Fraud Numbers in Australia. Are we secure?

“UPDATE: Arno Brok, who works with met at Accenture, has just sent me this interesting article about a new credit card that is being developed and tested in Australia.

Thanks Arno!”

The Australian Bureau of Statistics published in June this year its Personal Fraud Survey, which was conducted between July and December 2007.

There are some very interesting numbers:

– A$ 615 million were lost due to credit card fraud in Australia last year;

– The median, or most common loss was A$ 450 per person, but the mean loss was over A$ 2,000 per person, and 3 percent of victims lost over A$ 10,000.

– 75.5% of people targeted reported the loss; and

– 57,800 of 383,300 people were defrauded by phishing scams.

It is the first time I have seen this type of information shared with the public. Banks around the world do not generally make their internal statistics on fraud public. One of the reasons is the potential loss of confidence from customers and the market.

It is simple like that: Banks and other businesses make multi million dollar savings by automating services to customers. Those savings come, for example, from less staff and less branches/tellers. Also, many consumer retailers have moved into the online selling world, where you can save a significant amount by minimising stock and costs related to brick and mortar stores.

For all to work, consumers need to be confident in using the system. A consumer will not send his/her credit card information online if he/she knows that it is going to be stolen and subject to fraud. Andrew Wallis, a Gartner Analyst, said the following on the Sydney Morning Herald edition of 7 October 2008:

“It’s a classic thing. How do you get people moving into something? Well, you don’t tell them it’s dangerous. You don’t mention the negative side. You’ll extol the virtues and benefits”.

And that’s what banks have been doing. There is now a sense that online transactions are secure!

I beg to differ… if 5% of the Australian population aged 15 years and over suffered some type of fraud over the last 12 months then I would say that it is not that secure. However, we do have to look at it from a risk point of view.

From the banks perspective: if they spend A$ 615million, would they bring the amount of fraud to zero in Australia? Is it sensible to assume that A$ 615million is the acceptable risk banks are willing to take and pay customers back (as they do) so they keep the confidence in the system?

I’m not saying that banks should not invest in controls to address frauds. As a matter of fact I think it is the right thing to do. One example is the ANZ Falcon, which does not only mitigate the risk of losses due to fraud but is a marketing tool for ANZ credit card services. However, there is a limit to which you can mitigate the risk – there will always be a residual risk.

 

From the customer perspective: all we are worried about is not losing money, so as long as the banks are paying for the fraud we should be happy.

Banks might not pay customers in some isolated cases of misuse, however I believe that they will keep paying off most frauds as a cost of business, due to the fact that the savings of automating transactions and increased credit card usage will cover most of these expenses.

Banks will also keep investing on implementing fraud countermeasures, but the residual risk will always exist and, as long as the banks are paying for it, consumers shouldn’t be worried.

This entry was posted in Information Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *