Mortgage brokers were put on notice this week about the risk of financial crime, with government agency AUSTRAC raising the general risk level to ‘high’ and citing the broker channel specifically as a potential point of access for fraudsters.
AUSTRAC named brokers and the big banks as the part of the Australian economy most likely to be targeted by fraud, and according to one expert on financial security, it is encumbent on brokers to protect their lender partners and, more importantly, their customers.
Mark Perry, chief customer officer at Biza.io, is a leading expert on financial security and, in particular the way that Open Banking is revolutionising the way that banks and brokers can thwart fraud.
He told Australian Broker that this was a crucial point for brokers to start taking financial crime more seriously.
“It seems in the information security side of IT, that we continually repeat ourselves about the risks and the potential solutions for this type of fraud that is happening,” he said.
“AUSTRAC has identified that domestic banks, the Big Four, and the smaller banks, are at a high vulnerability of seeing fraud. A lot of that has the potential for mortgage brokers to be involved, or mortgage brokers systems.”
“We have seen instances in the past where, during conveyancing, there has been major fraud. The fact is that, for most people, selling or buying a house is going to be the most money that they will ever transact in their lifetimes. This makes it a very juicy target for fraudsters.”
“The other piece around that is that, while banks generally have good security and are well staffed, well resourced and have the latest technology available, mortgage brokers may not be at that same level of security.”
“They can, in fact, be a weak link in the chain when it comes to this type of fraud. That could be as simple as accessing systems using username and password and seeing phishing attacking to get those credentials, which let the fraudsters in.”
“We see other instances where two-factor authentication has been brought in on some channels, which helps to improve security, but again, the useability of that can be quite difficult and it may or may not be the case for smaller organisations that they’re able to roll that out in a way that makes sense for them.”
“AUSTRAC is pointing out the high vulnerability and the high impact on the system for those vectors.”
Open Banking can help stop financial crime affecting brokers
Open Banking might be the solution that brokers and banks have been looking for.
“If we look at what is coming down the track with the Consumer Data Rights and Australia’s Open Banking regime, that will help to provide a level of security beyond that which is in place right now,” said Perry. “That’s where Biza has a part to play because of our capabilities in the Open Banking space.”
“Here’s an example: I want to buy a house, I go to a mortgage broker to get a loan and the broker asks me for pieces of information to identify myself: copies of my licence and passport, bills to prove my address and then financial data by photocopying or downloading statements from my bank, my credit card statements and other things that they need to make that loan decision.”
“At the moment, that is done by manual means by the customer. It’s quite onerous to go through this across several different bank accounts, and generally people are scanning that information off paper copies or downloading PDFs out of internet banking and then emailing it to the broker.”
“That information sits around in people’s email accounts – possibly forever, in the Sent box. On the broker side, they need to have very good document retention policies so that they are making sure that the information they receive is not sitting in their inbox forever as well, because one of the major vectors for fraudsters is to attack email accounts.”
“In some cases, that is quite easy to do via phishing, especially if two-factor authentication is not enabled on the account. The ability to have that treasure trove of data in one place is quite a juicy target for fraudsters.”
“One of the things that CDR and Open Banking provides is the ability to have an electronic connection between the data holder, in most cases the bank, and the data recipient, which in this case would be the mortgage broker, which allows the transfer of just the right amount of data consented by the customer for a specific period of time.”
“Once that data transfer has occurred, the customer can remove consent and then the mortgage broker must remove the data under the requirements of the data retention laws.”
“It becomes completely electronic, with no PDFs or paper copies being sent around, it’s all machine-to-machine and doesn’t go into an email inbox or system, and there are very strict laws governing how that information is retained and has to be removed.”
“It helps to really secure the transfer of data for a specific purpose, in this case, to initiate a loan. “
“The other piece, which is a little more technical but important to know, is that all of the security elements around the Open Banking transfer are very high grade. There’s been a lot of work done in the industry to make sure that it is the best possible security element, and it goes well beyond username and password to get access to data.”
“It adds additional levels of security around that transfer to help stop fraudsters getting in and fraudulently making themselves out to be a mortgage broker or a bank in this case.”
