06 December 2011

Broken Hearts

The Australian Competition & Consumer Commission (ACCC) is seeking comment from the nation's "online dating and romance industry" regarding draft guidelines to combat scams.

The guidelines have been developed by a working group that the ACCC convened after a meeting with industry representatives in July. The expectation is that they will be finalised for a launch in early 2012.

The Commission states that -
Online dating and romance scams cause significant harm to Australian consumers, targeting people from all walks of life, education, background and age group.

Between January and October 2011, more than 1600 complaints and over 17 million dollars in losses have been reported to the ACCC. In 2010 over 15 million dollars in losses were reported.

These scams typically involve a genuine user of a dating website being contacted by a potential admirer who is a scammer in disguise. After forming a relationship with the victim, the scammer plays on emotional triggers to get the victim to provide money, gifts or personal details.
The proposed guidelines are "intended to improve and support the measures taken by dating websites to counter the activities of scammers". They are also meant to provide guidance for industry on how to better protect users from scams.

The ACCC indicates that actions in the guideline involve -
scam warnings and safety information – content and placement online and communication with customers
internal verification processes and procedures in relation to profiles placed on dating websites to detect and disrupt the activities of those seeking to engage in fraud
internal complaints handling procedures.
As you might expect, given the co-regulatory approach embraced by the ACCC and ACMA, the actions in the guidelines "are intended to be flexible and their implementation should be adapted to fit the layout, user base and business model of each dating website".

"Dating and romance website operators" are encouraged to provide comments by 16 December 2011, ie a mere ten days away.

The ACCC indicates that the guidelines cover -
1. Appropriate scam warnings and information
Appropriate scam warnings and information are necessary to educate consumers and raise awareness of the risk of scams. Scam warnings should include simple and direct key messages, as well as examples. Consistent messaging across D&R websites is likely to enhance the effectiveness of these warnings. D&R websites can adapt the wording of these messages and examples to suit their individual needs, while retaining the essential message.

2. Vetting and checking system
A robust vetting and checking system to identify scammers as they attempt to register with the website and following registration is an important tool for D&R websites to disrupt the activities of scammers.

3. Complaints handling procedures
Effective complaints handling procedures are vital for D&R websites to respond to scams. They allow for scammers to be quickly identified and action taken to protect users. Such procedures must be easily accessible to users, responsive to their complaints, and informative.
The specific elements are -
Appropriate scam warnings and information

In order to educate and inform their users, D&R websites should provide information and warning messages about scams. Warning messages should include both key messages and examples in appropriate locations.

Display of warning messages

Warning messages should be clearly and prominently displayed throughout the D&R website in a form likely to be noticed and make an impact on users, such as a banner, sidebar or insert.

Warning messages should be displayed in locations where they will be regularly viewed by users, particularly at ‘points of decision’ where users may be contacted by scammers.

For example, warning messages may be displayed:
1. where members communicate including chat, instant messaging, email and other communication services provided by the website;

2. at any other relevant locations frequently visited by website users.

Content of warning messages

As part of their warning messages, D&R websites should display common key messages to warn their users about the risk of scams.
1. To be most effective, key messages should be simple and direct.

2. Key messages should be appropriate to the area of the website on which they appear.
A set of common key messages for use by D&R websites is at Attachment A. Use of these messages will reinforce the consistency of warnings across the industry. However, websites can also adapt the exact wording of these messages to suit their layout and the needs of their user base.

D&R websites may also develop additional key messages which they consider effective. These messages should also be simple and direct and consistent with those in Attachment A.

In addition to key messages, D&R websites should also display warning messages consisting of examples of scammer conduct. Users are more likely to be responsive to warnings in the form of real situation or story they can recognise.
1. Examples may be displayed in a brief format in the same locations as key messages, or with more detail elsewhere in the website.

2. Steps should be taken to draw the attention of users to these more detailed examples, such as through a link contained in a warning message.
A set of examples of scammer conduct is at Attachment B. However, websites can also adapt the exact wording of these examples to suit their layout and the needs of their user base.

D&R websites are encouraged to develop additional examples based on their own experience of scams.

Websites should also regularly review their examples to ensure they reflect current trends in scammer behaviour and to warn users about new and emerging scams.

It is not expected that all key messages and examples will be displayed together at one time. Instead, key messages and examples should be appropriate to the location where they are displayed and may be part of a rotating set of such messages.

Provision of detailed information

D&R websites should provide their users with access to detailed information on scams. This information may be provided as part of the website, or on a separate dedicated online safety page.

