Veda: Fraud Focus Group Forum

Similar documents
Cyber Crime Research. Presentation by the Australian Institute of Criminology. Dr Russell G Smith Principal Criminologist

Report to the Council of Australian Governments. A Review of the National Identity Security Strategy

FLIP IDENTITY THEFT. (Financial Literacy in Practice) February 2015 OVERVIEW TEACHER NOTES TEACHER NOTES

Standardisation of definitions of identity crime terms: A step towards consistency Report Series No

IDENTITY SECURITY NATIONAL IDENTITY SECURITY STRATEGY. Identity crime and misuse in Australia

Commonwealth Fraud Control Guidelines Annual Reporting Questionnaire

NATIONAL POLICE HISTORY CHECK INFORMATION Western Australian Education and Training Sectors

NATIONAL IDENTITY SECURITY STRATEGY. Identity crime and misuse in Australia IDENTITY SECURITY

Identification GETTING STARTED

Your secure identity. Meeting proof of identity requirements

Application to register a change of name (adult 18 years or over)

Crimes Amendment (Fraud, Identity and Forgery Offences) Act 2009 No 99

CONNECTICUT IDENTITY THEFT RANKING BY STATE: Rank 19, 68.8 Complaints Per 100,000 Population, 2409 Complaints (2007) Updated November 28, 2008

Tasmanian Government Identity and Access Management Toolkit

Driving License. National Insurance Number

DRAFT Pan Canadian Identity Management Steering Committee March 1, 2010

WISCONSIN IDENTITY THEFT RANKING BY STATE: Rank 15, Complaints Per 100,000 Population, 9852 Complaints (2007) Updated January 16, 2009

Application for superannuation benefits temporary residents departing Australia permanently

Application for Bond Loan and Rental Grant assistance

FINANCIAL CRIMES. Lesson Plan and Course Outline. INSTRUCTOR EQUIPMENT/MATERIALS PowerPoint, LCD Projector, Computer, and Handouts

Crimes Amendment (Fraud and Forgery) Bill 2009

A unique biometrics based identifier, such as a fingerprint, voice print, or a retinal scan; or

Information Security Basic Concepts

Overseas: NOTES. Application for an Australian Passport. Your checklist. Keep your passport safe at all times.

Identity: The Key to the Future of Healthcare

T-CY Guidance Note #4 Identity theft and phishing in relation to fraud

MISSOURI IDENTITY THEFT RANKING BY STATE: Rank 21, 67.4 Complaints Per 100,000 Population, 3962 Complaints (2007) Updated January 11, 2009

MARYLAND IDENTITY THEFT RANKING BY STATE: Rank 10, 85.8 Complaints Per 100,000 Population, 4821 Complaints (2007) Updated January 29, 2009

CHC30113 Certificate III in Early Childhood Education and Care

The Manitoba Identification Card. Secure proof of age, identity and Manitoba residency

Briefly describe the #1 problem you have encountered with implementing Multi-Factor Authentication.

Privacy and Information Protection Bulletin

Criminal Code And Civil Liability Amendment Bill 2007

Criminal Law Consolidation (Identity Theft) Amendment Act 2003

NATIONAL POLICE CHECKING SERVICE (NPCS) INFORMED CONSENT FORM

Application Form and Lodgement Guide

Appendix A DRAFT INFORMATION MANAGEMENT PLAN

AUSTRALIAN PAYMENTS FRAUD DETAILS AND DATA

Identity Theft. What it is and How to Protect Yourself

PROTECT YOURSELF AND YOUR IDENTITY. Chase Identity Theft Tool Kit

Identity Theft Victims Universal Complaint Form (FTC)

Child. Application for an Australian Passport. Your checklist

Application for Visa Credit card

Identity Theft Packet

Online security. Defeating cybercriminals. Protecting online banking clients in a rapidly evolving online environment. The threat.

