Mr. Patrick Casey:

One step will not solve this; there are a number of layers to it. The Deputy mentioned the urgency of a whole-of-system approach. The industry in Ireland has called for discussion on developing a fraud database. It was very much a feature of the discussion that took place with Banking & Payments Federation Ireland, BPFI. It has been advocated for strongly and the Department of Justice is working on legislation.

There is the whole question of broader consumer awareness of the big challenge that has been presented by authorised push-payment fraud and the role of social engineering. We are all receiving spurious text messages and being bombarded with An Post messages about articles we have not ordered and so. I think Commissioner McGuinness has been talking about the importance of education on this area from a Commission standpoint. It aligns with our national financial literacy strategy which is being developed by colleagues in the Competition and Consumer Protection Commission, CCPC.

Customer authentication is another important facet of the systems and controls on the firms' side of things. There are parallels with the IBAN crosscheck. Mr. Kincaid mentioned the implementation of the IBAN crosscheck in the Netherlands. There were some initial teething problems. When at first glance the check did not go through, people would proceed with transactions and ignored the check because they just thought it was down to teething issues and so on. It may be that it is not an instant panacea and certainly would not be on its own. Ultimately, because the bad actors in the system are manipulating victims, it is possible that consumers will proceed even when there is a match with what they have been manipulated to do, or that they will ignore the warning of a mismatch. Notwithstanding that, for instance, the account does not appear to be the name that they anticipated it being, they may well proceed with the transaction. Both those features are flagged by the Commission.

Certainly, the Netherlands case is interesting. With the implementation of IBAN crosscheck, we cannot have that siloed individual entity concept that the Deputy mentioned. We need that thinking across the system because, as with strong customer authentication, SCA, we need to try to get everyone on the same page. There is a co-ordination element to that.

I am interested in the comments the Deputy made about the national financial crime strategy. The Hamilton report commissioned by the Department of Justice in 2020 flagged much of this co-ordination-type discussion on information sharing. We need to accept that we are slow in this area and the system needs to catch up quickly to get to grips with what is happening. Mr Kincaid mentioned the French model. They have developed an observatory for security of payment mechanisms and means under legislation in France. Although I do not believe the social media companies are participants in that forum, nonetheless they have done considerable work and brought much of the thinking forward on that. It is worth looking at their recommendations in this area.