NAB Chief Urges Government to Reconsider Fines for Large Data Breaches

Richard Marley
November 10, 2022
3 minutes read
638

The Chief of NAB Ross McEwan has urged the government that penalties for data breaches charged as a percentage of turnover would be “terminal” for certain businesses and promote breaches to be kept hidden.

Ross McEwan’s remarks add to those made by the Australian Banking Association, which cautioned that a fine of 30% of modified turnover could cost a significant financial institution billions of dollars.

The government is recommending a significant rise in penalties for serious or persistent data theft under the Privacy Act.

A Senate committee is required to submit its findings regarding the content of the bill by November 22. The revisions have already been approved by the lower house of parliament.

McEwan requested parliament to “give further consideration to the intention of the bill.”

“We believe the increase in penalties – and particularly the calculation for determining penalty that relates to adjusted annual turnover – are disproportionate and create a much greater maximum penalty than similar privacy and data protection laws across the globe,” McEwan stated. “For context, a data breach from a major Australian company subject to the maximum penalty in the bill could be in the region of four times the largest civil penalty order ever made against an Australian corporate.”

Ross McEwan cautioned that enterprises “may be less willing to promptly disclose data breaches to [the] government as a result for fear of facing potentially terminal penalties.”

“Penalties of this magnitude, without appropriate containment measures, will have the capacity to effectively put an organization out of business,” he stated.

NAB Chief insisted punitive actions be “reserved for egregious failures of compliance and risk management.” He also “strongly urged consideration of a range of other measures designed to mitigate the risks to individuals that arise as a result of cybercrime, in addition to an enhanced but appropriately measured penalty regime.”

According to Ross McEwan, government regulations that force data to be stored for longer than needed could help to reduce the sector’s risks. “For example, under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, reporting entities such as banks are required to keep customer identification records for seven years after the banking relationship has concluded,” he stated.

“This mandated retention period is much longer than we would otherwise require and significantly increases our risk profile.” McEwan also supported the use of digital identity as a tool to reduce the volume of data that enterprises must gather and/or maintain on their own.

Disclaimer: No warranty is herein provided that the information contained in this document is accurate, up-to-date, and/or complete. In no circumstance(s), does such information constitute legal or any other advice. Any person who intends to use, rely, pass-on, or re-publish the information contained herein in any way is solely responsible for the same. We suggest to verify the information and/or obtain expert advice independently if required.

Latest News

News
Interpol Seizes $130M Worth of Virtual Assets from Cybercriminals Worldwide
The International Criminal Police Organization Interpol has seized $130 million worth of virtual assets that are linked to money laundering operations and different cybercrimes worldwide.

The “HAECHI III” law enforcement operation, which lasted between June 28 and November 23, 2022, enabled INTERPOL to arrest nearly a thousand suspects.

“In total, the operation resulted in the arrest of 975 individuals and allowed investigators to resolve more than 1,600 cases,” reads Interpol’s announcement. “In addition, almost 2,800 bank and virtual-asset accounts linked to the illicit proceeds of online financial crime were blocked.”

The various cybercrimes that contributed to the aforementioned sum include voice phishing, investment fraud, romance scams, sextortion, and money laundering linked to illegitimate online gambling.

Due to the activity, Interpol also produced 95 alerts and diffusions and identified 16 novel crime trends that would enable law enforcement agencies all around the world to concentrate on their efforts against cybercriminals more effectively.

The latest scams include types of financial fraud and romantic scams that criminals are continually improving to maintain novelty.

Additionally, Interpol noticed an increase in the usage of encrypted messaging applications by scammers to communicate with their victims in investment schemes.

Interpol’s statement also highlights the success of its fresh Anti Money Laundering Rapid Response Protocol (ARRP) mechanism, which was first put to the test during the organization’s prior operation, known as “Operation Jackal.”

Scammers had $1,250,000M returned to them due to ARRP, an Irish firm that was the victim of the Business Email Compromise (BEC). This was the total sum that the business lost to the BEC fraudsters, who ARRP assisted in identifying and seizing.

Since the beginning of ARRP’s pilot testing phase in January 2022, the technology has assisted in the recovery of $120M in cybercriminal proceeds.

Suggested Read: Interpol Warns of the Rise in Romance Scams as Valentine’s Day Approaches

Recent Posts

Blog
Customer Risk Assessment - A Landmark Approach to Fight Identity Fraud
Identity theft is the most prominent cybercrime which has raised alarms for global law enforcement authorities. Masterminds behind these scams are targeting all digital platforms, including e-commerce, ride-hailing apps, social media, and online gambling, which has made users vulnerable to risks of financial losses. The severity of identity fraud increases as criminals use stolen data to take over users’ accounts, make fake bank accounts, and carry out illicit financial transactions. The results remain disastrous for the affected persons as they lose their earnings without knowing about it.

The issue’s intensity can be judged by the fact that in the US alone, 42 million citizens became victims of identity theft, costing $52 billion in total losses. While onboarding any digital platform, users are asked to input their confidential details, which are further exploited by fraudsters. In fact, the service provider must secure their users’ information, but most platforms have inadequate screening measures, which ultimately aids bad actors in abusing the system. In such a situation, customer risk assessment is the most feasible approach, which can help businesses identify their users by applying strict checks and verifying their origins.

