Zoe McKenzie (Flinders, Liberal Party) Share this | Hansard source

I rise to speak on the Scams Prevention Framework Bill 2024. This is an imperfect bill and purports to fulfil a Labor election promise that is now three years old on the shelf. It seems quite odd that we should be considering this bill on the eve of the 2025 election and that, yet again, this parliament should be subjected to legislation with which no-one is particularly happy, with so many stakeholder groups expressing concern about the framework contained in the bill. But, as we have heard from so many contributors in this debate before me, Australia is known as a scammers' honey pot, easy for the taking and light on regulation at a time when, as we have vastly digitised our economy through the COVID period, digitally enabled scams have been exploding both in number and impact. This bill, at least, would institute a scams prevention framework, which would require regulated entities to take certain actions in relation to scams, including taking responsible steps to prevent, detect, report, disrupt and respond to scams relating to services which that entity provides.

Almost weekly, I hear from constituents in my electorate who have been scammed or near scammed. It's agony when they raise this issue with me. They tend to come feeling quite embarrassed—ashamed in some instances—and frustrated that there is no emergency button to press when it happens and that no-one seems to be accountable, least of all the scammers themselves, for this fraud and the crime affecting so many in our community. In 2023, the last available figures, almost $3 billion of Australian savings were lost as a result of over 600,000 scams made that year, which was an almost 20 per cent increase on the previous year's figures. That is an astonishing figure, and I can't help but wonder whether, if $3 billion worth of assets had been stolen from people's homes through breaking and entering, we would have doubled the police force. But, because so much of this scamming occurs in the digisphere, and in particular via unregulated internet platforms owned and based offshore, Australia has been slow to react.

For those who have been scammed, let me be clear that it is not your fault. The skills of scammers, their extraordinary customer service, leave our government institutions, our banks and our airlines in the dust. Their customer service is second to none, highly tailored to reassure and guide the elderly or the infirm in particular through a labyrinth of digital manipulation. Their interlocutors on the phone and their systems are much easier to navigate than the ones that the banks or the telco companies or the TV channels or the news websites give us. I know because this happened to my poor old mum 12 months ago. Poor old Mum is getting a bit of a shout-out this week; it's just as well she can't reprimand me for that anymore. She serves as a useful yardstick here because my mum was no dummy. She was a Fulbright scholar; the recipient of endless medical scholarships and fellowships; a trained cardiothoracic surgeon; and a lawyer, barrister and tribunal member—a genius.

A year ago, I flew overseas to South America for a short break, and when I landed I rang Mum to check in. I asked how she slept. 'Not well,' came the answer, 'because I got to bed so late after talking to Telstra.' 'Talking to Telstra?' I said. 'Yes. Apparently the Russians were trying to hack my devices, but it's okay because Telstra rang, and they talked me through the steps I needed to do to protect the system. It did take forever, though, and I only got to bed after 9 o'clock.' 'What time did they ring you, Mum?' 'About 7 pm.' 'Mum, Telstra doesn't ring after five. Did they put anything on your computer?' 'Yes, yes, they put all the things I need to be safe on it and on the iPad and the phone too, and I'm sure it was Telstra because it was an Australian voice'—Mum's from a different generation—'but it's all safe now.' Silence. 'Mum, it wasn't Telstra. I need you to ring the banks right now. You need to ask them to stop all transactions on all accounts, and you need to block your credit cards right now.'

Within minutes of hanging up on Mum, the scammers had set up a Gmail account which mirrored her longstanding Bigpond account so they could intercept all of her emails and fraudulently represent that they were her. Friends who ran to her side that day at dawn could see an overnight web history of people trying to break into bank accounts, iTunes accounts and online retail shopping platforms. By gift of my mother's age, she had never cached a password. The scammers got nothing, but it was a horrendous shock for her, and I had to sit up through many, many nights of that week—from the other side of the planet—talking her through the safety I had put in place around her and what to look out for in coming days in case there was something we had missed. I had friends confiscate and clean all her devices. I had to get her a backup phone. I put holds on all of her bank accounts and had friends walk around to her house with brown paper bags of cash while I digitally reimbursed them from the other side of the planet. At exactly the time she wanted to follow all my travels online, I left Mum in the digital dark. It was both cruel and heartbreaking.

When I expressed my dismay to a digitally clever friend about the timing—Mum had just come out of hospital—I was told, 'That's intentional.' The scammers take a read of which devices are drawing down overnight from the tower above the hospital so they know who's staying there for treatment rather than being there as a doctor or nurse. And then, when that device—that IP address—leaves the remit of the hospital tower, they get in contact with the number. There's nothing like new drugs, poor sleep and perhaps pain management to make you vulnerable to a scammer. I rang the hospital and suggested they advise their patients or their families to be particularly wary of scams when they leave the hospital's care. Even though Mum lost nothing in that scam, what endured for her was a morbid fear of technology—her questioning of herself every single time she was online. She lost all dexterity in internet banking. All trust in emails was gone. At the start, lest some form of spyware had been left on the devices, I banned all internet banking, and we would go into the branches together to manage her affairs. Thank God she still had branches to go into.

My mum's story is one of hundreds I could give you from my electorate. We are an older electorate—the fifth oldest in the country—which makes us prime targets for scammers impersonating trusted brands in particular: Telstra, Qantas, Woolworths, Medicare, Origin Energy and the ATO. In 2024, nearly 60,000 over-65s were scammed out of a total of $100 million, according to Scamwatch. There would be thousands more near misses like my mum with no financial loss but which come with a vast loss of confidence and capability in a rapidly digitising economy.

This is a really important issue for my community of Flinders. A year or so ago, I spoke to a Probus group at Main Ridge, and, while the topic of my conversation was meant to be about parenting and social media, it quickly became a conversation and a realisation for me that we really have failed to equip our senior citizens with the skills they need to do things digitally and the know-how for what they can trust online. While regulatory frameworks, like those contained in this bill, are important, human frameworks—customer-centric design thinking about the age and vulnerability of the customer demography—are just as important.

In May of last year, I hosted a seniors expo in my electorate, and one of the store holders was our community bank in Mount Martha, operated by Bendigo Bank. It is a much loved institution up and down the Mornington Peninsula and one which prides itself on face-to-face customer service for our community, especially in relation to scam recovery services. At the seniors expo, Bendigo Bank brought down its top brass in scamming class, and it shared three steps to mitigate the risk of scamming: stop—don't give money or personal information to anyone if you're in any way unsure; think—ask yourself, 'Could this message or call be a fake?'; and protect—act quickly if something feels wrong. The last step, act quickly, is vital. This is what I had to do through the night—in fact, over many nights—from Santiago in Chile to install protections around my mother's interests and, more importantly, to reassure her she was going to be okay.

Scams thrive because it is human to have inevitable lapses in judgement, and with each day our scammers get more sophisticated, such that even the most paranoid amongst us are at risk of being duped. I remember the first time I got one of those text messages from NAB. It came from NAB, the same NAB title that I got from every other communication from NAB in my iPhone. It told me I needed to ring the bank about a suspicious transaction on a mobile phone number. I thought, 'That's weird,' and I rang the bank on the normal number that I call them on, not the text, and was told: 'No. There are no odd transactions.' I screenshot the text and sent it to them.

The scammers' business model is vulnerability executed to perfection. They know when mums are busy picking up kids or dads might be trying to finish up a day's work on the tools before a long weekend. They text Nan on a public holiday, 'You forgot to pay your Origin bill.' No-one wants to pay the Origin bill late, and so you pay it, but you use the click-through because you're on the run, and it turns out you haven't paid the Origin bill at all.

As part of this debate, we must recognise that older Australians rely on an analogue interface. We used to call it going into the branch. Closing branches has a devastating effect on people's confidence that there will be help if something goes wrong. As I sat with Mum at Westpac or NAB, waiting to make a simple transaction in the few months after her scam exposure, I observed a myriad of people coming in in absolute desperation. They were up at the counter expressing their frustration, their confusion and their panic. They had no idea what happened, but they knew something bad had happened. A branch or a vigilant daughter—for those who don't have the latter, they still need the former.

Bendigo Bank—so loved in our community for their support of community sport, for their support of volunteer groups and, most recently, for their contribution of $600,000 to create a wellness centre at the Bays Hospital in Mornington, which I had the honour to open on Monday—has developed a big emphasis on face-to-face resolution as a way to make people feel more comfortable admitting they have been scammed. Not only does it more effectively help those generations who aren't digital natives, but it gives every human a sense of assurance that the problem can be solved then and there. In 2023, Bendigo Bank launched a face-to-face education approach to help its 2.5 million customers safely navigate digital banking. It's an innovation which other banks could and should follow.

When I have raised the issue of digital and scamming education with the big four banks on behalf of my consumers, they have been keen to tell me that such education is readily available online. I can only stress here as I have stressed in those meetings: you are missing the point, dear banks. Once you have been scammed or near scammed, the online world is one of fear and uncertainty. The way back is face-to-face communication. My community in the electorate of Flinders has benefited greatly from these sessions being run by local branches of the Bendigo Bank, and I really thank them for this and encourage them to keep up their great work.

The coalition has a record of advocating for sensible obligations on companies to stop scams. In his 2023 budget reply speech, our leader, Peter Dutton, committed that a coalition government would impose more onerous obligations on big digital companies to stop scams and financial fraud. The Australian Banking Association has, in the absence of concrete policy from government in this space until now, developed a Scam-Safe Accord, which seems to be the central policy glue committing all types of industries to work together in an ecosystem to mitigate against scams. We are yet to see if it will stem the scamming tide.

It nevertheless aligns with some of the recommendations that the coalition provided in its additional comments to the recent Joint Select Committee on Social Media and Australian Society report, namely that a shared responsibility for scams is the only way that customers will be protected through the entire supply chain of a digitally executed or induced fraud. In that report's additional comments, the coalition members argued that social media companies should be held liable for failing to remove and report links, tools and users who, through link-in-bio platforms, facilitate access to class 1 or class 2 material and indeed scam ads. At present, social media companies are making money out of advertising from regulated and restricted industries. They therefore have a vested interest in using data to exploit users for their clients. For these reasons, the coalition committee members in that report recommended that government mandate detailed annual reporting to the eSafety Commissioner on revenue from regulated and restricted industries.

In their evidence to the joint select committee, the International Justice Mission also identified that dating apps and websites play a significant role in romance scams and child sexual exploitation and called for those companies and social media platforms to collaborate closely to stem romance scamming. The coalition members of the social media committee argued in recommendation 13 that we should establish a joint standing committee on online safety, artificial intelligence and technology, tasked with investigating the strengths and weaknesses in Australia's regulatory system, legislative tools, industrial base and technological capabilities. As scammers get better at their craft using different platforms and methodologies, we must be ready to regulate to keep our citizens safe. This bill we're considering today constitutes a start, albeit a slow and unambitious start. It's perhaps one indicative of this entire government's approach to leading Australia but one which hopefully will, if nothing else, rob us of the title of global scams' honey pot.

(Quorum formed)

See this speech in context