Australian identities are at risk. Names, addresses, dates of birth – all the personally identifiable information (PII) people rely on to open accounts, shop online or do business are being stolen daily.
These stolen identities are ready and waiting on the dark web for criminals to buy and use them to open accounts, steal funds, and commit crimes – all without the victim realising until it’s too late.
Nearly half of all Australians have likely had their personal data compromised or stolen because of data breaches, according to a 2023 survey from the Office of the Australian Information Commissioner (OAIC). 75% of those who had their personal data stolen said they experienced harm as a result.
Dealing with the repercussions can be time-consuming and expensive. According to Scamwatch, run by the Australian Competition and Consumer Commission (ACCC), Australians reported $568 million in losses to scams in 2022, which is up 80% from the previous year.
Given victims often won’t report losses to authorities, these statistics may be significantly underestimated.
But it’s not only individuals who are severely impacted by identity crime; it can have severe consequences for businesses, causing substantial financial losses, reputational damage, and legal issues.
For businesses, big or small, it is essential to understand the threats and take proactive steps to combat identity theft and its impact on Australians.
In this article, we’ll explore the strategies businesses can use to help prevent the theft of personal information and stop identity crime in its tracks.
Identity theft, also known as identity takeover, is when personal information, such as name, date of birth, address, and passport number, is stolen for illicit purposes. Using the stolen identity, fraudsters may make purchases, open accounts, apply for credit cards, withdraw money, steal superannuation, and commit many more identity crimes.
Identity theft can form a small yet critical part of bigger crimes. For example, a syndicate in Melbourne used stolen personal data purchased from dark net marketplaces, single-use telephone SIM cards, and fake email accounts to achieve an “identity takeover, “opening 70 accounts at various banking institutions. The syndicate allegedly syphoned money into the accounts as it stole funds from the victims’ superannuation and share-trading accounts. Then, they later withdrew the money overseas and transferred it back to Australia through cryptocurrencies.
Before you can prevent identity theft, you need to understand how it happens in the first place.
Today’s identity thieves target businesses and individuals using a wide range of tactics, including:
- Physical theft: The theft of documents with personal or sensitive information, such as bank statements and bills.
- Cold calling: Fraudsters call victims pretending to be bank support, the Australian Tax Office or other service providers to trick them into sharing information.
- Phishing: Phishing is the easiest and cheapest way for criminals to obtain what they want. Fraudsters send emails or SMS messages pretending to be a legitimate organisation, tricking victims into sharing personal information.
- Hacking: Criminals hack into computer systems, including email accounts, to steal personal information. According to Statista, business email compromises amounted to around $2.7 billion in reported victim losses in 2022.
- Social engineering: Criminals manipulate, influence, or deceive a victim to gain control over a computer system or steal personal information.
- Insider threats: A malicious user who steals confidential data from the company for personal gain. Insider threats can also include careless employees whose credentials have been compromised by criminals.
1. Educate customers
Start at the source – educate customers about the threat of identity theft and best practices to protect their personal information from criminals. This could mean sharing tips and advice on your website, and social media and directly to customers through email campaigns.
The communication should include things like:
- Red flags and suspicious behaviour to look out for
- The dangers of sharing personal information online
- Checklists for online safety
- Contact details for customers if they suspect any fraudulent behaviour
It’s also crucial for businesses to explain any steps they are taking to protect customer identities, as this will help build customer trust and help them avoid scams.
For example, one Australian bank informed customers that it had removed links from nearly all its texts. This means if a text looks like it’s from the bank and includes a link, customers are aware they should not click on the link.
2. Implement identity theft monitoring services
Identity theft monitoring services can identify irregularities and patterns of behaviour that may indicate identity theft or other fraudulent activities.
GBG Alert is an early fraud detection system with up to 89% accuracy in detecting identity theft, money muling and other fraudulent events. GBG processes a large majority of identity verifications in Australia across all sectors, meaning it has proprietary analytics and intelligence on the early indicators of identity fraud.
By leveraging this unique cross-industry data, GBG can accurately detect identity theft at onboarding. Organisations can then apply a step-up identity process or reject an application altogether, preventing bad actors from entering the business.
GBG Alert itself stores no personal identifiable information (PII). All data is securely de-identified using a one-way hashing process with fraud alerts processed in a separate environment.
3. Use strong identity verification
Businesses must have robust tools and processes to verify customers’ identities at onboarding. Know Your Customer is best practice for any growing business and a mandatory regulatory requirement for some, including financial institutions. This ensures that an identity is genuine and the company knows who it is dealing with.
Robust identity verification processes can include face matching, passive liveness detection and biometric authentication to give an additional layer of security. For example, businesses can trust that they have established a genuine presence of the customer with face match and liveness detection in one rapid check. Passive liveness detection adds an extra layer of protection on top of facial matching to ensure the individual on the document is the same person onboarding, not a fraudster.
4. Require customers to use strong passwords
If you offer online services, such as online accounts or apps, make it a requirement that customers use strong, unique passwords and change them frequently. This is one of the most effective ways to protect customer accounts from fraudsters. Yet research by Telstra and YouGov found almost half of Australians (46%) use an easy-to-guess password that contains their birthday, favourite sporting team, or pet’s name.
5. Secure customer data behind encryption and firewalls
Encryption converts data into a secure format that unauthorised users cannot read. For example, email encryption software encrypts your emails and attachments before sending them so only the intended recipients can read them.
Another critical protection tactic, firewalls filter and block unauthorised traffic from entering and leaving your network, helping prevent data breaches. It must be a strong firewall, though. In a recent data breach of a major Australian health insurer, criminals used stolen credentials to access the network through a misconfigured firewall.
By combining the right technology with proactive strategies, businesses can help prevent identity theft and make life harder for fraudsters. Ready to fight against identity theft? Find out how GBG Alert can help.