🚨 Protecting Customers from Scams and Fraud

Scams and fraud are among the most significant risks facing the digital asset industry. In 2024, Australians reportedly lost over $2 billion to scams and fraud across almost half a million reported instances. This equated to an average loss of roughly $4,000 per report.

While many scams and frauds are perpetrated by individuals or small groups for personal gain, others have more sinister implications. Illicit proceeds may be used to finance organised crime, money laundering, or even terrorism. As such, scam and fraud prevention is not only a customer protection priority but also a critical compliance obligation.

🤝 Responsibilities as an AUDD Partner

Whether your business is a Distributor through the AUDD Mint, a Merchant through the AUDD Gateway, or an AUDD ecosystem partner, everyone plays a frontline role when it comes to safeguarding customers from scams and fraud. The responsibility does not stop at processing transactions; it extends to ensuring that customers are well-informed, vigilant, and protected against evolving threats. The reality is that scammers are agile. They adapt their tactics quickly, moving from one scheme to the next, and they often exploit gaps in customer education or business processes. As such, businesses must treat scam prevention as a core part of their customer protection and compliance framework, not just an optional extra.

The first step is visibility. Scam and fraud guidance should be just as prominent and accessible as a business’s terms and conditions or privacy policy. If customers cannot easily find information on how to recognise and avoid scams, the business has already failed to provide adequate protection. By making this information public and highly visible, businesses signal to both customers and regulators that they are serious about protecting vulnerable users.

Secondly, advice must be tailored. Just as every business is required to complete a money laundering and terrorism financing (ML/TF) risk assessment, each business should also assess the types of scams and fraud most likely to target their operations and customers. A generic warning is helpful but insufficient. For example, an exchange servicing younger customers may see higher exposure to social-media-driven investment scams, while platforms serving migrants or students may need to focus more on employment and identity scams. Understanding your risk environment is key to delivering meaningful guidance.

Finally, education must be proactive. It is not enough to publish a static page on scams. Partners should incorporate scam awareness into ongoing communications with their customers, helping them recognise the tell-tale signs of fraudulent behaviour before it is too late.

👍

Communication is Key:

For partners, the challenge is not only to know these threats but to translate that knowledge into clear, accessible, and practical guidance for customers. The tone must be empathetic, the advice specific, and the warnings frequent.

🛡️ Incident Response and Customer Aftercare

When a customer becomes the victim of a scam or fraud, the damage is rarely limited to money lost. Victims are often shocked, ashamed, and disoriented. They may not even realise they have been scammed until they attempt to withdraw funds or speak to someone they trust. This is why an immediate, structured response from the you is critical - not just to protect the platform and other customers, but also to demonstrate empathy, professionalism, and compliance.

Every minute counts. Scammers move funds quickly across accounts and networks, making recovery difficult once assets have left the platform. Equally, the customer’s emotional state may impair their ability to act decisively, so clear direction and calm guidance are essential. The following steps should form the baseline for every partner’s incident response procedure:

🛑 Prevent Further Losses

The first priority is containment. Even if the funds appear to be gone, it is vital to ensure no additional harm occurs.

• Suspend access immediately: Lock down the customer’s account as soon as a scam or fraud is suspected. Do not wait for confirmation of loss.
• Secure linked services: Block any associated payment instruments, bank accounts, or wallets that may still be vulnerable.
• Notify AUDD without delay: Provide full details so that we can coordinate checks across the wider AUDD ecosystem. Fraudsters often recycle the same stolen identities across multiple services, and quick notification may prevent repeat offences.

📢 Direct the Customer to Report

Once the account is secure, the next step is to help the customer report the incident. Reporting is more than a bureaucratic process - it enables law enforcement, regulators, and industry groups to track patterns, share intelligence, and shut down criminal networks.

We recommend directing customers to report through the following channels:

• ACCC's Scamwatch: for all scam and fraud incidents, regardless of outcome.
• ReportCyber: mandatory where financial loss has occurred, as this connects the report to federal and state police cybercrime teams.
• ChainAbuse: for any scams involving blockchain-based transfers, so suspicious wallets can be flagged and tracked.

Encourage customers to report even if no funds were lost. Attempted scams are just as valuable to investigators for identifying emerging trends.

📘

Spread the Word:

Include Scamwatch, ReportCyber, ChainAbuse, and IDCARE links in your customer education materials (website, FAQs, dashboards). Making these resources visible upfront empowers customers to act quickly and shows regulators your proactive commitment to protection.

🕵️‍♀️ Identity Protection

Fraud does not always stop with stolen money. Scammers often harvest personal data, which can later be used for identity theft or sold on the dark web.

• Refer customers toIDCARE: Australia’s national identity support service, which provides free, confidential advice on how to manage compromised personal information.
• Encourage additional precautions: This may include updating passwords, enabling multi-factor authentication, and monitoring bank accounts or credit files for suspicious activity.
• Document the exposure: Record what personal or financial details may have been shared so that appropriate risk mitigation can be applied.

