ASIC is suing HSBC Australia over $23M in scam losses, alleging systemic failures in fraud detection and delays in resolving complaints. Meanwhile, Singapore's proposed anti-scam law aims to freeze accounts of scam victims to prevent further losses, sparking debate on privacy and autonomy.
The Australian Securities and Investments Commission (ASIC) has taken legal action against HSBC Australia, alleging significant lapses in the bank's handling of scam-related activity that cost customers $23 million across 950 unauthorized transactions between January 2020 and August 2024. ASIC claims HSBC failed to implement adequate controls to prevent and detect fraudulent payments and delayed investigating complaints, with some customers waiting an average of 145 days to resolve their cases and regain account access. One customer reportedly waited a staggering 542 days, despite industry standards requiring most cases to be addressed within 21 days.
This case comes as global regulators intensify efforts to combat cyber scams. Singapore has recently proposed groundbreaking anti-scam laws that empower authorities to freeze bank accounts of suspected scam victims to prevent further fraud. These measures also encourage financial institutions to share liability for losses, signaling a significant shift in scam prevention accountability. ASIC Deputy Chair Sarah Court highlighted HSBC’s “widespread and systematic” failings, stating,
“We will not hesitate to take court action where we consider banks failing to comply with their obligations to protect their customers.”
HSBC responded by acknowledging the claims and reaffirming its commitment to combating fraud, but with Australian losses hitting $2.74 billion in 2023 alone, the push for stricter controls continues to gain momentum worldwide.
Singapore is poised to set a global precedent with a proposed law empowering police to freeze the bank accounts of individuals suspected of falling victim to scams. The Protection from Scams Bill, which has gained strong public support, is aimed at tackling increasingly sophisticated fraud schemes that have plagued the nation’s otherwise low crime rates. If passed, police could block withdrawals and credit access for up to 30 days, especially in cases where victims continue to transfer funds despite multiple warnings from banks, authorities, or family members. The Ministry of Home Affairs (MHA) has assured the public that such freeze orders would be used only as a last resort, and victims would retain access to funds for essential expenses and have the right to appeal.
The proposal has sparked both praise and criticism. Over 90% of participants in a public consultation supported the measure, citing the emotional and financial devastation caused by scams, with some advocating its extension to cover cryptocurrency exchanges and remittance companies.
“These scams are elaborate and emotionally manipulative, so stepping in to block access is a necessary step,”
said Adam, whose mother lost S$100,000 in a scam. However, skeptics argue the law risks overreach and penalizes victims instead of empowering them.
“It does not show trust in people to make their own decisions,” said Denise, a concerned resident.
With scam losses reaching S$385.6 million in just the first half of 2024, the debate underscores the urgency of finding solutions that balance protection and individual autonomy in a rapidly evolving digital landscape.
Australia is facing a double threat to its financial security: cyberattacks on major superannuation funds and the fallout from Trump’s “Liberation Day” tariff declaration. Both have exposed deep vulnerabilities in retirement savings, leaving Australia’s future wealth increasingly at risk.
Major cyber alliances are buckling. Australia’s super funds are under digital siege, the US slashes cyber defenses, and Five Eyes unity is faltering. As threats mount from China and Russia, the West’s fractured response risks emboldening adversaries and weakening global cyber resilience.
Elon Musk’s X AI platform has been hit by a massive cyber-attack, leaving users in the U.S. and UK unable to refresh feeds or access accounts. Musk confirmed the attack’s severity, pointing to IP traces from “the Ukraine area,” though experts caution that origin masking is possible.
Late last week, an extraordinary announcement signaled a dramatic shift in U.S. cybersecurity policy: the Trump administration deprioritized Russia as a leading cyber threat. Experts fear downplaying Moscow’s aggression could expose American networks to new risks and undermine national security.
