Hi Community,
On Monday 18 June, at approximately 5pm, PEXA was made aware of a fraudulent situation where a practitioner’s email account was compromised.
In this instance, an unknown party intercepted a change-in-password email sent from the PEXA platform which in turn allowed this person to access the Subscriber’s PEXA account. As a result, the destination account details in the settlement schedule were fraudulently changed.
Below are some frequently asked questions we have received from our members on this matter. If you have any further questions, please don't hesitate to ask below.
No, the PEXA system has not been hacked.
In this instance, an unknown party intercepted a change-in-password email sent from the PEXA platform which in turn allowed this person to access the Subscriber’s PEXA account. As a result, the destination account details in the settlement schedule were fraudulently changed.
While the PEXA platform itself was not compromised, PEXA is working closely with all parties, including the relevant authorities to assist in every possible way.
The PEXA security team is currently undertaking detailed monitoring of all Workspace* activity, checking for similar scenarios where passwords have been re-set in close succession among other things which may be considered ‘unusual’ behaviour.
PEXA is also in the process of adding additional security measures. Click here to learn more.
Consumer Guarantee
PEXA will be introducing a new consumer guarantee for transactions conducted on the platform. We anticipate this guarantee will go above and beyond any guarantee available in the paper-based settlement process, and will provide greater safeguards to consumers whose conveyancer or lawyer uses PEXA. Further details will be made available shortly.
To date, over 1.2 million transactions have been successfully completed on PEXA. Instances of fraud and attempts of fraud have been incredibly low, in fact much lower than the paper process.
The PEXA system’s security is aligned with international standards. PEXA continues to comply with with the Model Operating Requirements as set by the e-conveyancing regulator, ARNECC.
An independent expert review, currently conducted by Ernst & Young (EY), is completed annually to ensure alignment with these standards. PEXA has consistently complied with these standards.
Further to this, confidence in PEXA’s system security has been demonstrated by the Reserve Bank of Australia (RBA), Land Titles Office, State Revenue Offices and many software providers (among others) by the successful integration with these parties.
PEXA protects its Subscribers in several ways. Firstly, the proper use of digital certificates mitigates the risk of fraud once the Signer has undertaken the appropriate checks and balances prior to signing to ensure accuracy of the information.
Digital Certificates allow the electronic signing of documents in PEXA on behalf of clients thereby eliminating the need to print and pen-sign physical documents.
A digital certificate is a PEXA Subscriber’s unique identity online. Anyone signing on the PEXA platform must use one for security purposes.
PEXA also uses encryption mechanisms and ensures all Subscribers agree to PEXA’s security policy to ensure their systems meet a certain standard of security when using the PEXA system.
Visit PEXA’s security webpage to learn more.
We urge all our members to take the necessary steps to reduce the risk of fraud. This includes, among others, verbally confirming bank account details with clients, not using free public Wi-Fi, keeping security patches up-to-date and importantly, checking payment directions immediately prior to signing.
Visit PEXA’s security webpage to learn more.
Kind regards
Aoife
* A Workspace is a shared online area in PEXA where the participants can communicate and prepare documents for a property transaction.
Kind regards
You must be a registered user to add a comment here. If you've already registered, please log in. If you haven't registered yet, please register and log in.