Embed Size (px)
Citation preview
1
John Harries
Managing Director, ANZ Banking Products
National Consumer Congress
14 March 2007
2
Why does ANZ let the Falcon fly?
• Banking is about trust, and trust = security of information and funds
• Consumers face a range of threats: “skimming”, “phishing”, “trojans”, “vishing”, “identity theft”, and good old fashioned counterfeiting
• Banks need to respond to both real and perceived threats while meeting expectations for increased convenience via new channels
• ANZ has invested heavily in fraud prevention and detection, and is raising our profile both to attract security-conscious customers and deter criminals
• ANZ is also focussed on customer education – increasing awareness of threats amongst both customers and staff
3
Convenience-driven customers embracing new channels
0%
5%
10%
15%
20%
25%
30%
35%
40%
% Australian population that have used Internet banking
Source: Roy Morgan Finance Monitor data set
4
… but there are still concerns about security and privacy
Source: ABS Cat No. 8146.0
19%
35%
0%
5%
10%
15%
20%
25%
30%
35%
40%
No need Prefer in person Security/ Privacy/Trust concerns
Main reason for not purchasing via the Internet, 2004-05
32%
0%
5%
10%
15%
20%
25%
30%
35%
1999 2000 2001 2002 2004-05
% purchasing or ordering goods via the Internet (private use)
Travel, accommodation,
tickets, CDs, music, computer
software
5
Source: Anti-Phishing Working Group 2006, ANZ
• US has established President’s Identity Theft Taskforce, after more than 650K identity theft complaints in 2005
• ChoicePoint fined US$15m for compromise of 163,000 consumer records
0
5,000
10,000
15,000
20,000
25,000
30,000
Oct-0
4
Dec-0
4
Feb-
05
Apr-0
5
Jun-0
5
Aug-0
5
Oct-0
5
Dec-0
5
Feb-
06
Apr-0
6
Jun-0
6
Aug-0
6
0
10
20
30
40
50
60
70
Industry ANZ
Growth in attempted phishing attacks Sept 06 industry spike
… with some justification
6
What we’ve experienced (these guys are clever!)
• Simple phishing
– Email linked to a website coaxing customers to submit account details
• ‘Cashing-in’ on ANZ name
– Sites using ‘ANZ’ in domain name
– Often claim ANZ is conducting a survey with a cash incentive
• Roaming website
– Similar to simple phishing but the website location moves to a different country every hour, making it difficult to locate and shut down
• Trojans
– Email with attachments or links to websites that embed key-logging or other programs on user hard-drive
7
Making ANZ a “hard target”
• Technology investments:
– Falcon and Carreker systems in place
– Changes to BPay and ‘Pay-Anyone’ transaction processing completed to increase the likelihood of spotting fraud in advance
– Chip card/terminal conversion underway
– Multi-factor authentification for Internet Banking being investigated
• Aggressive human intervention:
– Dedicated Internet security and credit card teams monitor transactions 24 hours a day
– Average of 4 hours to take down a phishing site (vs. industry average of 5 hours to >3 days)
– Internal security team uses exception reporting to track staff actions
– Legal action – particularly where a site has used ANZ’s name
8
Improving customer awareness a key part of the equation
9
10
11
12
Some thoughts for the industry
• Australia is well positioned, thanks to existing Privacy Legislation and reasonably effective industry/stakeholder coordination (so far)
• To deal with new threats, we need collaboration among law enforcement, intelligence agencies, Government, industry (banking, telecommunications, ISPs) and the media, to improve:
– Prevention: e.g., chip technology, virus software, education
– Detection: e.g., shared information new scams
– Response: e.g., ISP filtering, prosecution, cross-border agreements
• Technology is an important part of the answer, but is not the answer
13
Thank you…Thank you!
Are You Being Scammed?
A Consumer Perspective
Nicole RichDirector - Policy & Campaigns
Three Sectors
Question is: What can Consumers Business Governmentdo to respond to the threat of scams?
Consumers
Scams are hard to stop at supply-side Strategies that stop scams at demand-side
must be in the mix Consumers need to take some
responsibility to protect their own interests Incentive to do so because it is our money,
ID etc!
Consumers
But consumers need to know how to guard against scams
Need up to date and understandable information - business & Govt
Easier for some than others – education, skills matter
Getting harder as scams become more sophisticated and change quickly
Scams good at targeting the whole range of human vulnerabilities
Business
Business also a victim of scams- Business-targeted scams- Scams that target consumers but business bears
some of the loss Also a victim indirectly – scams are a virus in
our economy, diverting resources away from useful purposes and legitimate businesses
Scams also impact on consumer confidence eg using Internet banking; investment products
Business
Business has a big role in stopping scams at the demand-side
Resources and capability to develop new tools, innovations to guard against scams (eg 2-factor ID)
Should there be some shift in responsibility/liability for loss from scams and fraud? eg EFT Code of Conduct Review
Government
Also has a strong interest in stopping scams – a virus in our economy
Information and education provider Policy and Law-maker Enforcement
Government
Major problem that scams originate overseas
And from jurisdictions that do not have good consumer protection laws nor participate in relevant international forums
Organised crime involvement How to stop scams at the source? Or take
enforcement action?
Government
Huge challenges Ultimately cannot treat the virus without the help
of originator states Must participate in international processes that
assist these countries to develop their legal systems and crack down on scammers
In meantime, cooperation with other states to get up to date intelligence and pass this on to consumers and business
And use the intelligence to develop innovative and effective interventions
