Navigation: Previous Page | Contents | Next Page
Chapter 4: Banking, Credit Card Fraud and Money Laundering
The banking industry
4.1
Most
Australian consumers are affected in one way or another by electronic banking. The
banks use their cyberspace networks to process transactions, and to communicate
with the many clients who have taken up Internet banking. The potential for
cyberfraud covers a number of banking areas. They include Internet banking,
credit and debit card fraud, money laundering and related offences such as
identity theft and securities and investment fraud.
4.2
The
Australian Bankers’ Association (the ABksA) appeared before the Inquiry and
also provided a submission. In the introduction to its submission the ABksA
indicated its position on the subject of the Inquiry:[84]
-
The current regulatory framework covering
cybercrime is satisfactory and no further legislation or regulation is required
at the Commonwealth level.
-
Customers have a vital role to play in
protecting their own interests, and banks will continue to provide financial
literacy programs including cybercrime self-protection.
-
State and Federal Governments also have a vital
role to play in providing education programs to ensure customers better
understand their responsibilities in protecting their own interests.
-
The banking industry is a vital component of the
critical infrastructure that underpins the whole of the Australian economy and
Government should assist banks and other stakeholders in protecting this
national asset.
4.3
The
Committee notes the banks’ emphasis on consumer responsibility for self
protection from fraud, rather than the banks’ duty to protect their customers. This
emerged as a significant issue during the course of the Inquiry. The Committee
notes that both consumers and banks have a number of options at their disposal
to increase fraud protection. This chapter notes the most significant of those
options.
Internet banking
4.4
Internet
banking allows bank customers to view statements online, pay bills, transfer
funds between accounts, make inquiries, order cheque books, and to do almost
anything which can be done at the bank itself, except withdraw cash!
4.5
Internet
banking is subject to all the same financial transaction reporting, proceeds of
crime and taxation laws as other banking services.[85]
4.6
Banks have
been enthusiastic in their encouragement of clients to adopt Internet banking
as noted in the ABksA submission:
Banks have embarked on the development and
deployment of Internet banking facilities because the market has demanded that
banks provide a secure and trusted environment for the delivery of a wide range
of financial services in a convenient and cost effective manner. [86]
4.7
The
development of e-banking, and its acceptance by society has seen the emergence
of new ways to perpetrate 'old' crimes such as fraud and money laundering and
the development of new crimes. These crimes are using and at times taking
advantage of the same technology as e-banking.
4.8
The
evidence presented to the Committee
revealed different ways of manipulating the Internet banking environment. Apart
from the Nigerian email letters in which criminals set up false 'authentic'
accounts to receive the transferred money, there have been bogus bank sites
established which then request 'confirmation' of account details – such as
passwords and account numbers. The Committee heard that it is not difficult to duplicate
features such as the logo of the bank, and the layout of the website, all of
which is designed to deceive the bank customer.[87]
4.9
In
evidence, the Australian Bankers’ Association noted that the banks in the bogus
bank example were able to respond with the assistance of the Australian Federal
Police[88] within hours and the sites
were shut down. The banks also emphasised in the ensuing publicity that banks
never request 'verification' of details through the Internet, and that
passwords should be revealed to no-one.
4.10
The Committee notes the comments of ASIC who acknowledged the role of
Internet technologies in providing new opportunities for people to engage in new types of scams such as the email referred to
above. ASIC said in evidence:
... Without spam and
Internet technology, that crime would not occur. The
fact that we have seen reported in the press something like half a dozen of
those matters in the last three or four months does not necessarily equate to a
flood. To balance that up, ... they very quickly were able to identify the
Australian connection, they worked with the New South Wales Police, and someone
was arrested within three days of that spam email going out. I understand that
person has been charged subsequently with deception. ... it appears that the
financial institutions, working with the police services, are able to protect
themselves adequately and take recourse.[89]
Prevention – Internet banking security
4.11
The
Committee notes that the ABksA indicates that banks are addressing prevention
and detection of criminal activity in banking and credit card transactions
through a number of avenues. [90]
4.12
In
relation to the issue of prevention, the Committee received evidence which
revealed some concerns regarding the security of Internet banking. A submission
from Mr Tony Healy[91] expressed concern that banks do not
use strategies which can assist with the prevention of Internet banking fraud.