The attention of users should be drawn to this information. For example, the information or a link to the information could be provided:
1. as part of information on how to use the websites provided to new members at the end of the registration process or soon after the new member has joined the website – for example in a ‘welcome’ email or internal message sent to new members;

2. during regular communications with members – such as a newsletter or update service;

3. through links within the D&R website where appropriate.
D&R websites may also display a link to scam information on their homepage.

The detailed information should be sufficient to fully inform users about the risk of scams and how to identify and protect themselves from scams.

This information may include:
1. warning signs when a user is communicating with a scammer;

2. common stories used by scammers when they request money;

3. steps to be taken if a user thinks they have fallen victim to a scam; and

4. any other information relevant to educating users about scams.
The detailed information may be presented in the form of Frequently Asked Questions (FAQ) page.

D&R websites may provide a link to the ACCC’s SCAMwatch website (www.scamwatch.gov.au), which contains information about D&R and other scams, but should also maintain information about scams on their own website.

Detailed information should be regularly reviewed for accuracy and updated to reflect current trends in scammer behaviour.

Mobile websites and Smartphone applications

In addition to websites accessed via a computer and internet browser, some D&R websites maintain versions of their site optimised for viewing on a mobile phone (mobile websites) and/or offer applications (‘apps’) for use with a Smartphone or other device.

D&R websites should display simplified scam warnings on websites or apps designed for mobile devices as appropriate and in keeping with the objective of the guidelines.

Vetting and checking system

D&R websites should implement a robust vetting and checking system to identify scammers as they attempt to register with the website and following registration.

A robust vetting and checking system should consider a range of different characteristics of user profiles, user behaviour and other data in order to identify those profiles which have been created by scammers and remove them from the website.

For example, characteristics which may be checked by such a system include:
1. the language used in the profile, including identification of common phrases used by scammers, common usernames and passwords used by scammers and a prevalence of spelling/grammatical errors

2. checking of profile pictures, to identify common pictures used by scammers

3. checking of Internet Protocol (IP) addresses to identify users registering from outside Australia (where appropriate) or from areas of the world linked to scam activity

4. measures to address the use of proxy servers and other methods to evade IP checking

5. abnormal behaviour by users within the website, such as the volume of messages sent or responded to

6. any other characteristics which are an effective way to identify profiles likely to be created by scammers.
D&R websites should adopt a vetting & checking system that best fits their website structure and level of traffic. Such a system can involve manual or automated checks, or a combination of both.

As the methods used by scammers may change over time, D&R websites should regularly review their vetting and checking system to ensure it remains effective.

Complaints handling procedures

In order to identify scams, gather information and assist affected users, D&R websites should provide complaint handling procedures where users can report a scam and ensure users are aware of this system.

Lodging a complaint

D&R websites should set up mechanisms for users to report suspicious conduct within the D&R website – such as button entitled ‘report a scam’, ‘report abuse’ or other words to similar effect.

Operators may also provide a ‘live help’ feature to respond directly to affected users via chat, instant messaging, Voice Over Internet Protocol (VOIP) or other method.

Referring complaints

D&R websites should implement the following referral process for users who have identified or been affected by a scam:
1. advise users to report the scammer to the website operator first

2. advise users they can report the scam to the ACCC SCAMwatch website – www.scamwatch.gov.au;

3. advise users who have sent money and provided financial details to contact their financial institutions and inform the provider of any service (such as a money transfer service) which they used to send money to the scammer;

4. advise users who have lost money to a scammer to contact their state or territory police force;

5. A template advice to users on what to do if they have fallen victim of a scam is at Attachment D.
As legitimate users may lose access to the website if their profile is hacked or mistakenly removed, D&R website operators should ensure that their customer service staff can be contacted via an alternative that does not require the user to be logged in.

Responding to complaints

Where the user seeks a response, D&R website operators should respond to complaints of scam activity by the end of the next business day. This response should include information on what action the user should take if they have fallen victim to a scam.

Upon receipt of a complaint about scam activity, D&R website operators should investigate the profile alleged to be engaging in scam activity and take appropriate action as soon as possible.

Staff dealing with customer complaints should receive training on the issue of scams.

D&R websites should keep the details of customer complaints confidential and advise their customers that they will do so.

D&R website operators should collect data on complaints about scams in order to monitor the effectiveness of their anti-scam measures and update them when necessary.
1. This data would include the number of complaints, the amount of money reported lost and the type of scam.

2. The data is to be collected from the information provided by the complainant. It does not require D&R websites to seek further information from complainants.