Lisa Dowie, Chief Customer Officer at PEXA, discusses cyber security risks in the property industry and how PEXA is calling upon the industry to be more cyber-aware following the revelation of two cases of fraud where criminals broke into members’ email accounts.
 |
Understanding cyber-security risk in the property industry
As our digital world expands, so too will our cyber-security risk. In 2017, ABC News reported a 30 per cent rise in cybercrime, with small businesses as ideal targets for email scams. A year later, the Office of the Australian Information Commissioner reported that there were 55 Notifiable Data Breaches in May alone, which is approximately 2.4 breaches per working day. Home Affairs Minister Peter Dutton estimates that cybercrime costs Australians upwards of $1B per year.
As Australia’s property industry moves towards a digital future, has it invited increased risk in cyber-security?
Cyber-risk in the property industry
The internet was first brought to life in the late 1960s and began to look very much like what we have today from the 1990s. The evolution of emails followed a similar path, where in the 1990s, web based emails such as Hotmail were formed. Since then, the internet has invaded our way of life and businesses and emails have become a part of our everyday communication.
So, it wouldn’t be surprising to know that email scams are not new in the property industry and have long existed in the paper world. Last year, in Western Australia, it was reported that an elderly lady suffered a significant financial loss when hackers intercepted an email from a conveyancer, providing fraudulent bank details.
In October 2017, two South Australian property buyers were defrauded of close to $1M by scammers posing as conveyancers, using false email details. In December of the same year, at least two Queensland law firms lost several millions to hackers in what was perpetrated as a ‘highly sophisticated’ email scam.
The list goes on.
Some of the reported incidents over the last 10-15 years include title fraud, stolen identities, falsified bank cheques and trust account fraud.
It’s difficult to estimate the extent of cyber-fraud in the industry as most scams go unreported.
Is e-Conveyancing riskier business?
As the industry transitions towards a 100% e-Conveyancing process, there are heightened concerns of cyber-risk. But is going digital truly riskier?
Martin Hoffman, Secretary, Department of Finance, Services and Innovation stated recently that since 2013 the NSW Registrar General has paid out $2.1M for errors in paper transactions and $7.3M for fraud. In the same period, not one single payment has been made on any electronic lodgements.
Since its inception eight years ago, PEXA, Australia’s e-Conveyancing platform has processed close to 1.3M transactions with a total settlement value of over $165B. Recently however, the company revealed two instances of fraud, where criminals, through gaining access to their members’ email accounts, managed to create fictitious users on the platform and change financial line items in a Workspace[i]. They then waited for the inevitable.
Establishing fictitious users and changing financial line items in itself is not a successful heist. To allow the transaction to proceed, members with the relevant authority must digitally sign-off the transaction with their bespoke digital signing token and PIN, confirming prior to signing that the information is as expected.
As strong as the weakest link
It would appear in the two fraud instances that the necessary checks and balances were not followed, and although a majority of the monies have since been recovered, further steps needed to be taken to safeguard the users of the platform.
Since then, PEXA, together with Ping Identity, have introduced PingID multi-factor authentication to log into the platform. Apart from that, the company has adapted the platform to deliver more information to members, such as Workspace time stamps – providing details on when it was last updated. This, however, will not be the end of cyber-fraud attempts.
Industry wide awareness
Industry players such as Law Society, Victorian Legal Services, Real Estate Institute of South Australia, Queensland Law Society are just some of the bodies that have routinely highlighted the need to be cyber aware to their members.
Cyber-security is everyone’s concern. As property is a $8.5 trillion asset class[ii], it will continue to attract unwanted attention. Generally, the more connected our lives get, the more avenues there are for fraudsters to commit cyber-crime. Mankind has and will continue to benefit from advancement in technology. We all just need to be more cyber aware.
Lisa Dowie joined PEXA in November 2012 and has held senior positions in Technology and Operations. She represents the interests of lawyers and conveyancers across Australia, assisting the market’s transition to the digital era of property settlement. Guidance is provided through the PEXA Direct program, with a national team of specialists visiting the offices of lawyers and conveyancers to offer hands-on training. Lisa has extensive experience in leading transformation, stakeholder management and operational excellence. As a senior leader in the financial and information technology industries, Lisa has successfully delivered large-scale change, driving a superior customer experience. Contact Lisa at practitioner@pexa.com.au
[i] A Workspace is a shared area in PEXA where members prepare property instruments and settlement documents for a property exchange transaction to effect lodgement and or settlement.
[ii] Housing Market and Economic Update, CoreLogic (March 2018)
