Business Email Compromise (BEC) continues to be one of the biggest threats facing Australian businesses, according to the latest Cyber Threat Report released by the Australian Signals Directorate (ASD). The ASD recently highlighted the rising threat of BEC, with these scams costing Australian businesses over $84 million in 2023-24 alone. Given the nature of the work real estate agents and conveyancers handle, with high-value transactions and sensitive client information, these sectors are prime targets for BEC cyber-crime.
For many real estate agents and conveyancers, requesting clients to email scanned or photographed ID documents is commonplace. It’s quick, familiar, and seemingly harmless. However, this practice exposes businesses to significant risks that jeopardise security, compliance, and trust. Email inherently lacks the necessary safeguards for handling sensitive ID information, so if this is a practice you use in your business, it is time to reconsider this outdated process in favour of more secure and reliable methods.
The convenience trap and why email feels easy
Email is a tool clients already understand and can use with minimal instruction. Snapping a photo of a driver’s licence and attaching it to an email is simple for the client and reduces effort on both sides. However, while convenient, email is also deeply flawed and comes with significant risks to you, your business’s reputation and your clients.
Email was simply not designed, nor ever intended, to be used as a secure medium for transmitting sensitive information. This “quick and easy” method can lead to disastrous consequences when handling documents as sensitive as a person’s identification.
The risks of using email for ID verification
1. Cybercrime and identity theft risks
Buyers, sellers, owners and tenants typically do not have the same level of cybersecurity practices in place on their personal email accounts as most businesses would. Their email accounts are often secured with weak passwords and lack multi-factor authentication (MFA). A single compromised account on either side of the communication chain can provide cybercriminals with direct access to sensitive identity documents.
Once stolen, these documents can be used for identity theft, opening credit accounts, or even committing property fraud. In such cases, clients may hold your business responsible for exposing their data to risk if these documents were emailed at your request.
2. Fraudulent documents are undetectable
Without back-to-source verification, documents received via email provide no guarantee of authenticity. Fake IDs are increasingly sophisticated and hard to detect, especially in digital formats. A scanned or photographed image is easily manipulated with editing software, making it almost impossible for an agent or conveyancer to spot a fraudulent document.
Failing to verify the legitimacy of these documents leaves your business vulnerable to facilitating fraud, whether intentionally or not. Indeed, the question would be whether you have taken ‘reasonable steps’ to verify an identity via email when there are many other more sophisticated, secure methods available to you.
3. Elder or family abuse risks
In cases of elder abuse or family coercion, family members can use legitimate documentation to make it appear that the property owner is consenting to the transaction. For example, a family member might sell an elderly family member’s home without their knowledge or consent by sending their ID documents via email to their agent.
Without more comprehensive verification protocols, cases like these can go unnoticed, exposing agents to legal disputes and reputational damage.
4. Reputational harm from data breaches
A single data breach can tarnish your professional reputation irreparably. Consumers are not quick to forget companies linked to data breach scandals, as evidenced by the recent Optus and Medibank incidents. If ID documents sent via email are intercepted, leaked, or stolen, the fallout could result in lost clients, negative reviews, and a diminished standing in the industry.
Clients expect professionals to handle their data responsibly, and reportable data breaches erode that trust.
5. Non-compliance with Privacy Laws
The Privacy Act 1988 requires businesses to take reasonable steps to protect sensitive personal information. Email does not meet these standards due to its vulnerability to interception and lack of encryption. A breach could result in investigations by the Office of the Australian Information Commissioner (OAIC), penalties, and legal liability for failing to safeguard client data.
Why are agents still relying on email?
For many real estate agents and conveyancers, the reliance on email stems from familiarity and a lack of perceived alternatives. Email feels easy, but this false sense of security can lead to devastating consequences for both clients and businesses.
All too often we speak to firms who say they know they need to make changes, but are ‘too busy’ or it’s ‘too hard’ or they just ‘haven’t gotten around to it’. Unfortunately, in today’s day and age, ‘too busy’ will become ‘too late’ when the business falls victim to a cyber-crime.
Making smart changes in your businesses doesn’t have to be complicated or cumbersome. The benefits of using a secure ID verification solution far outweigh the slight behavioural change needed when implementing a new process.
The secure, digital VOI alternative
To mitigate all of these risks, industry professionals must adopt a secure digital verification process, such as Scantek’s VOI solution. Our digital VOI platform transforms the process by enhancing security, compliance, and efficiency.
Here’s how it overcomes all of the risks inherent in less-robust processes like emails:
1. End-to-end security
Scantek’s platform encrypts all data at rest and in transit, ensuring sensitive documents are never accessible to unauthorised parties. Unlike email, the platform is ISO 27001 certified, meeting the highest standards for information security.
2. Back-to-Source checks
Scantek performs real-time verification against government and international databases, such as the Document Verification Service (DVS), to ensure ID documents are genuine. This eliminates the risk of unknowingly accepting fraudulent documents.
3. Geo-location features
Our geo-location tagging identifies your client’s location at the time of verification. This feature is invaluable in flagging discrepancies, such as a client claiming to be in Australia while submitting documents from overseas.
4. Biometrics & liveness checks
The platform’s biometric facial recognition and liveness checks ensure that the person completing the verification is physically present and matches the ID provided. This prevents unauthorised individuals from impersonating legitimate clients, as well as significantly reducing the risk of family or elder abuse taking place.
5. Compliance and audit trails
Scantek generates a verifiable record for every ID verification, providing a clear audit trail that meets state-based VOI requirements. Documents are securely stored in line with regulatory obligations, eliminating the need for manual record-keeping.
The urgent need for industry
The real estate and conveyancing industries are facing increasing scrutiny. Regulatory bodies like ARNECC are reviewing the ‘reasonable steps’ requirements for VOI, and the industry has Anti-Money Laundering & Counter-Terrorism Financing Tranche 2 reforms on the horizons, which are expected to tighten compliance obligations further in the coming months and years.
By transitioning to a secure digital VOI solution now, agents and conveyancers can stay ahead of these changes while ensuring their processes are both compliant and efficient.
Smart agents are getting ahead of the risks now
Email is convenient, but it’s not safe or sufficient for handling sensitive client information. The risk of identity theft, fraud, legal liabilities and reputational damage now far outweigh the perceived convenience.
As the industry evolves, adopting secure, compliant, and user-friendly digital solutions like Scantek’s VOI platform is essential. With features like our real-time back-to-source checks, geo-location tagging, and robust encryption, Scantek is empowering agents to protect their businesses and clients without compromising efficiency.
Don’t wait for a data breach or security scare to switch to a more secure VOI solution. Contact our friendly team today to see how our digital VOI solution can transform your business.