Why It’s Critical That The Australian Government Expands The Scams Prevention Framework Bill To Other Sectors

Wednesday, 14 May 2025, 1:06 pm
Press Release: Yubico

By Geoff Schomburgk, Vice President for Asia Pacific & Japan at Yubico

Over the past year, cybersecurity trends and challenges have had a profound impact on all industries in Australia. Cybercrime, particularly phishing scams, has evolved into a sophisticated, large-scale challenge affecting businesses, consumers and critical infrastructure. However, it is a solvable challenge with the right approach and tools in place. For example, in response, the Australian Government has introduced the Scam Prevention Framework (SPF) Bill, a significant legislative step towards combating fraud and strengthening consumer protection.

The SPF Bill, currently before Parliament, seeks to curb the growing problem of scams by introducing new measures to protect consumers. The framework mandates substantial obligations for regulated entities, including strict compliance measures, harsh penalties for non-compliance and defined pathways for dispute resolution. As a significant step toward phishing resistance and cyber resilience for Australia, this is positive legislation that the Australian parliament should vote in favour of to safeguard Australian consumers.

A strong framework with room for improvement

The SPF Bill is a crucial step toward creating a safer digital environment by fostering an ecosystem where businesses and the government share information and collaborate to disrupt scams. However, the current scope of the bill is limited to the banking, telecommunications and digital platform service provider sectors. While these industries are among the most affected by scams, they are far from the only ones at risk. Limiting the bill’s coverage to these sectors overlooks the broader impact of scams on other industries and consumers.

Scams are not exclusive to financial services or telecommunications; unfortunately, they occur across all industries in unique ways. Every sector that deals with consumers and digital transactions is vulnerable to cyberattacks. Australians interact with multiple industries daily and therefore, their protection should not be contingent on which sector they are engaging with at any given time. Expanding the SPF Bill’s reach will ensure that consumers are protected no matter where they conduct business.

Cybercriminals also continually exploit gaps in security regulations. If the SPF Bill only applies to select industries, cybercriminals will likely shift their focus to less-protected sectors. By covering all industries, a more comprehensive and resilient defence against scams will be established, ensuring a holistic and future-proofed cybersecurity approach.

Strong phishing-resistant protection is critical

Cybercriminals frequently use phishing attacks to steal credentials and gain unauthorised access to systems, leading to financial fraud, identity theft and business disruptions. Strong, modern authentication measures are among the most effective ways to mitigate phishing-related scams that this SPF aims to protect against. Particularly, phishing-resistant multi-factor authentication (MFA) tools, such as passkeys, are a foundational requirement for scam prevention.

Beyond expanding the industry scope of the SPF Bill, it will be important for the government to ensure that organisations implement strong, phishing-resistant authentication. Phishing-resistant passkeys, such as hardware security keys that comply with FIDO2/WebAuthn standards, provide an effective barrier against these attacks. This is because it requires something you know (such as a PIN or password), something you have (a security key), and something you are (a biometric fingerprint or physical touch of the key) to gain access to accounts.

Phishing-resistant MFA prevents account compromise by eliminating reliance on traditional password-based authentication, which is highly susceptible to cyber threats. Unlike legacy MFA methods, which can be intercepted, such as SMS-based one-time passcodes, strong hardware-based authentication ensures that only legitimate users can gain access to their accounts. This approach significantly reduces the risk of unauthorised access, data breaches, and financial fraud.

A future-proofed approach to scam prevention

As cybercriminals employ increasingly sophisticated tactics, including AI-driven scams and social engineering, we encourage the Australian Government to adopt a more holistic and proactive approach. The SPF Bill lays the foundation for scam prevention, but its scope should be expanded to provide coverage across all major sectors of the economy.

We remain committed to supporting Australian regulators in their efforts to create a safer digital landscape. By expanding the SPF Bill and incorporating advanced security measures, the Australian Government can take a significant step toward protecting consumers and businesses from evolving scam threats. By doing so, Australia can lead the way in global cybersecurity resilience, demonstrating that a unified, cross-industry approach is essential for effectively tackling cybercrime and becoming truly phishing-resistant.

© Scoop Media