4.13
Mr Healy
notes that traditionally, retrieval of funds from an account required the presentation
of a physical token (passbook or ATM card) combined with secret information
(PIN or personal signature).
4.14
When
Internet banking commenced, the second element was provided through digital
certificates, given to each client and installed on the client’s computer.
However, these were expensive, and banks moved to the cheaper option of
password protection only. Mr Healy considers this is weak protection, as
passwords can be obtained through the activity of viruses or through being
stored on the browser, and thus being available to any user of that computer.
4.15
Finally,
Mr Healy notes that the customer is responsible for the security of the
password, and under most electronic banking contracts, its revelation even if
not by the client, constitutes negligence.
4.16
Mr Healy was not alone in his disquiet. In evidence to
the Committee Mr Steve Orlowski said that in the current banking environment
the standard
of Internet banking security is 'just' adequate,[92] and most of the problems occurring at
the moment are due to inadequacy of the banks’ protective anti-hijacking measures.
Mr Orlowski continued:
The Internet itself is
not the problem; it is what is happening at the end point where the data is
being held.[93]
4.17
The Committee was concerned, that despite the banks’ confidence in their
security, there are clearly significant data protection issues which concern
the experts in the area. Mr Orlowski noted that the
banks are moving towards stronger protection and will be implementing an
electronic authentication system. This is expected to provide a much stronger
access control technique for users.
4.18
The Committee considers that part
of the solution is to use public education campaigns to prevent customers from being defrauded by
fictitious websites. However the Committee
does not accept the assertion of the banks that this is solely the role of
government; it is clearly part of the banks’ client service role, to provide
information to its customers, which as far as possible ensures that they deal
with the bank itself.
4.19
In evidence
ASIC noted that its interest is very much from the consumer protection angle.
ASIC ensures that financial institutions are aware of the threats, that they
implement appropriate risk management strategies, provide clear instructions to
their clients about their obligations and liabilities, as well as educating
them about safe practices.
Having said that, there is no doubt that the arrival of the
Internet technologies of the Internet technologies has provided new
opportunities for people to commit new types of scams ... [In] one of those
matters involving a large Australian financial institution ... they very quickly
were able to identify the Australian connection, ... and someone was arrested
within three days of that spam email going out.[94]
4.20
While noting ASIC’s comment and the fact that there was a rapid response
to the attempted fraud, it is only a matter of time before other ways of breaking
into banking records are devised. In the Committee’s view there is no room for
complacency. The Australian Crime Commission (ACC) in conjunction with the
Australian High Tech Crime Centre (AHTCC) are in a position through their
intelligence activities to provide general information about fraud trends to
financial institutions. This information could be provided through a third
party which could collect and disseminate all available information on a
regular basis.
Recommendation 5
The Committee recommends that the
Australian Crime Commission in conjunction with the Australian High Tech Crime
Centre investigate the provision of general information on fraud trends to
financial institutions through a secure subscription based service.
Credit and debit card fraud
4.21
The
introduction of the Bankcard to Australia by nine Australian banks in 1974, commenced a
revolution in consumer purchasing. While some stores had offered credit cards
and store based finance for many years, the concept of a universal credit card
administered by the banks allowed bank-funded credit to be extended to new
areas of consumer activity.
4.22
With the
credit card purchasing power came the potential for large scale fraud. Advancing
technology changed only the method of committing the fraud and has also
required technological expertise used to investigate and detect fraud to
advance.
4.23
Card
Skimming involves a small device which will capture the card details for use in
a reproduced card. In its submission to the Committee, the ACC noted that it is
not only credit cards which can be skimmed for their information. These devices
are also used at Automatic Teller Machines (ATMs) and card skimming can be used
to obtain personal information from debit cards, and even Medicare cards. Over
the past 12 months, credit card skimming alone has increased bank losses by 400
percent, and its actual cost to the banking industry, businesses and consumers
is more than $300 million per year.[95]
4.24
In
evidence, the NSW Police advised that a Fraud Squad task force had found that
one of the main areas of card fraud is 'points of common purchase'.[96]
A common purchase point is an area, usually a service station,
where someone skims a user’s card. The information is then passed on to
criminal syndicates who reproduce cards en masse and on-sell them again ...
Service stations are about 75 per cent of the common purchase points.
