Theft of ANZ executive’s identity and its use to obtain Westpac loan highlights parlous privacy practices and compliance

August 13, 2017 |

The Australian Financial Review in ANZ executive’s identity stolen and used for $30,000 Westpac loan highlights the chronically poor state of privacy protection by many businesses and the culture of non compliance. The likely scam was simple, an executive’s driver’s licence was scanned/photocopied and sold to a thief who used it to create a fraudulent identity for the purpose of a loan.  Part of the problem is the dreadful and likely illegal practice of some venues scanning licences as a condition of entry, storing that information in a database for as long as they want and having that information accessed by whoever for criminal purposes.  It has been a dreadful practice, reported here and here  just by way of a few instances  This is a problem that has not been effectively tackled by the Privacy Commissioner even though back in 2012 he raised the issue in the report ID scans raise privacy fears and it was reported that  “..he  had investigated ”some clubs” using the technology to make sure they were handling personal information responsibly according to their obligations under the Privacy Act.”  Mmmm.  The fact that data is kept for a long time without any good reason for doing so likely a breach of Australian Privacy Principles. One wonders what sort of investigation took place.

The article provides:

A senior ANZ executive has had his identity stolen and used to fraudulently borrow $30,000 from Westpac, exposing huge gaps in the nation’s frontline defences against digital crime.

The Melbourne-based banking executive’s driving licence details were scanned – or photocopied – and then sold to the alleged thief, who was able to use them to create a fraudulent “banking profile” and make an online loan application.

New findings from the Australian Payments Network, which monitors cash, cheque and digital transactions, reveal growth in domestic identity fraud for online payments last year soared by 28 per cent to more than $175 million, compared with a 10 per cent growth in other payment fraud.

Thieves operating around the globe at the speed-of-light using the sophisticated digital technologies are being routinely combated by Australian officials using pen and paper procedures, analysis reveals.

For example, the ANZ executive is still waiting for his stolen driving licence to be replaced and personal details updated more than five months after reporting the theft of his card to Westpac.That is despite having had the theft corroborated by separate police and Westpac investigations.

This means his identity – or “banking profile” created by the thief – could be resold or repeatedly used by criminals anywhere in the world to apply for additional loans, credit cards, as points towards a passport, to buy guns, transfer illicit cash and innumerable other unlawful online transactions.

“Of the flotilla of disinterested parties, VicRoads (which issue driving licences) are comfortably the worst,” the ANZ executive said about repeated attempts to replace his licence.

VicRoads has been asked for a comment.

The head of the Black Economy Taskforce, appointed by the federal government to identify and recommend strategies for combating the black economy, recently warned that the nation’s banking and financial systems are being “systemically undermined” by rampant identity theft.

Call for biometric methods

Michael Andrew, former global head of KPMG, is urging biometric methods of identification, using fingerprints or voice recognition, be urgently and widely adopted.

The Australian Financial Review recently revealed how the identities of 90 Victorians, including their names, ages, addresses and photographs, are on sale for $950 to anyone in the world with access to the “dark web”, a network of websites that cannot be found by traditional search engines.

They were obtained when the victims allowed their driver’s licences to be scanned to gain access to a Melbourne nightclub, an increasingly popular method for screening patrons to pubs, clubs and nightclubs. Scanning involves taking a picture of the card.

NSW police are investigating the recent disappearance, and possible theft, of up to 16,000 drivers’ licences. Crime gangs using digital technology and paying with untraceable digital currency Bitcoin can choose from an astonishing menu of ready-to-go driving licences, or other identities, which is where the ANZ executive’s identity is likely to be still being traded.

Names, addresses and licence details are used for the licence to open a bank account using a pre-activated SIM card also bought over the dark web using Bitcoin. The SIM card is needed to provide a phone number where the lender can send details of the account.

Lenders are struggling to keep up with the changing technologies and the need to balance improving customer online experience with fraud prevention, according to experts. The Australian Payments Network estimates total fraud on the $1.8 trillion in card and cheque transactions to be about $540 million, or more than $10 million a week.

But the exponential increase in online payments increases the risk of fraud, which can be executed with the press of a keyboard, but can take months to detect.

For example, the Network estimates that online shopping is growing five times faster than traditional retail spending.

One Response to “Theft of ANZ executive’s identity and its use to obtain Westpac loan highlights parlous privacy practices and compliance”

  1. Theft of ANZ executive’s identity and its use to obtain Westpac loan highlights parlous privacy practices and compliance | Australian Law Blogs

    […] Theft of ANZ executive’s identity and its use to obtain Westpac loan highlights parlous privacy pr… […]

Leave a Reply

Verified by MonsterInsights