Application to register a change of name (adult 18+ years)

Two-Factor Authentication: Guide to FEXCO CFX SMS/APP Verification

Attention: AT&T Theft of Identity Fax No: Or. P.O. Box 2767 Houston, TX

Recovering Your Identity. Advice for victims of identity crime

LUMP SUM APPLICATION FOR PAYMENT OF A PRESERVED LUMP SUM ENTITLEMENT 1. PERSONAL DETAILS 2. TAX FILE NUMBER (TFN) 3. TYPE OF ENTITLEMENT APPLIED FOR

OREGON IDENTITY THEFT RANKING BY STATE: Rank 20, 68.1 Complaints Per 100,000 Population, 2552 Complaints (2007) Updated January 10, 2009

Direct Recruitment Privacy Policy

Personal Information. About you. Personal information and your identity.

Identity Verification Program Guide

IDENTITY THEFT WHAT YOU NEED TO KNOW. Created by GL 04/09

UNCLAIMED MONEY HOW TO CLAIM YOUR MONEY

Consumer and Business Services

Entrust IdentityGuard

Life Events/Salary Increase cover

Department of Communications. Enhancing Online Safety for Children Discussion Paper. Submission by the Australian Federal Police

How To File An Identity Theft Complaint And Affidavit

Motorcycle Policy Summary and Important Information

Privacy Policy. January 2014

Audio: This overview module contains an introduction, five lessons, and a conclusion.

Identity Theft Victim Checklist

Yes, your card will expire at a given date, which is printed on the front of your card.

American Express. Business Credit Card Conditions

Identity Theft Victim s Packet

Identity Theft PROTECT YOUR INFORMATION AND YOUR IDENTITY HIGHLIGHTS

Identity Cards Act 2006

Security Guide. for electronic transactions. UniBank is a division of Teachers Mutual Bank Limited

Credit Card Conditions of Use. Credit Guide.

IDENTITY THEFT VICTIM S PACKET

Medicare enrolment application

Bendigo Term Deposit Accounts and Facilities. Terms & Conditions. 19 October 2015

French Justice Portal. Authentication methods and technologies. Page n 1

CRIMINAL HISTORY CHECK APPLICATION

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and

MASSACHUSETTS IDENTITY THEFT RANKING BY STATE: Rank 23, 66.5 Complaints Per 100,000 Population, 4292 Complaints (2006) Updated January 17, 2009

Transcription:

Veda: Fraud Focus Group Forum Identity Crime Trends, Risks and Solutions Dr Russell G Smith Principal Criminologist

Outline Identity crime concepts The scope of identity crime Identity crime taxonomies and measurement categories Methods used to obtain personal information Quantifying the extent of identity crime Crime victimisation surveys and business surveys Official crime statistics The Australian National Identity Security Strategy Key elements of the Commonwealth Strategy Risks arising from online verification of evidence of identity Online verification processes (e-authentication) and risks Database, data capture and data matching irregularities Developing solutions to address emerging risks Legislative, policy and technological solutions

The scope of identity crime Public sector Income tax, customs duty and GST fraud, superannuation fraud Obtaining welfare and health care benefits in false names Immigration fraud and taking English language tests for someone else Private sector Opening bank accounts in false names and obtaining finance ATM, online and mobile banking and payment card fraud Funds transfer fraud and securities and investment fraud Consequential activities Money laundering ARS, SVCs, virtual worlds, trade-based Motor vehicle re-birthing; art and antiquity fraud Obtaining security guard, motor vehicle, boat and shooters licences Avoiding driving demerit points and local government fees Avoiding detection and prosecution for violent crime

Identity crime taxonomies ACPR-AUSTRAC Proof of Identity Steering Committee 2006 Scope living and deceased individuals, and corporations ID fabrication creation of a fictitious identity ID manipulation alteration of an identity or evidence of identity Lent IDs use of another person s identity with their permission ID theft assumption of a pre-existing identity without authority ID fraud gaining benefits or avoiding liabilities using identity info. ID crime generic term for criminal activities using identity info. Categories of methods used to obtain personal information Semantic social engineering to obtain personal information Syntactic fabrication and alteration of documentary evidence and other high-tech methods hacking, skimming, cloning, spoofing Blended identity crime attacks spamming via botnets, phishing

