[Background paper from 5 years ago here: http://www.rogerclarke.com/EC/CPS-12.html ]
Banks should make contactless cards opt-in: MPs Allie Coyne itNews 7 Sep 2015 http://www.itnews.com.au/news/banks-should-make-contactless-cards-opt-in-mps-408933 Finance report also calls for audit of ASIC's tech skills. Australia's police agencies have convinced a parliamentary committee that the country's banks should make contactless payments an opt-in service, in order to combat fraud. In its report into financial-related crime, tabled today, the parliamentary joint committee on law enforcement said it shared concerns that banks rolling out new technology without consulting law enforcement had the potential to drive up crime in the sector. It said banks and other financial service providers should consider law enforcement issues "more carefully" and discuss new technologies with law enforcement before they are rolled out. "While banks have argued the fraud risk of new technologies is accounted for in their banking systems, the committee believes that consumers should have the option of disabling contactless payment features," the committee wrote. It therefore recommended that providers issuing debit and credit cards require customers to consent to contactless payment technology on their cards before it is activated. Law enforcement agencies had argued to the committee that such technology had expanded the scope of credit card fraud, where criminals conducted multiple low-value purchases from different cards to escape detection. Contactless payment technology allows customers to pay for products or services worth under $100 by waving or tapping their card to a terminal. But in its submission to the inquiry, Victoria Police said the technology had contributed to the rise of 100 extra credit card deceptions weekly in the state, and criticised financial institutions for not engaging with police prior to rolling out such features. Banking representatives denied contactless payment technology posed a significant fraud threat. Audit ASIC's tech skills The committee also raised concerns about the Australian Securities and Investment Commission's technological ability to detect and deter financial-related crime. It highlighted a submission by the National Credit Providers Association which criticised ASIC's reaction to a scam that misused a member's AFS license information. The NCPA said ASIC did not act until 101 days after the association notified it of the scam, and even then only issued a media release. Similarly, the NCPA said it later found out ASIC had known about the scam for four months before the NCPA's notification. "I had a fairly frank conversation with one of the investigators, who said that basically ASIC does not have the technology to try and track down these scams, does not have the resources to do this and the processes of ... deciding whether this even falls within ASIC's gamut to investigate .. appear to be basedĀon paper, fax and letter-type dealing with the process rather than the fact that we are in a global economy and these scams are over and done with very rapidly," National Financial Service Federation CEO Philip Johns said. When questioned on the delay by the committee, ASIC said it had determined that the most appropriate regulatory response was to issue a media release to "educate members of the public" and to "disrupt the scam". The committee labelled ASIC's response "extremely tardy" and said it appeared to be indicative of ASIC's usual response timeframe - meaning its typical reaction for similar types of financial-related crimes was between 65-110 days. It also said issuing a media release did not send a "sufficiently robust deterrance message to future internet scammers". "As many witnesses have observed, the use of modern technologies makes the transacting of internet scams incredibly rapid. If ASIC is to deal with internet-based financial related crimes in an effective manner into the future, it must improve its response times to preventing and disrupting such criminal activities," the committee said. ASIC needs to have the technology capacity to effectively and appropriately respond to such issues, the committee said, recommending that the National Audit Office (ANAO) undertake a performance audit of ASIC's technological abilities. The ANAO report would outline ASIC's IT requirements and capabilities as well as any deficiencies that would prevent the agency from performing its regulatory role. ASIC famously blocked 250,000 websites accidentally in 2013 in an attempt to shut down just 1200. The committee also recommended that ASIC make its response to internet-based financial crimes "far more expeditious". ... -- Roger Clarke http://www.rogerclarke.com/ Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 6916 http://about.me/roger.clarke mailto:[email protected] http://www.xamax.com.au/ Visiting Professor in the Faculty of Law University of N.S.W. Visiting Professor in Computer Science Australian National University _______________________________________________ Link mailing list [email protected] http://mailman.anu.edu.au/mailman/listinfo/link
