Combatting scams: How global collaboration can make a difference

Technology is evolving at breakneck speed and so too are the tactics of online criminals. The Australian and global scam landscape is becoming increasingly sophisticated, driven by economic pressures and technological advancements. While these innovations bring numerous benefits, they also open new avenues for scammers who operate without regard for boundaries or regulations. To effectively combat this escalating threat, a unified global response is essential, one that transcends jurisdictional limitations and leverages our collective strengths.

BDO’s forensic services team has been diligently reviewing and reporting on the Australian scam environment through our Scam Culture Report series. Recently, we extended our analysis to include publicly available information from multiple countries to identify and understand the extent of global scam activity and defences.

Our findings reveal significant differences in scam impacts and reporting practices across various western countries, including Australia. While these differences are understandable, a broader collaborative approach to tackling scams, with alignment across countries in terms of reporting practices and definitions, will significantly strengthen global responses. The capability is present, but what is missing is a bilateral agreement and the will to implement it.

Our analysis indicates that leveraging regional strengths across borders offers numerous benefits to a wide range of stakeholders, including government and financial institutions. As part of our analysis, our team also made several broad recommendations to strengthen global action against scams. These recommendations include:

1. Establishing an agreed definition across borders that specifically defines scams: Significant differences remain in how countries define a scam versus a fraud, and reporting is based on that definition.
2. Establishing international forums for increased collaboration: Entities have the requisite data and a willingness to share within agreed privacy compliance parameters, but appropriate legislative and leadership support is currently lacking.
3. Fostering public-private partnerships: Business entities routinely operate across international boundaries, and governments can leverage and support this capability to facilitate the fight against scams.
4. Implementing and using technology for real-time information exchange: Together with the above, an intelligent technology-driven approach will fast-track an organisation's ability to detect and respond to scams.

Key report findings

Our comprehensive study on global scam impacts and reporting practices revealed a stark contrast between Australia and the UK. While Australia’s overall scam losses have trended downwards, the UK has experienced a dramatic increase in scam reporting. In 2023, the UK reported a loss of $33.48 AUD per capita, nearly double Australia’s $17.69 per capita.

This trend aligns with our latest Australian Scam Culture Report, which shows a decline in total dollars lost by Australians to scams since we began reporting in 2023. On average, Australia saw a 40 per cent decrease in total losses per scam from 2023 to 2024, indicating that Australia’s scam prevention measures are gaining traction.

Between 2020 and 2023, Australians reported just over one million scam instances to the Australian Competition and Consumer Commission (ACCC). In contrast, the UK reported over 12 million instances of scams to UK Finance during the same period. Despite this, the UK reported similar average losses per report each year, while Australia saw a peak in average losses per report in 2022, followed by a downward trend identified in 2023 and 2024. At this stage, the 2024 results demonstrate Australia is at the lowest average since 2020. This suggests that Australia’s scam reporting remains lower compared to the UK, and the effectiveness of Australia’s preventive measures may be improving.

Proactive initiatives led by the Australian Securities and Investments Commission (ASIC) and the National Anti-Scams Centre (NASC), together with high-profile media coverage of cyber breaches and scams, are likely contributing to increased public awareness and self-protection strategies in Australia.

In comparison, the UK’s Contingent Reimbursement Model (CRM), implemented in 2019, may be driving the increased scam reporting. The CRM provides a framework for financial institutions to handle Authorised Push Payment (APP) scams, where individuals are tricked into authorising payments. Since its introduction, the UK has reported a 90 per cent rise in APP scams, with 62 per cent of losses reimbursed in 2023. However, despite increased reporting, the overall financial impact on victims has only slightly improved, with our analysis suggesting that the CRM has not significantly reduced total scam losses in the UK.

Establishing an agreed scam definition globally

Understanding the impact of differing approaches to defining and reporting scams is crucial. Our analysis of publicly available data reveals that definitions of scams vary across countries and even among organisations, making direct comparisons challenging.

The key lies in how each country defines a ‘scam’.