Quantifying the extent of identity crime SIRCA (2003) Direct loss from identity fraud in Australia 2001-02 was $420 million Total cost of identity fraud $1.1 billion (including prevention & recovery) Personal identity fraud (ABS) Total personal fraud in 2010-11 713,600 victims ($1.4b); 6.7% pop n ID theft 124,000, 0.8% (2007); 44,700, 0.3% (2010-11) [-64%] Card fraud 383,300, 2.4% (2007) ; 662,300, 3.7% (2010-11) [+73%] Official dishonesty offence statistics recorded by police 24% decline in offences; 35% decline in rate/100,000 pop n since 2000

Trends in officially recorded fraud in Australia Rate per 100,000 popn, recorded by Australian police (1953/54 2011/12) Source: Australian Police Services

Quantifying the extent of identity crime SIRCA (2003) Direct loss from identity fraud in Australia 2001-02 was $420 million Total cost of identity fraud $1.1 billion (including prevention & recovery) Personal identity fraud (ABS) Total personal fraud in 2010-11 713,600 victims ($1.4b); 6.7% pop n ID theft 124,000, 0.8% (2007); 44,700, 0.3% (2010-11) [-64%] Card fraud 383,300, 2.4% (2007) ; 662,300, 3.7% (2010-11) [+73%] Official dishonesty offence statistics recorded by police 24% decline in offences; 35% decline in rate/100,000 pop n since 2000 Plastic card fraud (APCA) 0.015% of card transactions fraudulent in 2006; 0.052% in 2011(Aust) Card-not-present fraud losses increased: $31.8m (2006) $198m (2011) Sept 2012 15,000 false cards worth $37.5m seized by police

Payment card fraud trends Plastic card fraud losses in basis points for selected countries Sources: APCA, UK Payments Association, Observatory for Payment Card Security (France) and Visa Inc.

Quantifying the extent of identity crime SIRCA (2003) Direct loss from identity fraud in Australia 2001-02 was $420 million Total cost of identity fraud $1.1 billion (including prevention & recovery) Personal identity fraud (ABS) ID theft 124,000, 0.8% (2007); 44,700, 0.3% (2010-11) [-64%] Card fraud 383,300, 2.4% (2007) ; 662,300, 3.7% (2010-11) [+73%] Official dishonesty offence statistics recorded by police 24% decline in offences; 35% decline in rate/100,000 pop n since 2000 Plastic card fraud (APCA) 0.015% of card transactions fraudulent 2006; 0.052% in 2011(Aust) Card-not-present fraud losses increased: $31.8m (2006) $198m (2011) Sept 2012 15,000 false cards worth $37.5m seized by police Cybercrime Verizon 621 data breaches involving 44 million records in 2012 APWG Phishing attacks 176 (Jan 2004); 25,444 (Jan 2012)

Anti-Phishing Working Group Data January 2004 176 unique attacks January 2012 25,444 unique attacks 14,000% increase over 8 years Source: http://www.antiphishing.org/phishreportsarchive.html

Commonwealth identity-related fraud 2009-10 Internal fraud 5% of agencies reported internal fraud involving misuse of identity External fraud 11% of agencies reported external fraud involving misuse of identity 1,153 incidents of creating and/or using a fictitious identity / forgery 2,859 incidents of unauthorised use of another person s TFN/ABN Australian Federal Police AFP recorded 41 offences of identity fraud in 2009-10 (85 in 2008-09) Examples of Commonwealth identity-related fraud Receipt of $125,463 in social security in 3 false names over 8 years Receipt of $200,000 for mother s pension for 22 years after her death Pharmacist submitted fraudulent prescriptions worth $400,000 Source: Australian Institute of Criminology Commonwealth Fraud Survey data (2010)

National Identity Security Strategy 1. Enrolment standards Registration and enrolment standards for use by agencies which enrol individuals to issue government documents (Gold Standard Enrolment Framework and National e-authentication Framework) 2. Document security and verification standards Security standards for such documents to reduce the possibility of forgery or unauthorised alteration of documents (Security Standards for Proof of Identity Documents) 3. Document verification Improved ability for Government agencies across jurisdictions to verify information on such documents (National Document Verification Service) includes drivers licences, passports, visas and citizenship certificates extending to 17,000 private sector organisations on a fee-for-service basis http://www.ag.gov.au/documents/national_identity_security_strategy.pdf