4.25
The
Committee was also informed in the ACC submission that card skimming is being
perpetrated by organised crime groups:
in conjunction with other serious cross jurisdictional and
transnational criminal activities including drug trafficking, money laundering
and potentially arms trafficking.[97]
4.26
The ACC
also notes 'the social implications of card skimming are serious'.[98] Apart from the cost to banks, the
victims are left with debts in their name for which they are held responsible
unless and until the victim can show otherwise. The Commission continued:
the rising incidence of credit card skimming is leading to the
introduction of new controls that would shift the onus of harm from the financial
sector to individuals. Such countermeasures are likely to impact adversely upon
individuals.
4.27
The
Committee shares the concerns of the ACC. The social and financial cost of
forcing consumers to pay for harm resulting from credit card fraud is
potentially high.
Merchants and credit cards
4.28
The
Committee also heard from Mr Graeme Bond, a merchant who has had an ongoing disagreement with his bank since
1996, regarding a series of fraudulent credit transactions for which the bank
has held him responsible. The Committee notes that Mr Bond’s experience is
more about a fraud which was perpetrated by means of a credit card, and the
arrangements with his bank, than an Internet transaction. Mr Bond’s experience
illustrates the nature of the liability imposed through the agreements between
banks and merchants.[99]
Prevention
– Credit Card Skimming and Fraud
4.29
The ACC advised
the Committee that credit card skimming has been approved by the ACC’s Board as an approved
intelligence investigation. Thus far, the activity has consisted of
consultation with:
-
New
South Wales Police about their Task Force Venlo, which investigated credit card
skimming in New South Wales;
-
Discussing
with the (credit) card companies risks and trends and what they believe law
enforcement should be looking at in relation to card skimming.
-
Participation
in the MasterCard fraud reduction task force meeting.[100]
4.30
The ACC
also noted that the card skimming appeared to have 'migrated' from South East Asia. The Committee observed that as the reference is quite
recent, the ACC is still in the early stages of developing strategies. The ACC
did advise the Committee that the AFP liaison network was doing some
work in this area.[101]
4.31
The
Committee was also told of a system of random checks to validate credit
transactions which the banks undertake each day. In particular, if there are
any unusual features of a transaction, the card holder will be contacted to
check it was made by the card owner. The Committee was told that there are over
300 such calls made each day, and that the banks wear significant losses for
the transactions fraudulently made.[102]
4.32
The Attorney General’s Department pointed out that a number of peak
bodies are developing ways in which card skimming can be eliminated. These
include the Standing Committee of Attorneys General, the Australian Police
Ministers’ Council, the Australian Bankers’ Association, and a Commonwealth NSW
task force.
4.33
However
the banks do have other technology available. The so-called 'smart card' is a
far more secure option than the magnetic stripe technology in current use.
A smart card is made of plastic, and in size and appearance is
similar to a normal credit card. [The card has a] microchip embedded in it ...
which replaces the magnetic stripe commonly found on the back of other
transaction cards. [It] allows the storage and management of large amounts of
different types of information. Most importantly, the microchip may allow the
performance of computing tasks through a microprocessor included in the chip.
Using the integrated circuit’s memory capacity and processing power, one card
can accommodate multiple applications providing greater flexibility and ease of
use for the customer.[103]
4.34
The
technology is used in security applications, and is difficult to replicate. It
is expensive to produce, but is far more secure than its alternatives, and may
represent a saving for financial institutions in the long term.
4.35
The Committee observes that banks and the promoters of
credit cards derive considerable income benefits from their use by consumers
and merchants; the cards are strongly promoted in many contexts. An example is
the special sporting events cards, promoted and used initially at times when
there are many itinerant people in one place, who are being encouraged to
spend. The potential for fraudulent use in such circumstances represents an
increased risk. Where the card holder can be shown to have been reckless in the
care and storage of the card and its details, it is clear where the liability
for misuse lies. In cases where neither the financial institution nor the
cardholder has compromised security, there is clearly an increased cost to the bank
which should not be borne entirely by either the bank or the client cardholder.
4.36
However,
in cases where neither the financial institution nor the card holder has been
negligent, the allocation of liability is not nearly so clear. The approaches
currently available to resolve this issue were developed in pre-electronic
banking, pre-Internet times. The Committee
is of the view that given the increased potential for fraudulent use in the
e-environment, the issue warrants an approach which is grounded in the
electronic transmission of documents, rather than their physical presentation.
