Data security: statistics and solutions

NeTT 1 December 2009Last Updated: 13 October 2021

0 229 3 minutes read

A whopping 500,000 Australians have at some stage been subjected to identity fraud, according to research released by the Australian Bureau of Statistics last year. Approximately 125,000 of these had had their identities stolen.

Small businesses across Australia must pay increasing attention to data security and the potential for identity theft, according to Crime Stoppers Australia, organizers of the annual National Identity Fraud Awareness Week. This initiative aims to educate consumers and businesses about identity fraud and ways to prevent it.

“Any business that collects personal and financial details of customers and employees is at risk,” says Peter Campbell, National Marketing Manager of Fellowes Australia, a major sponsor of National Identity Fraud Awareness Week.

“Information such as names, addresses, bank account numbers, or employee payment details can be used … to recreate documents and steal identities.

“Detailed biographical information on customers and employees taken from invoices, statements, payslips and old personnel documents commonly found in business rubbish can be … gold to identity thieves.”

“Any business that collects personal and financial details of customers and employees is at risk,”

The instigation of the National Identity Fraud Awareness week follows research indicating that identity theft is clearly a major problem for Australian businesses. Consumer fraud is costing the Australian community an enormous amount; close to $1 billion according to recent research by the Australian Institute of Criminology. The AIC’s research revealed that 90% of consumers had encountered fraudulent activities, including false lotteries and phishing scams.

“The research shows that 18 percent responded to the scammer, and corresponded for further information, putting themselves at risk of financial loss or identity theft,” said Mr. Brendan O’Connor, Minister for Home Affairs.

The Government is implementing new penalties to crack down on scammers, including fines of up to $1.1 million, says Consumer Affairs minister Dr. Craig Emerson.

According to RSA’s Online Fraud Report for October 2009, Australia is still one of the top ten countries to suffer from online brand attacks.

The report shows a rise in ‘man-in-the-browser (MITB) attacks, where a Trojan horse program employs malicious code masquerading as a trusted application (in this instance your web browser). MITB attacks are commonly used to hijack Internet banking sessions, modifying transactions as consumers enter them into their browser, while still displaying the user’s intended transaction.

The RSA has documented an increase in MITB attacks, notably in the use of two-factor authentication. The European consumer banking and US corporate banking markets were the most two-factor authentication-dependent geographies, but this authentication method is becoming more densely deployed throughout financial institutions in Australia. Accordingly, this has been accompanied by an increase in MITB attacks.

Unfortunately (or luckily, depending on your budget) the only way to protect against MITB attacks is by investing in some extensive online security.

US company TriCipher offers a multi-tiered, Armored Credential System that anticipates MITB attacks by establishing two separate authentication credentials: one on the client’s computer and one on your business’ server. The two credentials must be combined in order for a transaction to occur, meaning that it’s nearly impossible for a MITB Trojan to steal and store both credentials.

KeyID is a company that offers another clever approach. They implement a unique, independent ‘SecureCard’ application, that combines elements of the customer’s and their server’s characteristics with the data that is to be transferred. The ‘SecureCard’ is then deciphered by KeyID’s unique reader; any anomalies (ie incorrect IP address) will then prevent the transaction from occurring.

Although third-party online systems are the most effective method of authentication currently available, an Australian man has recently come up with a system that combines both of the crucial aspects of the above security processes, whilst removing the authentication process from the digital world (and thus the hands of the hackers) altogether. The system is called PassWindow and was developed by Brisbane IT professional Matthew Walker.

The system works off a similar premise to the TriCipher dual-credential approach while bringing the concept of a secure ‘card’ into physical actuality. It presents whoever is viewing the authentication process with only certain visual elements of a password. Meanwhile, the actual customer is supplied with a card detailing the remaining visual elements printed on a transparent film which is then placed against the screen to reveal the full password. The concept is still in its beta stages but promises to be a cheap, effective alternative to third-party security methods for small businesses. #