"PEXA has robust fraud protections and strict authentication procedures built into its platform. Given the online environment in which we operate, we continually review and enhance these. The PEXA platform was not compromised. Practitioners’ email accounts were compromised. Sophisticated fraud was then perpetrated against these practitioners, who operate via the PEXA platform. These are isolated incidents and do not represent a wider or systemic risk to the PEXA platform. PEXA understands this is an incredibly stressful situation for everyone involved and we’re proactively working with all impacted parties to ensure a good outcome, including working directly with one of the practitioner’s clients to assist them to settle on their new home. PEXA routinely communicates with practitioners on issues of cyber security and urges all practitioners to take steps to reduce the risk of fraud,” James Ruddock, Acting CEO
Has the PEXA system been compromised?
No, the PEXA system has not been compromised.
On Monday 18 June, at approximately 5pm, PEXA was made aware of a fraudulent situation where a practitioner’s email account was compromised.
In this instance, an unknown party intercepted a change-in-password email sent from the PEXA platform which in turn allowed this person to access the Subscriber’s PEXA account. As a result, the destination account details in the settlement schedule were fraudulently changed.
Could this happen in paper?
Email interception isn’t new and happens across a range of industries with paper property transactions being no exception. Unfortunately, there has been a couple of instances of this occurring over the past couple of years where emails have been intercepted and vendors requested to send funds to fictitious accounts operating under the guise of the settlement agent.
What is PEXA doing to make sure this doesn’t happen again?
While the PEXA platform itself was not compromised, PEXA is working closely with all parties, including the relevant authorities to assist in every possible way.
The PEXA security team is currently undertaking detailed monitoring of all Workspace* activity, checking for similar scenarios where passwords have been re-set in close succession among other things which may be considered ‘unusual’ behaviour.
PEXA is also in the process of adding additional security measures. More information will be provided on these initiatives in the near future.
How can we be assured that the PEXA system is secure?
To date, over 1.2 million transactions have been successfully completed on PEXA. Instances of fraud and attempts of fraud have been incredibly low, in fact much lower than the paper process.
The PEXA system’s security is aligned with international standards. PEXA continues to comply with to operate by complying with the Model Operating Requirements as set by the e-conveyancing regulator, ARNECC.
An independent expert review, currently conducted by Ernst & Young (EY), is completed annually to ensure alignment with these standards. PEXA has consistently complied with these standards.
Further to this, confidence in PEXA’s system security has been demonstrated by the Reserve Bank of Australia (RBA), Land Titles Office, State Revenue Offices and many software providers (among others) by the successful integration with these parties.
How does PEXA protect its Subscribers online?
PEXA protects its Subscribers in several ways. Firstly, the proper use of digital certificates mitigates the risk of fraud once the Signer has undertaken the appropriate checks and balances prior to signing to ensure accuracy of the information.
Digital Certificates allow the electronic signing of documents in PEXA on behalf of clients thereby eliminating the need to print and pen-sign physical documents.
A digital certificate is a PEXA Subscriber’s unique identity online. Anyone signing on the PEXA platform must use one for security purposes.
PEXA also uses encryption mechanisms and ensures all Subscribers agree to PEXA’s security policy to ensure their systems meet a certain standard of security when using the PEXA system.
Visit PEXA’s security webpage to learn more.
What advice does PEXA have for its members to stay cyber-secure?
We urge all our members to take the necessary steps to reduce the risk of fraud. This includes, among others, verbally confirming bank account details with clients, not using free public Wi-Fi, keeping security patches up-to-date and importantly, checking payment directions immediately prior to signing.
Visit PEXA’s security webpage to learn more.
* A Workspace is a shared online area in PEXA where the participants can communicate and prepare documents for a property transaction.