Identity
fraud
4.37
Closely
associated with banking and credit card fraud is identity fraud. The Victoria Police told the Committee hearing that identity related crimes are evident in most
fraud related offences, including loan applications, credit card fraud and
online banking. Globally, this activity is currently one of law enforcement’s
greatest problems.[104]
4.38
The ACC noted in its evidence that identity fraud is used as a means to
commit drug, firearms and e-crime offences.[105]
Identity fraud offers opportunists and those who shift from one area to another
an easy way to pursue the quickest way of making money, whether it is by drugs,
guns, prostitution or white-collar crime.
4.39
In this context, one of the issues which arose was the integrity of the
100 point check, used by banks to establish the identity of a person wishing to
open an account. The system is established under the Financial Transaction Reports Act 1988. As AUSTRAC pointed out in
evidence, the documentation was not created with the identification system in
mind:
Birth certificates,
passports, drivers’ licences and even credit cards – all
these sorts of things – can be used as part of the process. The
system is okay; it is the integrity of the documents and the ability to verify
them that creates the difficulty in the process.[106]
4.40
The ABksA advised the Committee that new technologies such as scanners,
and colour printers have increased the banks’ exposure to identity fraud, and
that it is relatively easy to produce false documents of high quality.[107]
4.41
The Committee notes that while
the 100 point check in itself is clearly a useful tool – 'a robust
identification system' – the issue is increasingly the underlying integrity of
the documents.[108]
4.42
In
evidence, AUSTRAC told the Inquiry of a Proof of Identity Committee chaired by
AUSTRAC which is examining some of the options which might be available to
verify claims to identity.[109]
AUSTRAC suggested that a system of fast-track verification of documents would
be of benefit and also suggested the possibility of a facial and iris
recognition system known as biometrics.
4.43
This was
also raised by Standards Australia which has developed a number of standards for the
use of information technology in the banking system, for example, the
maintenance of security for the operation of ATMs.[110]
4.44
Biometrics is the
identification of people through face recognition, fingerprints, iris
recognition, retina recognition (visual recognition), auditory (voice)
recognition and also includes chemical, behavioural and olfactory analysis.[111] It is already being used by private
firms to verify identities. As with any identification procedure privacy is an
issue and Standards Australia advised that Codes of Ethics are being
development by the Biometrics Institute for this purpose.[112]
4.45
The
Attorney General’s Department told the Committee that the Criminal Code
includes specific fraud offences.[113]
Identity fraud is a feature of welfare and tax fraud offences, along with
increasingly being featured in organised crime. The Department also advised
that it is developing a strategic direction for improved personal
identification and authentication practices. For example, the AUSTRAC Proof of
Identity Steering Committee is assessing the community cost of identity fraud.
The steering committee includes representatives from the banking industry as
well as government agencies.
4.46
In
addition, the ACC has maintained the Identity Fraud Register which lists known
offenders, fraudulent names used and lost or stolen documents. The Australian
Bureau of Criminal Intelligence (ABCI) established this project in 2001, and
the ACC submission indicates that over 2000 recent fraudulent identities have
been recorded on the database. The database can link offenders with real
identities and crimes and is designed to facilitate the work of law enforcement
agencies (LEAs).[114] The Committee
commends this initiative.
4.47
The
Committee encourages the continuation of the close working relationship between
the banks and the police – both state and federal.[115] Cross sector liaison is essential
for the sharing of information and the development of strategies to minimise
the effect of cybercrime.
4.48
However,
as was indicated in the evidence provided by Symantec, the implementation of
strategies and technology depends upon the cost of the technology and
persuading people to use it.
... you have to make this
cost-benefit analysis and if the financial institutions in a particular country
have decided that there is an acceptable level of risk with a technology they are
using, they are going to continue with that technology.[116]
4.49
The Committee is disturbed at the notion of 'an acceptable
level of risk' for the financial institutions. What is acceptable to the banks
may not be acceptable to the consumers of the financial services provided. Where
such an acceptable level has been determined, the consumers should at least be
made aware of it and advised as to what they can do to minimise that risk.
