In a much publicised story, a former Master Chef contestant lost $250,000 from the sale of her house in Victoria last month. The problem arose when her conveyancer's email account was hacked by a fraudster, who then used the account to transfer the funds to their own account. The property transfer was conducted via the new electronic property conveyancing system, PEXA.
Conveyancers, who handle the exchange of a property, say the PEXA system does not require additional subscribers using a conveyancer’s account to verify themselves or provide proof of identity. The hackers broke into the conveyancing firms' email accounts, accessed their mail from PEXA and set up new user accounts.
What is PEXA?
PEXA is a private company owned by State governments, the 5 major banks and a property developer. It conducts an electronic property conveyancing platform now widely used for property transfers.
It is set to become mandatory for all transfers in Victoria and NSW within the next 12 months.
In a perhaps unsurprising development, both the transacting bank and PEXA have told their clients that they are not responsible or liable for their loss. But in a de facto admission that their security systems are not sufficiently robust, PEXA announced within days of the publicising of the problem, that they are developing additional alerts and processes to enhance system security.
PEXA acting CEO James Ruddock said PEXA would introduce a number of changes to further enhance its security, including increased scanning measures to monitor password reset activity, new users and change of account details. PEXA has also announced that it will provide a “consumer guarantee for transactions conducted on our platform”, with more information to be released shortly.
It is also the case that banks should take more responsibility in identifying the real owners of bank accounts. For now there is no matching of consumer accounts with BSB and Account Nos.
Is more regulation required?
There’s not much borrowers and conveyancers can do to protect themselves when they use the PEXA platform, which is why some conveyancers are reticent to transfer funds through it electronically. Conveyancers can take out a cybercrime insurance policy, but no such cover exists for home buyers or sellers.
Dion Dosualdo, executive officer of the Australian Institute of Conveynacers – WA division, told Mortgage Professional Australia in an interview after the latest fraud was unveiled, that while he has a high degree of confidence in the PEXA platform itself, the conveyancer interface (login) creates the greatest opportunity for fraudsters.
He said the whole electronic conveyancing ecosystem needs greater oversight from the Australian Registrars' National Electronic Conveyancing Council (ARNECC).
“ARENCC needs to implement regulation for all stakeholders to ensure the safety of consumers and their funds. They are simply not listening to industry concerns and I feel they lack appropriate power, will and resources to do anything about implementing robust regulation.”
So, the next time you engage a conveyancer, it is a good idea to quiz them on their email and internet security protocols. For now this is a point of vulnerability, which if not adequately protected, could you leave you with a serious financial shortfall.