Identity Theft – A Looming Threat for Digital Businesses

Since the COVID-19 pandemic, the concept of using remote services has picked up the pace, and users prefer to visit digital platforms instead of going to offices. A large number of banks have introduced mobile apps for all types of transactions which has further provided attractive opportunities for criminals to steal someone’s identity, take over their account and transfer money to somewhere else. The majority of service providers have incorporated stringent checks like biometric authentication, two-factor authentication, and many others, but crime is still prevalent and increasing every year. The screening system based on the principles of customer risk assessment could be the most appropriate solution for online businesses as it can track the complete history of the users.

Account takeover is one of the leading issues that is increasing due to identity theft. The criminals use the stolen details of customers to log in to their bank or e-commerce accounts, further carrying out financial transactions. During the pandemic, a huge surge of 307% was witnessed in account takeover cases. Even now, when the effects of COVID-19 have almost diminished, criminals are involved in fraudulent activities in the same way. The Financial Action Task Force (FATF), the leading global organization fighting money laundering, has also suggested that online businesses should go for customer risk screening which is quite an ideal verification process.

How Law Enforcement Authorities are Countering Cybercriminals

Law enforcement authorities across the globe are facing the challenge of identity theft, and with time, criminal cases are increasing. Recently, several cases of identity fraud have been witnessed where cases were registered against criminals. Although countering the bad actors involved in online scams is quite gruesome, implementing customer risk assessment techniques can serve the purpose.

Let’s have a look at some of the high-profile cases of identity fraud:

Gang Members Sentenced to 60 Months in Prison for Identity Theft

The US Department of Justice has sentenced gang members to 60 months in prison who were involved in several online scams, including identity theft and wire fraud. It has been established during the investigation that they had been carrying out fraudulent activities for more than a year and during this time, they managed to steal $300,000 from the users. Court has further mentioned that no group or individual in the US will be allowed to defraud the users through online scams.

Criminals Jailed Over Multi-Million Identity Fraud in Spain

Spanish Police have arrested a gang that was involved in providing fake identities and forged documents to customers. The investigation revealed that criminals were stealing users’ data from different online platforms and further selling it in the black market. Police have stated that it was a multi-million scam, and all the criminals have been sent to jail.

Fighting Identity Fraud Through Customer Risk Assessment

Customer risk assessment is a set of extreme measures which are generally used by businesses to verify the identities of their customers when some new professional relationship is formed. B2B companies are also using customer risk screening methods to authenticate the documents and identities of other businesses before making any contract with them. It is an ideal process for all digital service providers as it provides in-depth knowledge about the other party and makes a record of their information. Customer risk assessment is not only a feasible solution against identity theft but also a valuable tool to counter money laundering.

Although several identity verification services are efficient enough to counter criminals, customer risk assessment is more advanced and modern, providing the best verification options to digital businesses. It involves various security checks, including checking customers’ identity, background, area of origin, business, and criminal record. All these parameters have remained quite productive in countering cybercriminals and helped many organizations comply with global regulations.

How Customer Risk Assessment Screening is Carried Out

Customer risk assessment is a technical process that involves multiple security checks, and users have to pass all of them to avoid being reported to authorities. All these screening measures have been recommended by the FATF, and companies with customer risk assessment models are following them to comply with the global guidelines.

Here are some of the prominent risk factors:

Customer’s Identity

Customer risk screening verifies the true identities while making a thorough background check. Corrupt politicians and business tycoons usually get more chances of laundering money or carrying out other financial crimes, so the system should be efficient enough to track users’ history to get updated knowledge about their economic activities in the past.

Geography

There are few regions in the world that have weak AML and other cyber laws, which ultimately help criminals to carry out crimes without much trouble. FATF has placed a large number of countries on grey or black lists, which means that all such states are vulnerable to financial crimes. The customer risk assessment process verifies the origin of the users and determines how stronger AML regulations are there.

Industry/Business

Some businesses are notorious for corrupt practices, like gold, art & antiquities, and other luxury items. The customer risk screening method verifies the business of the users and makes a thorough investigation in case the customer is involved in some vulnerable business.

What Shufti Pro Offers?

Combating identity fraud is crucial for the digital sector and is the most appropriate time for companies to invest in screening measures. The customer risk assessment is an ideal solution for online service providers which will help them in countering financial criminals.

Shufti Pro is offering customer risk screening solutions which is the perfect solution for online businesses. It will not only help them in ensuring global regulatory compliance but will also secure their users’ identities. Shufti Pro’s Customer Risk Assessment (CRA) verifies the identities of users through the toughest parameters which will never let the criminals onboard the system. It is efficient enough to generate results in seconds with a ~99% accuracy.

Want to know more about customer risk assessment for digital businesses?

Talk to CRA Expert

NAB Chief Urges Government to Reconsider Fines for Large Data Breaches

Identity Theft – A Looming Threat for Digital Businesses

How Law Enforcement Authorities are Countering Cybercriminals

Gang Members Sentenced to 60 Months in Prison for Identity Theft

Criminals Jailed Over Multi-Million Identity Fraud in Spain

Fighting Identity Fraud Through Customer Risk Assessment

How Customer Risk Assessment Screening is Carried Out

Customer’s Identity

Geography

Industry/Business

What Shufti Pro Offers?

Let’s prove your

customer’s identity

with Shuftipro.

Let’s prove your customer’s

identity with Shuftipro.