PEXA Real Estate Privatization by Government with no Accountabilities

arislan on 05/07/2018 - 19:57

Anyone been following the PEXA debacle? Government is privatizing the old paper process into digital means, but there is no accountability here when the funds are lost and the private entity hosting this service can just say "Sorry, we'll increase our cyber security" but not on the line for the funds lost.

https://www.smh.com.au/business/companies/masterchef-finalis…

The worst part here is the government will make this mandatory. So if you're ever engaged in any property transaction where you need to deposit money into your conveyancer's trust account temporarily it will be via this system and if it gets haxored again and you lose your fund, they get to just walk away with no accountability. I find this quite ridiculous and the government should really fix this…

What are the ozb-ers thoughts on this?

General Discussion Government Real Estate

Comments

  • whooah1979 on 05/07/2018 - 20:06
    -2

    What are the ozb-ers thoughts on this?

    pay less, pay cash.
    by tgg.

  • vinni9284 on 05/07/2018 - 20:33

    There was an article on this on Current Affair the other day, where the money was allegedly hacked and stolen externally.
    Allegedly, they tried to handball the issue and blame the Conveyancer …at any means not to pay back.

    However PEXA did a back-flip (after media intervention) and reimbursed their stolen money and has guaranteed for future transactions, that ppl are covered.
    I'd love to read their T&C's though

    Well, IMO they can't afford the negative publicity, especially when they have intentions to go on the ASX and it's mandated by the government.
    .. it's all about control and saving money for them IMO.

    Cheers

  • bobbieb on 05/07/2018 - 20:44
    +1

    Methinks they doth protest too much. Sure blame PEXA, not the conveyancer with the half arsed security.

    Seriously… these guys didn't notice that someone hacked their PEXA account admin user, added a user with enough privileges to to edit settlement details, and then proceeded to change a settlement that was about to happen.

    I suspect the noise is more a pretense to buy time. In the meantime, a whole bunch of small conveyancing shops - who are most likely the binders full of paper types - have most likely been put on notice that it may not be a good idea to run their PEXA settlements from a PC with a password post-it note stuck to the monitor.

  • Sofie519 on 05/07/2018 - 21:28

    Conspiracy Theory 1: Interest Group seeks to eliminate the funds transfer to a third party (Conveyancer's Trust Account) in favor of a digital settlement platform between banks. Much like a clearing house where they only need to exchange the difference at end of day, thus reducing need to have available physical funds ~ Banks create money from nothing, property settlements stunting the growth of their magic money tree.

    or

    Conspiracy Theory 2: Masterchef Marketing Team's elaborate attempt to raise awareness and promote the show

    shrugs

    • EightImmortals on 06/07/2018 - 06:29

      Cooked up a scam eh?

      (Better than cooking up more spam I guess? )

    • arislan on 06/07/2018 - 20:53

      Conspiracy Theory 2 is not likely as prior to this there was already another hacked where folks also lost money, but it didn't hit the news as they were not high profile folks. The news mentioned this.

  • thatonethere on 05/07/2018 - 22:42

    Unfortunately PEXA has not really lifted the bar much from the existing conveyancing risk profile - which seems very lax and trusting. There are already scams happening in the "race to the bottom" cheapest conveyancing deal market where people are losing hundreds of thousands of dollars - eg:

    http://www.abc.net.au/news/2017-10-25/scam-targets-conveyanc…

    Hopefully this big scare which impacts on PEXA's ability to IPO improves things - and also hopefully state governments who insist on PEXA transactions make PEXA guarantee the funds if they are 'mislaid'.

  • djkelly69 on 05/07/2018 - 22:56

    As far as I can tell, the system performed as it is supposed to - an account is signed off by the user as being the correct one to transfer funds to once the documents are correct, and that is what happened.

    It is basically the same as someone getting into your internet banking, adding a new account and then transferring funds out.

    Not sure why the bank/PEXA should be held responsible in that situation.

    It does however appear they need to add more security layers around adding users (although without knowing the whole, real story, it is hard to know).

