The Oracle Australia and New Zealand Middleware and Technology Blog.

Wednesday, July 2, 2008

Identity Theft Hits $1billion dollars in Australia

An interesting article came out today on the Australian IT web site referencing a study the Australian Bureau of Statistics have published.
The highlights or low lights depending on what side of the fence you sit on in regards to security services and solutions include;
-More than 800,000 people fell victim to at least 1 instance of fraud
-77% where victims of credit card fraud suffered a loss from $100 to $10,000
-23% suffered fraud through unauthorised use of their details.
-Nearly 6 million Australians were exposed to email scams like the Nigerian scam. The astounding statistic is that "there were 329,000 victims of all selected scams in Australia in the 12 months prior to interview, where a victim was defined as a person who responded to the scam by providing personal details and/or money or sought further information from the scammer. This represented a victimisation rate of 2%." according to the ABS.

With the new information age upon us, and the increased sharing, storage and transmission of data we need to start looking at what to do.

The Australian banks have just turned on PIN numbers for credit card transactions, this happened relatively unannounced last month. What this means is you can now enter a pin like your ATM card to authorise a credit card transaction. So you don't need to sign the small piece of paper. This functionality alone is not going to reduce Internet fraud. But it may change the landscape.

Today, those unfortunate souls that suffered credit card fraud pass the onus onto the bank. They accept the cost of this fraud begrudgingly and the consumer is protected. If this Billion Dollar bill continues to increase then i can imagine the banks looking for ways to cover their exposure. Rumours are already starting around the banks passing this costs down, especially if negligence i guess can be proved. If the banks introduce more sophisticated credit cards then this may become a reality.

Organisations need to look at what they can do to protect their consumers, the online economy is a legitimate part of most organisations today. Organisations need to realise if they don't start protecting their customers being you and me then we might move to a competitors shop front. Lets face it the online economy is great for this, you aren't travelling anywhere. There are no new addresses to find, parking to deal with. Its just a simple matter of creating a new account elsewhere.

So what can an organisation do? to start with the basic username / password had been around now for eternity, well in IT years anyway since the dawn of computers. More sophisticated authentication mechanisms need to be put in place, that don't burden the customer. They need to be transparent, leveraging technologies like mobile phones for the transmission of pins and stealth technologies that look at each connection on in its own right. These stealth technologies like Oracle's OAAM or Adaptive Access Management will monitor each session, balancing white lists, black lists, hardware profiles, user habits, malware code on the connecting device and other variables to determine if the connection can be maintained.

Using these more sophisticated mechanism's can allow organisations to leverage the fact they are preventing ID theft on their sites. No one remembers good news but they do of course remember bad news, so with the right technologies in place you shouldn't be on the wrong end of a PR nightmare.

I might check my credit cards tonight however just to make sure.

Cheers
Carl

2 comments:

Gary Myers said...

"329,000 people lost money after responding to such scams"
Shoddy journalism here. The ABS doesn't actually give a figure for the people who lost money.
"A person was defined as a victim of a scam ... if they sought more information from the offender."

http://www.abs.gov.au/AUSSTATS/abs@.nsf/Latestproducts/25334C6558D67EDBCA2574740015BAD4?opendocument

Paul Ricketts said...

Thanks for pointing out the error Gary. We have now corrected the article and referenced the original article.

Paul