In Australia, the Australian Competition and Consumer Commission (ACCC) reports on a wide range of scams and fraud types affecting both individuals and organisations. In contrast, the Australian Securities and Investments Commission’s (ASIC) recent ‘Report 761 Scam prevention, detection and response by the four major banks’ uses a much narrower definition. According to this report, scams are “situations where customers authorised the transaction by either making the transaction or aiding the scammer to make the transaction, including by providing multi-factor authentication passwords.”

The UK’s definition aligns more closely with ASIC’s than the ACCC’s. The UK considers scams to be situations where the victim initiates or facilitates the transaction, including under a false belief about where and to whom the funds are going, often referred to as Authorised Push Payment (APP) transactions. These varied definitions can significantly alter the reported results for each country.

Diverse approaches to combatting scams

Our analysis reveals that the diverse strategies employed by different countries to report and combat scams make global coordination a complex challenge. For instance, the UK emphasises public awareness campaigns, while Canada relies on broader regulatory frameworks, and the USA focuses on robust law enforcement actions.

This diversity highlights the complexity of the scam landscape but also highlights potential benefits of sharing best practices across borders. By examining the strengths and weaknesses of various approaches, we can identify key elements that contribute to success and inform the development of a unified and robust global strategy.

Can standardised reporting parameters help solve this challenge?

Our analysis shows that while ‘investment scams’ cause the highest losses per scam, the varying transaction types recorded and reported as scams in different countries can distort the results. For instance, Australia’s total loss per scam decreased by 40 per cent from 2023 to 2024, with the lowest average loss per report at $17.69 AUD. In contrast, the UK reported almost double this amount at $33.48 AUD. But can these figures be reliably compared?

A critical question arises: Do we need standardised reporting parameters and definitions across borders? Uniformity in reporting can facilitate better data sharing and analysis, enabling a more coordinated response to emerging threats. But what would it take to establish such standards, and who should lead this initiative? While the technology and capability to share data is already established, an agreed legislative governance framework is needed to mandate the requirement and protect compliant entities.

The challenges in establishing these standards are significant, but the potential benefits in terms of improved detection and prevention of scams are substantial. To measure and improve maturity in scam prevention, it is essential to establish a baseline level of reporting. Globally, there needs to be an agreed standardised definition of scams and reporting parameters to facilitate easier and more efficient data sharing and analysis.

The first examples of global collaboration are emerging

The recent Intel Loop initiative in Australia exemplifies the power of real-time data sharing. This initiative enables near real-time data exchange between participants about the latest tactics and tools used by scammers.

The partnership increases the capacity to disrupt and intercept scammer contact with victims and helps identify and take down scammer websites. ASIC is already becoming more proactive in this space. The National Anti-Scam Centre shares and receives intel, such as scam phone numbers, URLs, and bank accounts; core tools used by scammers. This means that whether a person reports a scam to a bank, a telco, or Scamwatch, the Intel Loop can prevent further harm to Australians.

Collaboration across the scam ecosystem is a critical weapon in the fight against scammers.

The Global Data Protection Regulation (GDPR) legislation is one example of collaborative leadership between jurisdictions to tackle a complex subject – data privacy. GDPR, which came into effect in 2018, outlines an agreed set of enforceable and uniform requirements for the governance and protection of the personal data across the European Union (EU) countries. Organisations with an established presence in the EU, offering goods or services to EU customers, or active in the EU, are held to GDPR requirements. This legislation was seen as a benchmark for collaboration across EU member countries, led by government and supported by business entities. Other Western countries are now slowly aligning with similar privacy legislation. Is there an opportunity for global organisations and governments to collaborate in a similar way to tackle scams?

BDO recommendations

No single entity or country can tackle this complex issue alone. Reliable monitoring and reporting on a global scale is essential to understanding how different approaches to scams are working and then using this information as the foundation of a responsive framework. By fostering increased collaboration, agreeing on a shared definition, standardising reporting and increasing education and awareness, we can build a more resilient multi-jurisdictional defence framework to combat scams.

BDO's forensic services experts offer a range of services to support organisations in effectively preventing, detecting and responding to suspicious activity. We also provide support in the assessment and embedding of governance and risk frameworks to retain value. Contact our forensic services team to learn more about how we can help you prevent, detect, and respond to risk in your organisation.