National Identity Security Strategy 2005 4. Recording identity data Standards in the processing and recording of identity data to improve the accuracy of existing records (where appropriate) and to prevent the creation of inaccurate identity records in future (e.g. Better Practice Guidelines for Recording Names) 5. Agency service provision Standards for Government agencies to apply where they provide services to a person whose identity needs to be verified and there are significant risks associated with the wrong person getting access to a service 6. Biometric interoperability Measures to enhance the national interoperability of biometric identity security measures (e.g. Standards Australia Committee on Biometric and Identification Technologies - IT-032) http://www.ag.gov.au/documents/national_identity_security_strategy.pdf

Proof of identity framework 4-Location Phone accounts Council rates, lease agreements Utilities power, water, gas, ISP 1-Commencement Birth certificate if born in Australia DIAC certificate if born overseas 3-Social Footprint Cth Medicare, ATO, Centrelink cards/numbers State Marriage certif, Tertiary student ID card Local Rates notice Business Bank cards 2-Identity-Person Linkage Biometrics e.g. Drivers Licence photo Passport biometrics photo, signature, face Knowledge PINs, passwords, secret question Source: Derived from Report to COAG on NISS (2007)

Online verification (e-authentication) Credential checking Gold standard credentials are read electronically using Public Key Infrastructure identifier protected by a digital certificate Two-factor authentication Something you have USB token, password generator, PKI key Something you know PIN, password, secret question, transactions Something you are Facial image, voice, fingerprint Delivery channels Post, phone, SMS, online Data security Adhere to government standards on e-authentication, smartcard and token security, PKI Gatekeeper for digital certificates, ICT security

Online verification risks Database irregularities Failure due to inaccurate personal information in legacy databases Mistakes in enrolment of new personal information Intentional manipulation of database entries Accidental, negligent or intentional data leakage

Online verification risks Database irregularities Failure due to inaccurate personal information in legacy databases Mistakes in enrolment of new personal information Intentional manipulation of database entries Accidental, negligent or intentional data leakage Data capture irregularities Submission of false proof of identity credentials / e-counterfeiting Spoofing biometric capture systems

Spoofing biometrics Voluntary finger cloning gummy fingers References Thalheim et al. - http://www.larc.usp.br/~pbarreto/leitura%202%20-%20biometria.pdf Rick Smith - http://www.cryptosmith.com/ The Register -http://www.theregister.co.uk/2002/05/23/ biometric_sensors_beaten_senseless/

Online verification risks Database irregularities Failure due to inaccurate personal information in legacy databases Mistakes in enrolment of new personal information Intentional manipulation of database entries Accidental, negligent or intentional data leakage Data capture irregularities Submission of false proof of identity credentials / e-counterfeiting Spoofing biometric capture systems Data matching irregularities Technological errors creating false positives and false negatives External manipulation of data flows active network attacks; trawling Internal corruption of staff within agencies Coercion of individuals to provide information under duress

Legislative and policy solutions Legislation Global normative approaches and harmonisation (UNODC) Criminalisation of identity fraud and possession of equipment Procedural and evidentiary reforms to aid prosecution Assets confiscation, unexplained wealth laws and AML/CTF regime Policy solutions Using multiple solutions rather than one Ensuring cooperation between Commonwealth & states and territories Ensuring cooperation between public and private sectors Improving education coordination (e.g. ACFT), computer security, risks of social media, enhanced standards computer driving licence Improving victim support reporting, loss recovery, counselling, identity fraud court victimisation certificates

Technological solutions Document security and verification Document security solutions; RFID blocking Electronic document verification Chip/PIN card roll-out; PC smart card readers for home and business Industry responses Secure data transmission and storage using PKI ATM anti-skimming technologies BNZ liquid encryption numbers, radio jamming, shields, vibration sensors, touch screens, voice recog. Enhanced security of online personal information Transaction monitoring, notification and blocking Biometrics e-passports (facial scanning) Biometric ATM/POS (fingerprints)

Russell.Smith@aic.gov.au

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information