Australian identities are at risk. Names, addresses, dates of birth – all the personally identifiable information (PII) people rely on to open accounts, shop online or do business are being stolen daily.
These stolen identities are ready and waiting on the dark web for criminals to buy and use them to open accounts, steal funds, and commit crimes – all without the victim realising until it’s too late.
Nearly half of all Australians have likely had their personal data compromised or stolen because of data breaches, according to a 2023 survey from the Office of the Australian Information Commissioner (OAIC). 75% of those who had their personal data stolen said they experienced harm as a result.
Dealing with the repercussions can be time-consuming and expensive. According to Scamwatch, run by the Australian Competition and Consumer Commission (ACCC), Australians reported $568 million in losses to scams in 2022, which is up 80% from the previous year.
Given victims often won’t report losses to authorities, these statistics may be significantly underestimated.
But it’s not only individuals who are severely impacted by identity crime; it can have severe consequences for businesses, causing substantial financial losses, reputational damage, and legal issues.
For businesses, big or small, it is essential to understand the threats and take proactive steps to combat identity theft and its impact on Australians.
In this article, we’ll explore the strategies businesses can use to help prevent the theft of personal information and stop identity crime in its tracks.
Identity theft, also known as identity takeover,is when personal information, such as name, date of birth, address, and passport number, is stolen for illicit purposes. Using the stolen identity, fraudsters may make purchases, open accounts, apply for credit cards, withdraw money, steal superannuation, and commit many more identity crimes.
Identity theft can form a small yet critical part of bigger crimes. For example, a syndicate in Melbourne used stolen personal data purchased from dark net marketplaces, single-use telephone SIM cards, and fake email accounts to achieve an “identity takeover, “opening 70 accounts at various banking institutions. The syndicate allegedly syphoned money into the accounts as it stole funds from the victims’ superannuation and share-trading accounts. Then, they later withdrew the money overseas and transferred it back to Australia through cryptocurrencies.
Before you can prevent identity theft, you need to understand how it happens in the first place.
Today’s identity thieves target businesses and individuals using a wide range of tactics, including:
1. Educate customers
Start at the source – educate customers about the threat of identity theft and best practices to protect their personal information from criminals. This could mean sharing tips and advice on your website, social media and directly to customers through email campaigns.
The communication should include things like:
It’s also crucial for businesses to explain any steps they are taking to protect customer identities, as this will help build customer trust and help them avoid scams.
For example, one Australian bank informed customers that it had removed links from nearly all its texts. This means if a text looks like it’s from the bank and includes a link, customers are aware they should not click on the link.
2. Implement identity theft monitoring services
Identity theft monitoring services can identify irregularities and patterns of behaviour that may indicate identity theft or other fraudulent activities.
GBG Alert is an early fraud detection system with up to 89% accuracy in detecting identity theft, money muling and other fraudulent events. GBG processes a large majority of identity verifications in Australia across all sectors, meaning it has proprietary analytics and intelligence on the early indicators of identity fraud.
By leveraging this unique cross-industry data, GBG can accurately detect identity theft at onboarding. Organisations can then apply a step-up identity process or reject an application altogether, preventing bad actors from entering the business.
GBG Alert itself stores no personal identifiable information (PII). All data is securely de-identified using a one-way hashing process with fraud alerts processed in a separate environment.
3. Use strong identity verification
Businesses must have robust tools and processes to verify customers’ identities at onboarding. Know Your Customer is best practice for any growing business and a mandatory regulatory requirement for some, including financial institutions. This ensures that an identity is genuine and the company knows who it is dealing with.
Robust identity verification processes can include face matching, passive liveness detection and biometric authentication to give an additional layer of security. For example, businesses can trust that they have established a genuine presence of the customer with face match and liveness detection in one rapid check. Passive liveness detection adds an extra layer of protection on top of facial matching to ensure the individual on the document is the same person onboarding, not a fraudster.
4. Require customers to use strong passwords
If you offer online services, such as online accounts or apps, make it a requirement that customers use strong, unique passwords and change them frequently. This is one of the most effective ways to protect customer accounts from fraudsters. Yet research by Telstra and YouGov found almost half of Australians (46%) use an easy-to-guess password that contains their birthday, favourite sporting team, or pet’s name.
5. Secure customer data behind encryption and firewalls
Encryption converts data into a secure format that unauthorised users cannot read. For example, email encryption software encrypts your emails and attachments before sending them so only the intended recipients can read them.
Another critical protection tactic, firewalls filter and block unauthorised traffic from entering and leaving your network, helping prevent data breaches. It must be a strong firewall, though. In a recent data breach of a major Australian health insurer, criminals used stolen credentials to access the network through a misconfigured firewall.Over to you
By combining the right technology with proactive strategies, businesses can help prevent identity theft and make life harder for fraudsters. Ready to fight against identity theft? Find out how GBG Alert can help.
Hear from us when we launch new research, guides and reports.