The government’s Scams Prevention Framework Draft Legislation sets out new, stringent rules for businesses across various sectors to prevent, detect, report, and disrupt scams. While it initially targets banks, telecommunications providers, and digital communication platforms, given the framework’s focus on protecting consumers in high-risk sectors that have digital payments, it is likely to expand to include e-commerce businesses and fintech startups. Ahead of the changes, Chris Dahl, CEO of Pin Payments shares how you can get up to code.

If your small business handles financial transactions or customer data, now is the time to reassess your cybersecurity protocols to protect your customers and prepare for potential inclusion in the scams prevention regulatory framework

So, here are five steps to protect your business and ensure you’re prepared for evolving scam-prevention measures.

1. Maintain a proactive approach to scam prevention

The new framework mandates businesses to take reasonable steps to prevent scams. This isn’t just a one-time fix, your SME must adopt a proactive approach to identifying and addressing scam risks continuously. While your business may not yet fall under the new Code, the emphasis on prevention means it’s critical to implement fraud detection systems now, such as real-time monitoring and customer verification processes, to prevent scammers from exploiting your business. In 2023, the Australian Competition and Consumer Commission (ACCC) reported that scammers stole over $3 billion from Australians, with business email compromise, also known as payment redirection scams, contributing heavily to these losses. Not to mention, losses relating to business scams increased by 73 percent for Australian businesses, reaching $23.2 million in 2022. Given the increasing sophistication of scams, businesses lacking robust cybersecurity measures are at a high risk of being targeted by cybercriminals.

2. Create a strategic anti-scam framework

The Scams Prevention Framework requires businesses to have comprehensive governance policies and metrics to fight scams. With this in mind, startups and SMEs should establish clear governance structures and consistently review their risk management processes to stay ahead of potential threats. This should include reporting mechanisms for actionable scam intelligence, specific, credible information that allows businesses or regulators to take immediate action to prevent or respond to scams.

Ultimately, crafting a comprehensive crisis response plan will help your business to have a strategic approach to breaches. While the legislation is still in draft, getting ahead of these requirements will give your business a head start in compliance and safeguarding customer trust.

3. Allocate resources for risk management and scam detection

Under the draft legislation, failing to implement reasonable scam detection steps can result in civil penalties. Although the new legislation doesn’t yet apply to most small businesses, ASIC advises that SMEs should adopt a proactive and continuously evolving approach to addressing cyber threats to stay ahead of emerging risks. If you haven’t already, allocate dedicated resources to develop scam detection protocols and train staff to recognise scam attempts.

Investing in automated fraud detection and account protection tools, like Kount, Sift, or NoFraud, can help businesses and ecommerce platforms significantly reduce the risk of a breach. E-commerce businesses and fintech startups should also check and strengthen their third party risk management practices.

4. Strengthen your cyber security leadership team

The legislation puts a spotlight on corporate governance. Senior management or business founders should ensure that adequate anti-scam measures are in place and are regularly reviewed. If the Code does extend to include ecommerce and other businesses, annual certification of your business’s compliance with the Code’s principles will be required, including publishing details of how your business protects its consumers from scams. This presents an opportunity for SMEs to demonstrate leadership in scam prevention, which can be an asset to building trust with customers and stakeholders.

5. Prepare for the future

Although the initial round of regulation focuses on specific sectors, e-commerce platforms, fintech companies, and other digital businesses are likely to be brought under the framework soon. Fines for non-compliance can be significant, with the draft framework outlining civil penalties for failing to detect or report scams, or for inadequate governance. Preparing for future regulatory obligations now, by setting up compliant systems, scam detection measures, and reporting processes, will put your business in a strong position for future compliance and protect your business against scams.

Future-proof your business to be scam-safe and code ready

Here’s how you can start preparing your business to be scam-safe and future-ready for compliance.

• Create a fraud prevention plan: Tailor a plan that addresses scam risks specific to your industry.
• Invest in detection tools: Use automated systems to flag suspicious activities and transactions.
• Train your staff: Equip your employees with the knowledge to identify potential scams and take immediate action.
• Implement strong reporting processes: Establish a clear process for reporting scams to both regulators and consumers.
• Engage in information sharing: Collaborate with other businesses and regulators to share scam intelligence and prevent further harm.

Want more? Get our newsletter delivered straight to your inbox! Follow Kochie’s Business Builders on Facebook, Twitter, Instagram, and LinkedIn.