement new systems, strengthen identity checks, and foster information sharing like never before. Although the scale of these changes may seem daunting, they present a valuable opportunity for financial institutions to bolster customer trust and outpace cybercriminals.

For banks seeking to stay ahead of the curve, security solutions like Corbado’s passkey solution for large-scale applications can prove invaluable. Not only does this technology simplify compliance with the accord’s stringent demands, but it also ushers in a higher standard of digital safety - one that Australian consumers have long deserved.