🚪 Offboarding the Customer

As difficult as it may be, confirmed victims of scams or fraud must be prevented from using other AUDD services. This step is critical for their protection, as victims are at a heightened risk of being targeted again. Once a report has been made, and a loss confirmed, our compliance team will immediately offboard the user. This includes closing or restricting access to the customer’s virtual account, or wallet, within the AUDD product suite. This process will also need to be carried out within your own service or platform where necessary. To help with managing the customer:

• Explain the rationale with empathy: Make it clear this step is to protect them, not to punish them. Scammers often sell victim details to other criminals, leading to repeat attacks under the guise of “fund recovery services.”
• Protect the ecosystem: Offboarding reduces the chance that scammers will re-exploit a compromised account to target other customers or services.

🔍 Ongoing Risk Management

Fraud prevention cannot be treated as a “one and done” task. Too often, businesses believe that asking a handful of questions during onboarding is sufficient to weed out bad actors. In reality, scammers are patient and manipulative. They know that initial checks are strict, so they often invest time in coaching victims or fabricating documents that will pass the first hurdle. Once inside the system, they rely on complacency - assuming that the business will no longer probe as deeply. This is why partners must build continuous vigilance into their risk management framework.

The mindset should be that due diligence is an ongoing conversation, not a one-off questionnaire. Each customer interaction - whether it is a request to move large sums of money, an explanation for unusual activity, or even a casual query - presents an opportunity to confirm legitimacy. Partners must empower their staff to trust their instincts, ask follow-up questions, and verify details when something does not feel right.

A practical approach to ongoing risk management includes:

• Beyond onboarding: Fraudsters know onboarding is the tightest filter. That is why businesses must continue to run scam and fraud checks during the entire customer relationship. This can be as simple as asking clarifying questions when patterns of activity change, or as structured as running periodic reviews on high-risk accounts.
• Probe deeply: Scammers often coach victims to “say the right thing.” For example, romance scam victims may be told to claim they are investing on their own behalf, when in fact they are transferring money to someone else’s wallet. Don’t take surface-level answers at face value. Ask for detailed evidence - such as proof of source of funds, screenshots, or the wallet address they'll be holding their assets in - to validate claims.
• Escalate red flags: Sometimes, it’s not what a customer says but how they say it. Vague answers, contradictions in their story, reluctance to provide supporting documents, or visible discomfort when pressed for details should all be treated as high-risk indicators. Partners should have clear escalation procedures so frontline staff know when and how to pass cases to compliance teams for review.
• Root-cause reviews: Each time a scam or fraud slips through, it represents an opportunity to learn. Was it a failure in questioning? Were staff too trusting? Was the red flag missed because procedures were unclear? Conducting a post-incident “lessons learned” review ensures weaknesses are identified and controls are continuously improved.

By embedding these practices into everyday operations, partners create a culture of vigilance. This culture not only reduces losses and strengthens compliance - it also helps to build customer trust. Customers may not always enjoy being questioned, but they will respect a platform that demonstrates genuine care in protecting them from harm. In the long run, continuous risk management is both a compliance necessity and a business advantage.

🎓 Bringing Customer Education to Life

Every day, people come to your platform not just to transact, but because they trust you. Educating them about scams isn't just a formality - it’s a responsibility. When fraud strikes, fear, confusion, and regret follow fast. That’s why you must build trust through clarity, prevention through familiarity, and engagement through relevance.

Begin with practical, relatable examples - not abstract warnings. Show your customers what an “investment scam” looks like, explain how romance scams unfold, or walk through a fake job “appointment” to make the threat tangible. Use clear, everyday language - avoid jargon or legal-speak - and frame your guidance as a shared mission in protecting both the user and your platform.

Position your scam guidance where customers will naturally look - on dashboards, during logins, or in welcome emails - not tucked into legal pages they’ll never read. Reinforce the message regularly. A well-timed push notification or a quick tip can stop a scam in its tracks. And don’t treat your audience as uniform: tailor messages to older customers, international students, or first-time users - segments more likely to be targeted.

📘

Effective Education in Practice:

• Publish practical examples of scam scenarios most likely to affect your user base.
• Use clear, plain language - speak like a trusted advisor, not a regulator.
• Ensure scam warnings are front and centre, not buried in legal fine print.
• Send recurring reminders via email, app notifications, or SMS.
• Target vulnerable groups with tailored communication - both in tone and delivery.

To help kick start the process, below are some real world examples of effective strategies used by others in the industry - draw from these as inspiration, or include them as part of your own material (while crediting the creator of course!)

• AFP / JPC3 (Australian Federal Police - Scams Awareness Week):
  The AFP highlighted that nearly half of all investment scam losses involve cryptocurrency in the 2023-24 financial year and supported their campaign with videos and infographic explainers to simplify complex scam tactics.
• Scamwatch “Little Book of Scams”:
  This accessible guide - translated into 17 languages and available in “Easy Read” formats - is used internationally to educate consumers and small businesses about scam awareness.
• Digital Economy Council of Australia (DECA):
  DECA produced a video series explaining top scam tactics in digital assets, emphasising awareness, simple steps, and consumer vigilance.
• Identifying and Avoiding Scams - Free Online Course (Be Connected / eSafety):
  A structured online course teaches users how scams work, including phishing, romance, investment, remote access, crypto, and text or SMS scams. Additionally covers what to do if targeted, and how to protect yourself - offered in plain language, accessible, and action-focused.

❗️

Reminder for Partners:

Failure to implement effective fraud and scam prevention processes exposes your business - and AUDD as a whole - to significant compliance, reputational, and financial risk. Negligence in this area will not be tolerated, and repeat failures may result in your business being offboarded from the AUDD product suite.