According to a statement issued by PEXA, on Monday 18 June, at approximately 5pm, the company became aware of a fraudulent situation where a practitioner’s email account was compromised.
An unknown party intercepted a change-in-password email sent from the PEXA platform. This allowed the person to access the Subscriber’s PEXA account. As a result, the destination account details in the settlement schedule were fraudulently changed. This applied to this single incident and the PEXA system has not been compromised.
Email interception isn’t new and happens across a range of industries. Unfortunately, there has been a couple of instances of this occurring over the past few years where emails have been intercepted and vendors requested to send funds to fictitious accounts operating under the guise of the settlement agent.
What is PEXA doing to make sure this doesn’t happen again?
While the PEXA platform itself was not compromised, PEXA is working closely with all parties, including the relevant authorities to assist in every possible way.
The PEXA security team is currently undertaking detailed monitoring of the platform’s activity and checking for similar scenarios. This includes where passwords have been re-set in close relation to other things which may be considered ‘unusual’ behaviour.
PEXA has released it is in the process of adding additional security measures. More information will be provided on these initiatives in the near future.
PEXA’s System Security Measures (Listed On Pexa’s Site)
- To date, over 1.2 million transactions have been successfully completed on PEXA. Instances of fraud and attempts of fraud have been incredibly low, in fact much lower than the paper process.
- The PEXA system’s security is aligned with international standards. PEXA continues to comply with to operate by complying with the Model Operating Requirements as set by the e-conveyancing regulator, ARNECC.
- An independent expert review, currently conducted by Ernst & Young (EY), is completed annually to ensure alignment with these standards. PEXA has consistently complied with these standards.
- Further to this, confidence in PEXA’s system security has been demonstrated by the Reserve Bank of Australia (RBA), Land Titles Office, State Revenue Offices and many software providers (among others) by the successful integration with these parties.
How does PEXA protect its Subscribers online?
PEXA protects its clients in several ways. The main way is the proper use of digital certificates to mitigate the risk of fraud. Digital Certificates allow the electronic signing of documents in PEXA on behalf of clients thereby eliminating the need to print and pen-sign physical documents.
A digital certificate is a PEXA Subscriber’s unique identity online. Anyone signing on the PEXA platform must use one for security purposes. PEXA also uses encryption mechanisms and ensures all clients agree to PEXA’s security policy to ensure their systems meet a certain standard of security when using the PEXA system.
How To Stay Cyber Secure?
Be sure to take the necessary steps to reduce the risk of fraud. This includes things like, verbally confirming bank account details with clients, not using free public Wi-Fi, keeping security patches up-to-date and importantly, checking payment directions immediately prior to signing.
If you have any questions please feel free to get in touch, we are always happy to help. Or visit PEXA’s security webpage to learn more.