Table of Contents
- What the Scams Prevention Framework is
- Who enforces it — and how victims get redress
- The timeline: not fully live yet
- What to do if you were scammed in Australia
- Frequently asked questions
- Does Australia have to refund my scam like the UK does?
- The scam started with a fake ad on social media — does that matter?
- Is the framework fully in force?
- How does this compare to my rights elsewhere?
Australia took a different route from the UK. Instead of ordering banks to refund every scam, it passed a law making banks, phone companies, and social media platforms legally responsible for stopping scams across the whole chain — the fake ad, the spoofed text, and the payment. It is called the Scams Prevention Framework, and it is one of the most ambitious anti-scam laws in the world.
Jurisdiction matters.
This guide covers scams involving Australian banks, telcos, and platforms. If you paid from a UK account, the UK's mandatory reimbursement rules are far more generous; the US and Singapore differ again.
What the Scams Prevention Framework is
The Scams Prevention Framework (SPF) passed Parliament on 13 February 2025 as an amendment to the Competition and Consumer Act 2010. Rather than a single rule, it sets legal duties on the businesses scammers rely on to reach and pay victims.
$50M
maximum civil penalty per breach
SPF
3 sectors
banks, telcos, digital platforms first
6 duties
govern, prevent, detect, disrupt, respond, report
The framework is built on six overarching obligations. Regulated businesses must:
- 1
Govern
Put senior-level anti-scam systems, policies, and accountability in place.
- 2
Prevent
Take reasonable steps to stop scams reaching customers — for example, verifying advertisers or checking payee names.
- 3
Detect
Actively identify scam activity, high-risk transactions, and known scam signatures.
- 4
Disrupt
Act quickly to interrupt scams in progress — hold suspicious payments, take down fraudulent content.
- 5
Respond
Handle reports, support victims, and act on intelligence from other businesses and regulators.
- 6
Report
Share scam data with the National Anti-Scam Centre so patterns can be tracked across sectors.
Who enforces it — and how victims get redress
The SPF is overseen by multiple regulators: the ACCC (through the National Anti-Scam Centre) leads, with ASIC and the ACMA covering finance and telecommunications. Breaches carry civil penalties of up to $50 million.
Crucially for victims, the framework includes a private right of action and external dispute resolution through the Australian Financial Complaints Authority (AFCA). This is the key difference from the UK: Australia does not guarantee a refund for every scam. Instead, if a bank, telco, or platform failed its legal duties and that failure contributed to your loss, you can seek compensation — through AFCA or the courts.
No automatic refund — yet.
Under the SPF, reimbursement is tied to fault. You generally recover when a regulated business breached its obligations, not simply because you were scammed. That makes documenting how the scam reached you — the ad, the platform, the payment path — especially important.
The timeline: not fully live yet
The law has passed, but its teeth arrive in stages:
| Milestone | Date |
|---|---|
| SPF passed Parliament | 13 February 2025 |
| SPF rules commence | 1 September 2026 |
| Full sector obligations enforceable | 31 March 2027 |
In the meantime, the banking industry's voluntary Scam-Safe Accord is already rolling out measures like a confirmation-of-payee name-check service, so that a transfer to "John Smith" warns you if the account name does not match.
What to do if you were scammed in Australia
- 1
Contact your bank immediately
Report the fraud and ask them to attempt to recall or freeze the funds. The faster you act, the more likely money can be stopped before it moves.
- 2
Report to Scamwatch and ReportCyber
File with Scamwatch (run by the National Anti-Scam Centre) and ReportCyber (police). Reports feed the intelligence that drives disruption across the framework.
- 3
Complain to AFCA if your bank falls short
If your bank did not meet its scam duties, lodge a free complaint with the Australian Financial Complaints Authority.
- 4
Preserve the evidence
Keep the scam ads, messages, fake platform screenshots, and transfer records — they establish both your loss and where a business failed.
If crypto was involved, the same fundamentals apply everywhere: report fast, keep records, and understand how stolen crypto is traced and whether it can realistically be recovered before paying anyone who promises to get it back.
Frequently asked questions
Does Australia have to refund my scam like the UK does?
Not automatically. The UK mandates reimbursement for most authorised push payment fraud; Australia instead penalises banks, telcos, and platforms that fail their anti-scam duties and lets victims seek compensation through AFCA when those failures caused the loss.
The scam started with a fake ad on social media — does that matter?
Yes. A distinctive feature of the SPF is that digital platforms, not just banks, carry legal obligations. Where a platform failed to prevent a fraudulent ad or account, that can form part of a claim.
Is the framework fully in force?
No. The rules commence on 1 September 2026 and full sector obligations become enforceable from 31 March 2027, though voluntary industry measures like confirmation of payee are already appearing.
How does this compare to my rights elsewhere?
Very differently. See our guides to UK bank reimbursement, Singapore's anti-scam laws, and where the US stands.
Key takeaways
- Australia's Scams Prevention Framework (Feb 2025) makes banks, telcos, and digital platforms legally responsible for preventing scams.
- It imposes six duties — govern, prevent, detect, disrupt, respond, report — backed by penalties up to $50 million.
- Redress is fault-based: you generally recover when a business breached its duties, via AFCA or the courts — not an automatic refund.
- Full obligations are phased in through 2026–2027; voluntary measures like confirmation of payee are already live.
- Report to your bank, Scamwatch, and ReportCyber immediately, and complain to AFCA if your bank fell short.
Know someone who needs this? Share it.
Scambulance will never ask for your private keys, passwords, or seed phrases. Anyone promising guaranteed fund recovery is likely a scammer.
