Update: It is anticipated that the full terms of the Guarantee and the accompanying claim form will be available on the PEXA website by the end of July. Please note that the guarantee applies to residential properties settled through the PEXA platform from 29 June 2018 so if the same type of fraud was to occur again, the Guarantee is in place to cover it.
It’s important to note the Guarantee will not cover instances where the practitioner has themselves entered incorrect bank details and as such, PEXA always encourages you to verbally confirm payment details with your client prior to signing off on the settlement.
We are writing to update you on new assurances being introduced by PEXA which will further safeguard all transactions conducted via our platform. We also want to ensure you are kept fully informed of the security measures we have in place, as well as our continuing response to incidents reported in recent days.
Residential seller guarantee
We've listened to concerns, and we're committed to the members that use our platform and the consumers they represent. We understand the importance of security to the industry as a whole, and as a result PEXA will be introducing a new guarantee for transactions conducted on our platform. We anticipate this guarantee will go above and beyond any guarantee available in the paper-based settlement process, and will provide greater safeguards to consumers whose conveyancer or lawyer uses PEXA. Further details about the guarantee will be made available shortly.
Additional tools to assist you
In addition to our existing cyber security systems and processes, we're assisting the conveyancers and lawyers who use our platform to uphold the highest possible security standards by:
Reinforcing and strengthening existing scanning measures, including implementing daily monitoring in relation to password reset activity, new users and change of account details; including follow-up with our Members;
Creating new users in an “inactive” mode, meaning only PEXA can activate all new users on your behalf after confirming the new user with you;
Introducing Workspace time stamps so you can see who and when the Workspace was last updated; and
Introducing an additional verification layer upon sign-in.
Response to reported incidents
Any reports of fraudulent activity made to PEXA are recorded and escalated internally in line with established procedures. Following an incident reported to PEXA on 31 May, PEXA sped up existing plans to introduce multi-factor verification. This is on track for delivery within the next few weeks. When PEXA was alerted to a second incident, we immediately increased our monitoring of potential unusual activity surrounding password resets, new user creations and changes to BSB and account numbers. We have been actively contacting practitioners to confirm any such activity is legitimate and continue to do so.
Response to affected customers
We know that buying and selling a home is an emotional time and understand the stress that can be felt when things don’t go to plan. We clearly regret the distress felt by those impacted in these two recent events and will ensure all outstanding funds are covered, without condition. We're continuing to work with all those involved.
You'll hear more from us shortly outlining our new verification layer and residential seller guarantee. Kind regards,
James Ruddock Acting CEO, PEXA
... View more
Dear PEXA Community,
We know that buying a home is a significant emotional and financial investment. We also understand that when things don’t go to plan it can be one of the most stressful times in yours and your client’s lives. To have that transaction be the subject of fraud is abhorrent and the last thing anyone wants. Therefore, we fully understand the impact being felt by those that have been part of these isolated incidents. When PEXA was alerted to a case of fraud late last week, we immediately increased our monitoring of potential unusual activity surrounding password resets, new user creations and changes to BSB and account numbers. We have also been actively contacting practitioners to confirm any such activity is legitimate. No new instances of this fraud have been found and these continue to be isolated incidents. While the PEXA system itself wasn’t compromised, we have also begun work developing additional alerts and processes to further enhance security in the system. Over the next week, PEXA will make changes to the system which will only allow new users to be created in an inactive status meaning PEXA itself will need to enable them. In addition, we’ll be adding a feature to the system which highlights the date, time and specific user that last updated the settlement schedule. These are the first in a number of changes that are being rolled out across PEXA and we look forward to announcing a number of new initiatives over the next few weeks. It’s important to note that funds cannot be misdirected unless you physically sign off on the fraudulent account details using your bespoke digital certificate and accompanying password so we encourage all members to check the details you’re signing off on prior to applying your digital certificate and password. We will continue to monitor all workspaces and proactively contact you to ensure any changes on your workspaces are legitimate. Thank you for your understanding at this time. If you do have any concerns, and need to speak to us, please contact the PEXA Support Centre on 1300 084 515, available 8.30am – 8.00pm AEST Monday to Friday.
James Ruddock Acting CEO, PEXA
... View more
PEXA has been alerted to an incident whereby an unknown party gained unauthorised access to a practitioner's email account where a change in password email, that was sent from the PEXA platform to the Subscriber, allowed this person to access the Subscriber's PEXA account. As a result, the destination account details in the settlement schedule were fraudulently changed. We want to assure you that the PEXA platform was not compromised. A practitioner's email account was compromised.
This in isolation isn't enough for a fraudulent payment to occur. Any payment instruction requires you to digitally sign (or re-sign) the financial settlement schedule confirming the account details that you have entered, allowing settlement to proceed. Please be conscious of checking the settlement schedule immediately prior to signing to ensure that the information you are signing off on is correct.
We are working closely with all parties, including the relevant authorities to assist in every possible way.
While attempts of this nature are not specific to e-Conveyancing, PEXA urges all practitioners to take steps to reduce the risk of fraud. This includes, among others, verbally confirming bank account details with clients, not using free public Wi-Fi and keeping security patches up to date.
The PEXA security team is currently undertaking detailed monitoring of all Workspace activity, checking for any similar scenarios where passwords have been re-set in close succession among a number of other things, which may be considered ‘unusual’ behaviour.
If we find any Workspaces or accounts that fall into this category, we will immediately call you to double check if you undertook the activity in question. PEXA is also in the process of adding additional security measures. We will continue to keep you updated.
The Law Institute of Victoria offers a practical guide covering cyber security which we would encourage you to read. In addition, The Queensland Law Society has also published a warning in relation to email scams.
PEXA will continue to provide its members with the latest in cyber security awareness tools and tips via our seminars, newsletters and bespoke security page on the PEXA website.
If you would like guidance on how to stay safe online, please visit the Online Security Group on the Community or the security page on our website. We also have an FAQ page.
Acting CEO, PEXA
... View more