Nearly 600 conveyancers have signed a petition to delay the rollout of Australia’s new online property transfer platform following breaches that enabled fraudsters to steal $1.25 million from two owners while their homes were being settled.
The electronic platform which is owned by state governments and Australia’s big banks and is being used to settle and exchange titles for thousands of properties across the country, is facing a significant backlash from professional users.
The Law Institute of Victoria has described it as “not sufficiently robust” and the Australian Institute of Conveyancers’ (AIC) Victorian arm has called its vulnerabilities “disturbing”.
Fairfax Media revealed last week two cases in which more than $1.25 million was stolen from vendors while their properties were being settled on Property Exchange Australia’s PEXA e-transfer system.
The bulk of the money has since been recovered but at least one of the vendors, MasterChef finalist Dani Venn and her husband Chris Burgess, stand to lose their home after hackers entered the PEXA system through their conveyancer’s account and made off with $250,000.
Ms Venn’s bank, the Commonwealth, was able to freeze and return $138,000 of her funds.
The e-transfer system will replace Australia’s 150-year-old Torrens title paper exchange of property with electronic certificates and is set to become mandatory in Victoria in October, with NSW to follow suit next July.
“The industry has been assured repeatedly by PEXA that the platform is safe and secure. These fraud incidents have only been possible because of significant security vulnerabilities,” AIC Victorian chief executive Jill Ludwell said.
The vulnerabilities put a question over the timetable to make it mandatory, she said.
PEXA acting chief executive James Ruddock said the company had increased monitoring of accounts to detect unusual activity and would change the way new users were added to the system.
The hackers broke into Ms Venn’s conveyancer, Sargeants Knox Conveyancing, accessed emails from PEXA and added themselves in the PEXA system as another user.
“No new instances of this fraud have been found and these continue to be isolated incidents,” Mr Ruddock said.
“It’s important to note that funds cannot be misdirected unless the practitioner physically signs off on the fraudulent account details using their bespoke digital certificate and accompanying password,” he said.
Property law specialist and Law Institute Council member Simon Libbis said the system’s security measures should ensure funds went to the right account.
“Otherwise there is a real risk in using it,” he said.
The fraudulent activity comes at a sensitive time for the Victorian government, which is moving to privatise the Land Titles Office in an auction expected to fetch more than $2 billion.
Business Insider Emails & Alerts
Site highlights each day to your inbox.