Money laundering
4.50
Money
laundering is defined by the OECD as:
The processing of ... criminal proceeds to disguise their illegal
origin. This process is of critical importance, as it enables the criminal to
enjoy these profits without jeopardising their source.[117]
4.51
In
evidence the Committee heard that the OECD’s associated Financial Action Task
Force is an intergovernmental initiative whose purpose is the development and
promotion of policies, both at national and international levels, to combat
money laundering and terrorist financing.
4.52
The ACC
advised the Committee that money laundering is one of the areas in which the
Commission is authorised by the Board to use its coercive powers, along with
associated criminal activities of South-East Asian crime gangs, established
criminal networks and illegal firearms.[118]
4.53
The
Australian Bankers’ Association told the Committee of its very strong
relationship with AUSTRAC. The banks, under the Financial
Transactions Reports Act 1988, are required to report suspicious
transactions to AUSTRAC, and the Association indicated that in addition to matters
arising from traditional crime and money laundering, there is now also a focus
on the suppression of the financing of terrorists.[119]
4.54
AUSTRAC’s
evidence noted its role as an observer and reporter on international funds
transfer instructions or international telegraphic transfers. The agency has
been turning its attention to what happens outside
of the regulated financial markets, and the potential for the expansion of
unregulated financial transactions.[120]
4.55
AUSTRAC advised the Inquiry that the AGEC (Action Group into the Law Enforcement
Implications of Electronic Commerce) which is chaired by AUSTRAC, has also been
examining this area in two of its focus groups: one on new technologies and the other on the financial system. The
Group’s membership includes the Australian
Taxation Office, the Australian Federal Police, the Commonwealth
Attorney-General’s Department, the Australian Competition and Consumer
Commission, the Australian Securities and Investments Commission, the
Australian Customs Service, the Director of Public Prosecutions, the Department
of Immigration, Multicultural and Indigenous Affairs, and the Australian
Prudential Regulation Authority.
4.56
AUSTRAC
explained:
[The AGEC is] looking
at ways of avoiding the financial system ... E-gold and other similar types of
mechanisms have been of great interest, particularly to the Australian Taxation
Office. People use them to avoid our reporting mechanisms ... on international
funds transactions.
It is quite easy to use these mechanisms by buying e-gold and then having
credit cards or debit cards on international accounts so that our reporting
systems are completely avoided. There is quite a large amount of concern within
the broader law enforcement agencies, including revenue and regulatory
agencies, about those sorts of mechanisms.[121]
4.57
The Committee learned that such systems are simple to use,
and can effectively transfer large sums undetected to and from Australian–owned
'accounts'.
Prevention – Money Laundering
4.58
In
addition to the establishment of the AGEC Committee, the Committee was advised
of other technical and strategic resources available to deal with money
laundering.
4.59
The
Attorney General’s Department told the Committee that there are strategies
available to combat money laundering. The threat of terrorism has given money
laundering a new global focus apart from its traditional connection with
organised crime.[122]
4.60
The
Department also informed the Committee that Australia is a member of the
international Financial Action Task Force on Money Laundering (the FATF), which
has developed the Forty Recommendations – the
basis of international anti-money laundering standards, which include sanctions
against non-compliant countries.
4.61
Post 11
September 2001, the
FATF released eight Special Recommendations on Terrorist Financing,
accompanying the United Nations measures. A review of the Forty Recommendations
is currently under way.
4.62
In 1997,
the Asia Pacific Group on Money Laundering (APG) was established as a FATF-style
regional body of 26 member states. The APG plays a coordinating role in the
provision of technical legal and law enforcement experts to countries in the
region.
4.63
In
addition to the Financial Transactions Reports Act 1988, money laundering, in
the domestic arena, is managed within the framework of the Proceeds of Crime
Act 2002. Under this legislation courts
can freeze and confiscate assets under certain circumstances.
4.64
There is
also state-based proceeds of crime legislation, which allow civil forfeiture of
assets, in state offences. The ACC has frequently used this legislation to
recover proceeds of crime, and under the Commonwealth legislation is in a
position to assess the effectiveness of the Proceeds
of Crime Act 2002 in recovering laundered funds, and whether it is at all
useful in recovering funds which have been transferred outside the reporting
system.
