Australia has become one of the most targeted markets for scams, and the policy response is accelerating. But there’s still a conceptual gap at the heart of how institutions design controls: we keep treating scams like fraud. That worked when losses were dominated by unauthorised card misuse. It breaks down in a world of authorised push payments, social engineering, and real-time rails.
The distinction is simple—and strategically decisive.
Fraud is unauthorised. Scams are authorised under deception.
That one line should reshape how banks, regulators, and technology providers design controls, allocate budgets, and measure success.
Two different problems hiding under one label
Fraud (unauthorised)
Fraud is a systems problem. The customer didn’t consent. The job is to detect and block bad transactions with high precision and low friction. Over the past decade, Australian banks have built strong capabilities here—rules engines, machine learning models, device intelligence, and real-time authorisation controls. Liability frameworks (schemes, merchant rules) are relatively well understood.
Scams (authorised under deception)
Scams are a human + journey problem. The customer authorises the payment because they’ve been manipulated—often over days or weeks. Traditional fraud controls see a “valid” payment and let it through. Stopping scams requires intervening in the decision moment, not just scoring the transaction.
This is why losses have shifted so sharply toward scams: the industry got good at fraud, but applied the same playbook to a different problem.
Australia’s direction of travel (and why it matters)
The policy stack is converging on three ideas:
- Shared responsibility across the ecosystem—banks, telcos, and platforms—coordinated via bodies like the National Anti-Scam Centre.
- Stronger consumer protection and enforcement led by the Australian Competition and Consumer Commission and Australian Securities and Investments Commission.
- Rising expectations on operational resilience and controls from Australian Prudential Regulation Authority, with industry coordination through Australian Payments Network.
Read together, the signal is clear: intervene earlier, share more data, and design for outcomes (reduced losses), not just compliance.
A fit-for-purpose Scam Prevention Framework
A modern framework isn’t a better fraud model; it’s a different operating model across five layers:
1) Prevent (upstream)
Stop scams reaching customers.
- Mule account detection and network analytics
- Payee verification (Confirmation of Payee–style checks)
- Telco/email intelligence and takedowns
- Shared threat intelligence
2) Detect (pre-transaction)
Identify risk before authorisation.
- Behavioural analytics (what’s unusual for this customer?)
- Context signals (new payee, urgency, coaching indicators)
- Decisioning engines that orchestrate next-best actions
3) Intervene (the critical moment)
Break the scam in real time.
- Dynamic friction (step-up checks, cooling-off for high-risk first payments)
- Contextual warnings (“This matches a known investment scam pattern”)
- Escalation paths (live chat/call for high-risk sessions)
4) Respond (containment)
Minimise loss once it happens.
- Rapid recall/freezing across banks on real-time rails
- Case management and coordinated response
5) Learn (feedback loop)
Continuously improve.
- Typology analysis and model updates
- Targeted customer education
- Regulatory reporting and ecosystem sharing
The shift is from transaction monitoring → customer decision intervention.
What changes for banks (and their partners)
- Design for behaviour, not just transactions
Measure and act on signals like coaching (scripted language), urgency, and first-time behaviours. Treat the payment journey as a decision journey. - Orchestrate, don’t just score
A high-risk score is not an outcome. The outcome is a changed decision. That requires orchestration—warnings, friction, and human support at the right moment. - Precision over volume
Blanket warnings are ignored. Interventions must be targeted, contextual, and explainable to be effective and regulator-friendly. - Ecosystem integration is table stakes
Telco signals, platform intelligence, and interbank coordination are not “nice to have.” They are core controls. - Align incentives with outcomes
As reimbursement expectations tighten, investment cases should be built on loss reduction and trust, not just compliance.
Where technology fits (and where it doesn’t)
Platforms – whether in-house or from vendors like Pegasystems, FICO – can power real-time decisioning and orchestration. But technology alone won’t solve scams. The edge comes from how you use it:
- Linking behavioural models to journey interventions
- Testing which messages and frictions actually change customer decisions
- Closing the loop from outcomes back into models and playbooks
The key takeaway
Boards should stop asking, “How good is our fraud detection?” and start asking:
- Where in the customer journey do scams succeed, and how do we intervene there?
- What percentage of high-risk sessions receive targeted, effective intervention?
- How quickly can we coordinate across banks to recover funds?
Australia has the ingredients—strong regulators, coordinated industry bodies, and an advanced payments infrastructure. The next step is conceptual discipline:
- Treat fraud as a detection-and-blocking problem.
- Treat scams as a behavioural intervention problem.
Institutions that make that shift will not only reduce losses—they’ll rebuild something harder to quantify and more valuable to keep customer trust.