Presentation on theme: "1 John Harries Managing Director, ANZ Banking Products National Consumer Congress 14 March 2007."— Presentation transcript:
1 John Harries Managing Director, ANZ Banking Products National Consumer Congress 14 March 2007
2 Why does ANZ let the Falcon fly? Banking is about trust, and trust = security of information and funds Consumers face a range of threats: “skimming”, “phishing”, “trojans”, “vishing”, “identity theft”, and good old fashioned counterfeiting Banks need to respond to both real and perceived threats while meeting expectations for increased convenience via new channels ANZ has invested heavily in fraud prevention and detection, and is raising our profile both to attract security-conscious customers and deter criminals ANZ is also focussed on customer education – increasing awareness of threats amongst both customers and staff
3 Convenience-driven customers embracing new channels % Australian population that have used Internet banking Source: Roy Morgan Finance Monitor data set
4 … but there are still concerns about security and privacy Source: ABS Cat No. 8146.0 Main reason for not purchasing via the Internet, 2004-05 32% % purchasing or ordering goods via the Internet (private use) Travel, accommodation, tickets, CDs, music, computer software
5 Source: Anti-Phishing Working Group 2006, ANZ US has established President’s Identity Theft Taskforce, after more than 650K identity theft complaints in 2005 ChoicePoint fined US$15m for compromise of 163,000 consumer records Growth in attempted phishing attacks Sept 06 industry spike … with some justification
6 What we’ve experienced (these guys are clever!) Simple phishing –Email linked to a website coaxing customers to submit account details ‘Cashing-in’ on ANZ name –Sites using ‘ANZ’ in domain name –Often claim ANZ is conducting a survey with a cash incentive Roaming website –Similar to simple phishing but the website location moves to a different country every hour, making it difficult to locate and shut down Trojans –Email with attachments or links to websites that embed key-logging or other programs on user hard- drive
7 Making ANZ a “hard target” Technology investments: –Falcon and Carreker systems in place –Changes to BPay and ‘Pay-Anyone’ transaction processing completed to increase the likelihood of spotting fraud in advance –Chip card/terminal conversion underway –Multi-factor authentification for Internet Banking being investigated Aggressive human intervention: –Dedicated Internet security and credit card teams monitor transactions 24 hours a day –Average of 4 hours to take down a phishing site (vs. industry average of 5 hours to >3 days) –Internal security team uses exception reporting to track staff actions –Legal action – particularly where a site has used ANZ’s name
8 Improving customer awareness a key part of the equation
12 Some thoughts for the industry Australia is well positioned, thanks to existing Privacy Legislation and reasonably effective industry/stakeholder coordination (so far) To deal with new threats, we need collaboration among law enforcement, intelligence agencies, Government, industry (banking, telecommunications, ISPs) and the media, to improve: –Prevention: e.g., chip technology, virus software, education –Detection: e.g., shared information new scams –Response: e.g., ISP filtering, prosecution, cross-border agreements Technology is an important part of the answer, but is not the answer
Are You Being Scammed? A Consumer Perspective Nicole Rich Director - Policy & Campaigns
Three Sectors Question is: What can Consumers Business Government do to respond to the threat of scams?
Consumers Scams are hard to stop at supply-side Strategies that stop scams at demand-side must be in the mix Consumers need to take some responsibility to protect their own interests Incentive to do so because it is our money, ID etc!
Consumers But consumers need to know how to guard against scams Need up to date and understandable information - business & Govt Easier for some than others – education, skills matter Getting harder as scams become more sophisticated and change quickly Scams good at targeting the whole range of human vulnerabilities
Business Business also a victim of scams - Business-targeted scams - Scams that target consumers but business bears some of the loss Also a victim indirectly – scams are a virus in our economy, diverting resources away from useful purposes and legitimate businesses Scams also impact on consumer confidence eg using Internet banking; investment products
Business Business has a big role in stopping scams at the demand-side Resources and capability to develop new tools, innovations to guard against scams (eg 2-factor ID) Should there be some shift in responsibility/liability for loss from scams and fraud? eg EFT Code of Conduct Review
Government Also has a strong interest in stopping scams – a virus in our economy Information and education provider Policy and Law-maker Enforcement
Government Major problem that scams originate overseas And from jurisdictions that do not have good consumer protection laws nor participate in relevant international forums Organised crime involvement How to stop scams at the source? Or take enforcement action?
Government Huge challenges Ultimately cannot treat the virus without the help of originator states Must participate in international processes that assist these countries to develop their legal systems and crack down on scammers In meantime, cooperation with other states to get up to date intelligence and pass this on to consumers and business And use the intelligence to develop innovative and effective interventions