Future directions for banking, credit card fraud
and money laundering
Australia
a vulnerable target
4.65
The ACC
submission notes that there are limitations in the Australian national law
enforcement’s response to card skimming which can be exploited by being open to
criminal activity. Further, the ACC considers that the increasing controls over
card skimming activity in North America, Europe and Asia, and the lax
legislative (multi-jurisdictional in one country), and deterrent environment is
likely to result in transnational criminal groups shifting their activities to
Australia.[123]
4.66
The ACC
notes[124] a report in September 2002,
by the Office of Strategic Criminal Assessments[125] (OSCA – now incorporated into the
Australian Crime Commission) which predicted that the threat of card skimming
would continue to rise, and cited a number of contributing factors. These
included legislative gaps such as restrictions on the import of skimming
equipment such as card blanks and skimmers; lack of jurisdictional agreement on
what constitutes an offence, and lack of deterrence factors in criminal
penalties.
4.67
OSCA also
cited:
-
systemic weaknesses in banking practice (such as
lax merchant practices);
-
lack of consumer awareness of card security;
-
a gap in Australian law enforcement intelligence
holdings; and
-
an acknowledged need for a national intelligence
gathering strategy.
4.68
In the Committee’s view, the ACC can make a significant contribution to
the gap in intelligence holdings and the development of a national intelligence
gathering strategy. OSCA, as part of the ACC is in a position to provide
information on cyber fraud and related activity to law enforcement and policy
bodies on a regular basis. The Committee notes that one of the strategies that
the ACC identified as contributing to a national response included the provision of a national intelligence database
on card skimming for enhanced intelligence exchange. It notes that this role
would fill a gap in current law enforcement arrangements on card skimming.[126]
4.69
The
Committee is of the view that this role should be expanded. During the Inquiry,
it formed the view that there was the potential for inter-relationships between
the various forms of banking cybercrime and that this potential should be explored.
Recommendation
6
The
Committee recommends that the Australian Crime Centre, in consultation with the
Australian High Tech Crime Centre (AHTCC), Austrac and other law enforcement
agencies give priority to developing a national intelligence gathering strategy
for cybercrime in the banking industry. Further the ACC should seek to fill any
gaps in intelligence holdings that are identified.
4.70
In relation to consumer awareness of card security, the Committee notes
that the ABksA considers that the Government has a role in public education
programs to ensure that customers understand their responsibilities. Given the
significance of banking in a community’s economic health, the Committee
believes it is necessary for government and financial institutions to form
partnerships to support increased client awareness of the potential pitfalls.
4.71
The issue of the systemic weakness in banking practice may be overcome
in part by education campaigns. The Committee notes that that the AHTCC advised
that in May 2003, the AFP, AusCERT
and other law enforcement agencies produced the Australian computer crime and security survey.[127] The
AHTCC indicated the survey showed that:
-
corporations
are spending more money on IT security aspects; but also
-
there
are certain generic vulnerabilities within some industries.
4.72
These vulnerabilities demonstrate that there is a need for firewalls,
intrusion detection systems and policies to prevent contamination from disks
imported from outside an organisation’s system.
4.73
In addition the AHTCC, Standards Australia and the Attorney-General’s
Department, have funded the production of a computer forensics guide for
industry. This is an evidence collection guide designed to
advise the industry on how they may start protecting themselves gathering
together the information that is needed to prosecute these matters effectively.
4.74
In his evidence to the Committee, Mr Orlowski referred to a
number of potential solutions for protecting identity, and thereby eliminating
some of the aspects of banking and credit card fraud. These include public key
technology:
which is a very strong security tool based on cryptography and
which is seen as the cornerstone for electronic commerce in providing secure
and authenticated electronic transactions.[128]
4.75
There is also the strengthening of technology through the use of smart
cards which would mean that a person wanting access to another’s data would
require the card to do it, as it would be 'computationally infeasible' to break the information.[129]
4.76
Other technology which has potential in this area is biometrics
(discussed in detail at paragraph 4.43). However, the NSW Police pointed out to
the Committee that biometrics – for example, biometric links to credit data –
as a security solution are really a matter of what the community will tolerate.[130] The Committee is aware of the
sensitivity surrounding centralised access to personal data, and that there are
compromises to be made if biometrics becomes the technology of choice.
