220 likes | 359 Views
National Consumer Congress 14 March 2007. John Harries Managing Director, ANZ Banking Products. Why does ANZ let the Falcon fly?. Banking is about trust, and trust = security of information and funds
E N D
National Consumer Congress 14 March 2007 John Harries Managing Director, ANZ Banking Products
Why does ANZ let the Falcon fly? • Banking is about trust, and trust = security of information and funds • Consumers face a range of threats: “skimming”, “phishing”, “trojans”, “vishing”, “identity theft”, and good old fashioned counterfeiting • Banks need to respond to both real and perceived threats while meeting expectations for increased convenience via new channels • ANZ has invested heavily in fraud prevention and detection, and is raising our profile both to attract security-conscious customers and deter criminals • ANZ is also focussed on customer education – increasing awareness of threats amongst both customers and staff
Convenience-driven customers embracing new channels % Australian population that have used Internet banking Source: Roy Morgan Finance Monitor data set
… but there are still concerns about security and privacy % purchasing or ordering goods via the Internet (private use) Travel, accommodation, tickets, CDs, music, computer software Main reason for not purchasing via the Internet, 2004-05 32% Source: ABS Cat No. 8146.0
… with some justification Growth in attempted phishing attacks Sept 06 industry spike • US has established President’s Identity Theft Taskforce, after more than 650K identity theft complaints in 2005 • ChoicePoint fined US$15m for compromise of 163,000 consumer records Source: Anti-Phishing Working Group 2006, ANZ
What we’ve experienced (these guys are clever!) • Simple phishing • Email linked to a website coaxing customers to submit account details • ‘Cashing-in’ on ANZ name • Sites using ‘ANZ’ in domain name • Often claim ANZ is conducting a survey with a cash incentive • Roaming website • Similar to simple phishing but the website location moves to a different country every hour, making it difficult to locate and shut down • Trojans • Email with attachments or links to websites that embed key-logging or other programs on user hard-drive
Making ANZ a “hard target” • Technology investments: • Falcon and Carreker systems in place • Changes to BPay and ‘Pay-Anyone’ transaction processing completed to increase the likelihood of spotting fraud in advance • Chip card/terminal conversion underway • Multi-factor authentification for Internet Banking being investigated • Aggressive human intervention: • Dedicated Internet security and credit card teams monitor transactions 24 hours a day • Average of 4 hours to take down a phishing site (vs. industry average of 5 hours to >3 days) • Internal security team uses exception reporting to track staff actions • Legal action – particularly where a site has used ANZ’s name
Some thoughts for the industry • Australia is well positioned, thanks to existing Privacy Legislation and reasonably effective industry/stakeholder coordination (so far) • To deal with new threats, we need collaboration among law enforcement, intelligence agencies, Government, industry (banking, telecommunications, ISPs) and the media, to improve: • Prevention: e.g., chip technology, virus software, education • Detection: e.g., shared information new scams • Response: e.g., ISP filtering, prosecution, cross-border agreements • Technology is an important part of the answer, but is not the answer
Thank you… Thank you!
Are You Being Scammed?A Consumer Perspective Nicole Rich Director - Policy & Campaigns
Three Sectors Question is: What can • Consumers • Business • Government do to respond to the threat of scams?
Consumers • Scams are hard to stop at supply-side • Strategies that stop scams at demand-side must be in the mix • Consumers need to take some responsibility to protect their own interests • Incentive to do so because it is our money, ID etc!
Consumers • But consumers need to know how to guard against scams • Need up to date and understandable information - business & Govt • Easier for some than others – education, skills matter • Getting harder as scams become more sophisticated and change quickly • Scams good at targeting the whole range of human vulnerabilities
Business • Business also a victim of scams - Business-targeted scams - Scams that target consumers but business bears some of the loss • Also a victim indirectly – scams are a virus in our economy, diverting resources away from useful purposes and legitimate businesses • Scams also impact on consumer confidence eg using Internet banking; investment products
Business • Business has a big role in stopping scams at the demand-side • Resources and capability to develop new tools, innovations to guard against scams (eg 2-factor ID) • Should there be some shift in responsibility/liability for loss from scams and fraud? eg EFT Code of Conduct Review
Government • Also has a strong interest in stopping scams – a virus in our economy • Information and education provider • Policy and Law-maker • Enforcement
Government • Major problem that scams originate overseas • And from jurisdictions that do not have good consumer protection laws nor participate in relevant international forums • Organised crime involvement • How to stop scams at the source? Or take enforcement action?
Government • Huge challenges • Ultimately cannot treat the virus without the help of originator states • Must participate in international processes that assist these countries to develop their legal systems and crack down on scammers • In meantime, cooperation with other states to get up to date intelligence and pass this on to consumers and business • And use the intelligence to develop innovative and effective interventions