Banks' e-fraud code of silence stymies action

Australian banks which stubbornly refuse to provide law enforcement authorities and government with comprehensive figures on the incidence of electronic fraud is impeding the fight against cyber crime. It may even encourage e-crooks to target Australia, a conference on ATM security was warned last week.

Addressing an NCR briefing on ATM security and standards, executive director of the Australian ATM Industry Association, Jon Andreasson, said that Australia now faced a situation where "less than 5 percent of [bank-related] fraud is recorded on publicly available databases".

Andreasson warned that with crimes such as skimming [illegal card duplication] and related ID fraud on the rise Australia faces a situation where there is effectively no centralised collection and analysis of financial e-crime incidents and trends.

While commending a recent collaboration between the Australian Crime Commission and the Australian Bankers' Association in the form of a "card-skimming database", Andreasson said liaison between federal and state jurisdictions needed to be bolstered because criminals knew only too well how to run scams across borders.

ATM fraud has no single body to look at financial e-crime trends across Australia, he said.

"The Australian High Tech Crime Commission and the Australian Crime Commission are to be recipients [of card-skimming database information], but the data is compiled by the states…it's [comparing] apples and oranges. It can be a real mess," Andreasson said.

Andreasson also questioned Australian Crime Commission estimates that peg the cost of card fraud in Australia at around $100 million - with skimming activities accounting for about half of that figure.

"I would wonder as to how they came to this figure," he said.

Asked whether the federal government ought to compel banks to divulge the true cost of card and electronic fraud, Andreasson politely declined to answer, saying the matter was "one for the regulators".

Meanwhile, NCR's security consultant for ATMs, Claire Shufflebotham, said the recent adoption of Windows by banks to run ATMs was also starting to cause concern among both ATM vendors and users, not least because of the proliferation of viruses.

"ATM software security is now the biggest threat," Shufflebotham said, adding that the Bank of America had the Nachi virus and found its ATM network out of action for one day. "That would have cost millions." She also related the incident where high-spirited students at a US university had managed to abscond with an ATM and relocate it – only to find that when plugged back in "it worked fine first go".

"We are concerned and we have been speaking to Microsoft. NCR believes that [the use of Microsoft Windows on ATMs by financial institutions] is a [security] problem at the moment – people are not hacking Unix. ATMs must be hardened [in terms of software security], ports must be shut down," Shufflebotham said.

CEO of Corporate Protection Services, Ray Lambie, said that service level agreements for proliferating non-branch ATMs were also creating new risks for those who had to attend to them, not least because many were now located deep within shopping malls.

The Australian Banker's Association did not reply to requests for comment.

Cops get smart on identity crime

While Australian banks remain reticent about revealing details of electronic and identity crime, law enforcement bodies across Australia's seven legal jurisdictions are working harder than ever, according to the director of the Australian Centre for Policing Research, Commander Barbara Etter.

She said the formation of two key bodies, the Working Party on Identity Crime (reporting to the Australian Police Commissioners' Conference) and the ID Crime Task Force (reporting to the Australasian Police Ministers' Council) had recently been formed with a view to enhancing information and intelligence available to authorities.

However, Etter said collating crime statistics from Australia's police forces had always been a challenging endeavour, with identity and electronic crime no different to more traditional miscreant pursuits.

"It's a general problem with the collection of crime statistics and there are steps being taken to address these issues," Etter said.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about Financial InstitutionsMicrosoftNCR Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Julian Bajkowski

Latest Videos

More videos

Blog Posts