4.77
The NSW
Police also noted the overseas experience in which telephone lines are
physically intercepted to pick up data. If at any point along the communication
lines the data is not encrypted it has the potential to expose millions of
users to capture or corruption of data.
4.78
The
implications of failure to secure data are widespread. Not only could financial
details be captured, but other personal and corporate material taken and used. The
detection is difficult and resource intensive and there is also potential for
civil litigation for those who suffer loss through no fault of their own. While
it is a Commonwealth offence to intercept telecommunications without a warrant,
there would also be offences arising out of the corruption or use of the data
for gain or benefit. It is clear that law enforcement agencies should devise
prevention and response strategies, in the event that telephone line intercepts
occur in Australia. In particular, the ACC in partnership with
the AHTCC is in a position to develop response strategies, based on its
operational experience.
4.79
The Committee notes that in relation to credit card fraud, and in particular card skimming, the ACC
considers that it has a role: its submission to the Inquiry indicates:
Although many of the specific offences associated with card
skimming are fraud under State Criminal Codes, card skimming is appropriately
regarded as federally relevant criminal activity and will require priority
attention from national law enforcement.[131]
4.80
The ACC
also advises that its contribution to a national response to this problem could
include a series of strategies:
-
focusing on the multi-jurisdictional and national
dimensions of card skimming;
-
utilising specialist financial investigation
resources to complement the expertise of partner agencies;
-
using cybercrime investigation methods and
forensic techniques;
-
providing enhanced insight into the problem and
undertaking intelligence collection and target development; and
-
contributing to appropriate legal,
administrative and policy responses.[132]
4.81
The Committee notes that many of the strategies are activities
that the Committee views as being part of the ACC’s normal range
of activities, for example, the last item 'contributing to appropriate legal,
administrative and policy responses.'
4.82
Given that
the submission indicates that in May 2003, the ACC board approved National ACC
'Intelligence Operations' for both Identity Crime and Card Skimming[133] the Committee would be expecting the Commission to be more
positive in its strategic planning for this growth area.
4.83
Similarly,
in the areas of money laundering and identity fraud, the ACC continues to
pursue traditional strategies. Their suggested future directions include a
large number of continuing activities such as consultations with AUSTRAC and
the banks, in particular concerning the FATF’s 40 recommendations, the use of
Task Forces such as the Agio task Force, continuation of the work with AGEC and
the former ABCI Identity Fraud register, and continued involvement in
consultations concerning verification of identity documents. The more
innovative suggestions include the establishment of a Task Force to investigate
identity fraud.
4.84
While the
Committee does not discount the effectiveness of traditional strategies the
growth of crime in cyberspace suggests that to successfully combat it, LEAs may
need to demonstrate a willingness to undertake new initiatives.
4.85
The
Commission also mentions investigative techniques to include use of ACC Special
Powers for production of documents and examination of witnesses. The Committee
notes the special authorisation of the ACC Board for inquiries of this nature,
but is apprehensive that these powers may be extended and become more
commonplace than was initially envisaged.
Conclusion
4.86
The
Committee notes that there is significant work being done on the international
as well as the domestic level to minimize banking and credit card fraud, and to
deal with money laundering. As with other aspects of cybercrime, there are two
issues:
-
education – to ensure the private and public users of this technology are
aware of the risks and take steps to minimise them; and
-
overall co-ordination and dissemination of
relevant and timely information to the agencies involved.
4.87
The
Committee considers that the proliferation of working parties, focus groups,
interagency committees and similar groups has the potential to be more
effective if there is an agency which can act as a co-ordinator of information
and direct resources appropriately.
4.88
There is
clearly a need to update the legislative base, which the Committee understands
is occurring. The process should not stop at updating, as constant review is
what is required to ensure that there is the ability to deal with the latest
incarnation of attempts to damage the banking and finance environment.
4.89
Success in
the detection and prosecution of cybercrime will depend on cooperation between
Commonwealth and State Law Enforcement agencies, the financial institutions, as
well as other agencies (such as AUSTRAC). The Committee considers that the
formation of partnerships between these parties is crucial, if banking and monetary
cybercrime is to be dealt with efficiently. In particular, government and
private sector partnerships should be sought to disseminate important
information regarding protection from financial fraud.
Navigation: Previous Page | Contents | Next Page
Top
|