How do banks protect my personal information?
Banks use a combination of safeguards to protect your information such as employee training, privacy policies, security and encryption systems. They have systems in place to constantly monitor transactions and if a transaction is identified as suspicious, it will be investigated to ensure there is no breach of security. Occasionally, this may involve a bank staff member contacting you to verify a transaction.
Bank customers are protected from loss in genuine fraud cases. Account holders are not liable for losses resulting from unauthorised transactions where it is clear that user has not contributed to the loss. There is usually an investigation by the bank to determine how the fraud has occurred.
Banks are continuing to seek out security enhancements especially for online banking, such as an on-screen keypad which is designed to prevent the incidence of keystroke logging fraud by removing the need for a keyboard to enter in passwords. Other banks are offering what’s called two-factor authentication. An example of one factor authentication is the use of a password to enable access to Internet banking.
Two-factor authentication requires two independent authentication steps for a customer to access Internet banking. Customers will authenticate their identity and access to the system twice, first with something they know and then with something they have.
There are several ways that two factor authentication can be offered to the customer. It can be completed through an SMS payment security service, which sends a unique code via SMS to a customer's mobile phone to authorise online payments. Customers have already logged on to Internet banking using a password and then need to enter the SMS code before they can finalise the online payment.
Two factor authentication can also be completed through a device known as a security token which looks like a pager. It is a device issued as a credential. A token is likely to include security features that render it difficult to forge, and tying it in some manner with the particular entity – in this case the bank which issues it. To log on to Internet banking the customer uses their password and then the number generated by the token, which is then keyed in at the desktop to enable access to an Internet banking session.
Fighting cyber crime
The Australian Bankers’ Association (ABA), its member banks and, State and Federal police are working closely to tackle the problem of cyber crime. Bank staff have been seconded to the Australian High Tech Crime Centre (AHTCC) as part of a new team to continue the fight against online fraud. They are providing analytical assistance to police who will use this information to identify and prosecute criminals.
Banks work closely with State, Territory and Federal police to prosecute criminals who misuse customers’ personal information or commit cyber crime. Each State and Territory jurisdiction has a range of offences covering identity crime, including the unlawful possession of documents, operating accounts in false names and obtaining monies by deception. The penalties vary across each State and Territory but include large fines and incarceration, in some circumstances for up to ten years. Banks also work closely with other organisations such as the Australian Crime Commission and the anti-money laundering regulator, AUSTRAC.
Banks publish information about scams on their websites.
The Australian Securities and Investments Commission’s (ASIC) consumer website, MoneySmart, at www.moneysmart.gov.au, also has lots more information about how to identify and avoid different scams and swindles.