How Safe Is the New Electronic Property Transfer System?
In a much publicised story, a former Master Chef contestant lost $250,000 from the sale of her house in Victoria last month. The problem arose when her conveyancer's email account was hacked by a fraudster, who then used the account to transfer the funds to their own account. The property transfer was conducted via the new electronic property conveyancing system, PEXA.
Conveyancers, who handle the exchange of a property, say the PEXA system does not require additional subscribers using a conveyancer’s account to verify themselves or provide proof of identity. The hackers broke into the conveyancing firms' email accounts, accessed their mail from PEXA and set up new user accounts.
What is PEXA?
PEXA is a private company owned by State governments, the 5 major banks and a property developer. It conducts an electronic property conveyancing platform now widely used for property transfers.
It is set to become mandatory for all transfers in Victoria and NSW within the next 12 months.
In a perhaps unsurprising development, both the transacting bank and PEXA have told their clients that they are not responsible or liable for their loss. But in a de facto admission that their security systems are not sufficiently robust, PEXA announced within days of the publicising of the problem, that they are developing additional alerts and processes to enhance system security.
PEXA acting CEO James Ruddock said PEXA would introduce a number of changes to further enhance its security, including increased scanning measures to monitor password reset activity, new users and change of account details. PEXA has also announced that it will provide a “consumer guarantee for transactions conducted on our platform”, with more information to be released shortly.
It is also the case that banks should take more responsibility in identifying the real owners of bank accounts. For now there is no matching of consumer accounts with BSB and Account Nos.
Is more regulation required?
There’s not much borrowers and conveyancers can do to protect themselves when they use the PEXA platform, which is why some conveyancers are reticent to transfer funds through it electronically. Conveyancers can take out a cybercrime insurance policy, but no such cover exists for home buyers or sellers.
Dion Dosualdo, executive officer of the Australian Institute of Conveynacers – WA division, told Mortgage Professional Australia in an interview after the latest fraud was unveiled, that while he has a high degree of confidence in the PEXA platform itself, the conveyancer interface (login) creates the greatest opportunity for fraudsters.
He said the whole electronic conveyancing ecosystem needs greater oversight from the Australian Registrars' National Electronic Conveyancing Council (ARNECC).
So, the next time you engage a conveyancer, it is a good idea to quiz them on their email and internet security protocols. For now this is a point of vulnerability, which if not adequately protected, could you leave you with a serious financial shortfall.
Johanson, S. MasterChef finalist caught in conveyancing hacker attack Sydney Morning Herald.
Ellwand, O. PEXA bolsters security after high-profile fraud case reveals gaps Mortgage Professional Australia.
Disclaimer: This article is intended to provide general news and information only. While every care has been taken to ensure the accuracy of the information it contains, neither Loanscape nor its employees can be held liable for any inaccuracies, errors or omission. All information is current as at publication release and the publisher takes no responsibility for any factors that may change thereafter. Readers are advised to contact their financial adviser, broker or accountant before making any investment decisions and should not rely on this article as a substitute for professional advice.