John Harries

1
National Consumer Congress 14 March 2007
John Harries Managing Director, ANZ Banking
Products
2
Why does ANZ let the Falcon fly?

• Banking is about trust, and trust security of
  information and funds
• Consumers face a range of threats skimming,
  phishing, trojans, vishing, identity
  theft, and good old fashioned counterfeiting
• Banks need to respond to both real and perceived
  threats while meeting expectations for increased
  convenience via new channels
• ANZ has invested heavily in fraud prevention and
  detection, and is raising our profile both to
  attract security-conscious customers and deter
  criminals
• ANZ is also focussed on customer education
  increasing awareness of threats amongst both
  customers and staff

3
Convenience-driven customers embracing new
channels
Australian population that have used Internet
banking
Source Roy Morgan Finance Monitor data set
4
but there are still concerns about security and
privacy
purchasing or ordering goods via the Internet
(private use)
Travel, accommodation, tickets, CDs, music,
computer software
Main reason for not purchasing via the Internet,
2004-05
32
Source ABS Cat No. 8146.0
5
with some justification
Growth in attempted phishing attacks
Sept 06 industry spike

• US has established Presidents Identity Theft
  Taskforce, after more than 650K identity theft
  complaints in 2005
• ChoicePoint fined US15m for compromise of
  163,000 consumer records

Source Anti-Phishing Working Group 2006, ANZ
6
What weve experienced (these guys are clever!)

• Simple phishing
• Email linked to a website coaxing customers to
  submit account details
• Cashing-in on ANZ name

• Sites using ANZ in domain name
• Often claim ANZ is conducting a survey with a
  cash incentive
• Roaming website
• Similar to simple phishing but the website
  location moves to a different country every hour,
  making it difficult to locate and shut down
• Trojans
• Email with attachments or links to websites that
  embed key-logging or other programs on user
  hard-drive

7
Making ANZ a hard target

• Technology investments
• Falcon and Carreker systems in place
• Changes to BPay and Pay-Anyone transaction
  processing completed to increase the likelihood
  of spotting fraud in advance
• Chip card/terminal conversion underway
• Multi-factor authentification for Internet
  Banking being investigated
• Aggressive human intervention
• Dedicated Internet security and credit card teams
  monitor transactions 24 hours a day
• Average of 4 hours to take down a phishing site
  (vs. industry average of 5 hours to gt3 days)
• Internal security team uses exception reporting
  to track staff actions
• Legal action particularly where a site has used
  ANZs name

8
Improving customer awareness a key part of the
equation
9
(No Transcript)
10
(No Transcript)
11
(No Transcript)
12
Some thoughts for the industry

• Australia is well positioned, thanks to existing
  Privacy Legislation and reasonably effective
  industry/stakeholder coordination (so far)
• To deal with new threats, we need collaboration
  among law enforcement, intelligence agencies,
  Government, industry (banking, telecommunications,
  ISPs) and the media, to improve
• Prevention e.g., chip technology, virus
  software, education
• Detection e.g., shared information new scams
• Response e.g., ISP filtering, prosecution,
  cross-border agreements
• Technology is an important part of the answer,
  but is not the answer

13
Thank you!

• Thank you

14
Are You Being Scammed? A Consumer Perspective

• Nicole Rich
• Director - Policy Campaigns

15
Three Sectors

• Question is What can
• Consumers
• Business
• Government
• do to respond to the threat of scams?

16
Consumers

• Scams are hard to stop at supply-side
• Strategies that stop scams at demand-side must be
  in the mix
• Consumers need to take some responsibility to
  protect their own interests
• Incentive to do so because it is our money, ID
  etc!

17
Consumers

• But consumers need to know how to guard against
  scams
• Need up to date and understandable information -
  business Govt
• Easier for some than others education, skills
  matter
• Getting harder as scams become more sophisticated
  and change quickly
• Scams good at targeting the whole range of human
  vulnerabilities

18
Business

• Business also a victim of scams
• - Business-targeted scams
• - Scams that target consumers but business bears
  some of the loss
• Also a victim indirectly scams are a virus in
  our economy, diverting resources away from useful
  purposes and legitimate businesses
• Scams also impact on consumer confidence eg using
  Internet banking investment products

19
Business

• Business has a big role in stopping scams at the
  demand-side
• Resources and capability to develop new tools,
  innovations to guard against scams (eg 2-factor
  ID)
• Should there be some shift in responsibility/liabi
  lity for loss from scams and fraud? eg EFT Code
  of Conduct Review

20
Government

• Also has a strong interest in stopping scams a
  virus in our economy
• Information and education provider
• Policy and Law-maker
• Enforcement

21
Government

• Major problem that scams originate overseas
• And from jurisdictions that do not have good
  consumer protection laws nor participate in
  relevant international forums
• Organised crime involvement
• How to stop scams at the source? Or take
  enforcement action?

22
Government

• Huge challenges
• Ultimately cannot treat the virus without the
  help of originator states
• Must participate in international processes that
  assist these countries to develop their legal
  systems and crack down on scammers
• In meantime, cooperation with other states to get
  up to date intelligence and pass this on to
  consumers and business
• And use the intelligence to develop innovative
  and effective interventions