    • thatonethere on 06/07/2018 - 00:03

      In this case the user has provided the right info for the conveyancer to put into PEXA to do the transaction. Later hackers break into the conveyancers email, get into the conveyancers PEXA account and change the bank details just before the transaction is made stealing the money.

      Seems like fault lies with the conveyancer for having an insecure system. And PEXA for not highlighting last min ban account changes

    • HighAndDry on 06/07/2018 - 14:30

      It is basically the same as someone getting into your internet banking, adding a new account and then transferring funds out.

      Except because of the inherent risks and the magnitude of those risks, no bank will let you add an account-holder and then transfer out half a million dollars solely over the internet. At the very least they will call you to confirm the transaction before processing it, and in 99% of cases will require you to come into a branch so that they can both verify your identity and the transaction details in person.

      • bobbieb on 06/07/2018 - 19:43

        Yeah, the Banks themselves are pretty anal this sort of thing. Being allowed to operate on someone else's account generally requires a fair bit of paperwork. With the royal commission going on and all of the past wrongdoings coming to light, I expect they become even strict about their processes.

        You're absolutely right about the risk aspect. The key difference as I see is is that previously, a lot of the risk was centered in the delay that would be caused if cheques were made out incorrectly, or mislaid/lost. Now, the conveyancers on either end who enter PEXA details on their client's behalf are central to the risk.

        PEXA's security is pretty full-on (I won't speculate on the nature of the hack itself, but I can say it wasn't as simple as guessing someone's password), but this may actually work against them. You now have a bunch of conveyancers who generally run a very ink-on-paper kinda business, working with a state of the art system involving digital document signatures, USB hardware tokens… I suspect that they were ill-prepared for the sudden importance of their IT security practices (or lack thereof.)

    • arislan on 06/07/2018 - 21:01

      Eh? As far as I know, if someone hacks into your account today via the bank's system not from your home computer, the banks are liable.

      In this case, the hack occured in Pexa's systems, external to the bank. The banks behind it won't know anything as they see Pexa's systems, so the bank's reasonably would not be liable, but Pexa should be as their security flaws allowed the hack to occured in the first place.

      However given government just privatize this to Pexa without ensuring Pexa are held to the appropriate liabilities, like any deposit taking institutions, since Pexa actually provides critical middle-men infra in the payment process, the government should take some of the blame. Especially because in the older system, it was between the Land office (govie), bank and conveyancers and there's clear accountability and liabilities if things were to go wrong at any one of those points. Now there's 4 entities involve, those 3 plus pexa, yet pexa has no liabilities at all. Doesn't much make sense. Whichever politico that allowed for this scheme should really be flogged.

      • djkelly69 on 06/07/2018 - 21:35
        +1

        Yes if someone hacked your bank account from the bank's side, the bank would be liable. But that is not what happened here. If someone gets access to your online banking (for example by installing a keylogger on your system and getting your password), then transfers all your money to themselves or pays their bills or whatever, you are liable. The bank may try to help you cancel transfers or trace payments or whatever, but it is ultimately on you to keep your password safe, etc. If the bank's system was hacked (eg. a bunch of users accounts compromised), they would be liable.

        That is more or less what happened here. The hack did not occur in PEXA's systems, it happened on the conveyancer's side because someone compromised their email system, (and I understand) obtained the PEXA password and added themselves as user.

        Also land titles were not actually involved in settlements previously, it was just banks and solicitors/conveyancers. Land title lodgements were done separately later on. The 'government' has never had anything to do with the money side of things so I don't really understand why they would take any blame now.

        • arislan on 07/07/2018 - 17:14

          You should read what I said. The government should take a blame because they are the one forcing everyone to use a 3rd party private non-liable company where there was none before. How hard is it to understand that. Before you have 3 parties, or 2 however you want to rationalize it - and now there is 1 more in the mix. Made possible by the government, and is not liable at all.

          Also, read the article, the Law Institute Council folks clearly said, however the hack happened, PEXA systems are not ensuring the funds go to the right account and there is a real risk as it stands. Who knows how many other loops holes there are in their systems. There is no such thing as a perfect system, all systems get hacked. The only way this can work is PEXA has to be made liable. The government is responsible for this setup.

Login or Join to leave a comment
Login Join