The Optus breach that saw 9.8 million Optus customers have their personal details including names, dates of birth, addresses, phone numbers and licence numbers stolen on 22 September has sparked security concerns across multiple industries.
The Treasurer referred to the data breach as “incredibly concerning” and was working with Optus to ensure adequate safeguards are in place.
While banking details and passwords were not obtained, according to Optus, the Australian government, banking associations, the consumer watchdog and other interested parties are on alert issuing warning notices to consumers to protect their information as well as tightening internal controls.
Australian National Bank’s (ANZ) managing editor at Bluenotes, Andrew Cornell, said identity security has become “one of the most important challenges” facing society.
“Cybercrime on a massive, organised scale is unfortunately now part of our lives and it must be tackled on multiple fronts,” Mr Cornell said.
“Secure, efficient and trusted Digital IDs are a key weapon. But critically, we must also be able to trust those who are providing and managing the Digital IDs.”
The challenge for banks and other associations is how to “balance the genuine need” for firms to gather clients’ information, while assuring them that data is secure.
Mr Cornell said a secure system of digital identification was a “logical answer” where a party can provide their digital ID to a company, a financial institution, or a government agency “without the tedium and security risk of providing evidence such as photos, passport or licence numbers or other details”.
“Banks, because they are heavily regulated and trusted (even if they are not always liked) are very well positioned to play a role in the provision and custody of these identities. And trust is even more essential in a digital world,” Mr Cornell said.
In fact, Momentum Intelligence’s 2022 Consumer Access to Mortgages Report, which measures the overall levels of satisfaction with banking, superannuation and financial services industry found trust in lenders and the third-party channel had increased year-on-year.
In particular, 87 per cent of consumers report that they trust their brokers, up from 84 per cent in 2021 (but down from 89 per cent in 2020), while only 67 per cent of consumers who approached a lender directly for their mortgage application said they would do so again (up from 61 per cent in 2021).
As industries react to protect consumers following the Optus data breach, the Australian Banking Association (ABA) stated that banks “stand ready” to assist the government and encourage customers to report any suspicious activity.
“Banks encourage customers to also remain vigilant in all aspects of their digital lives, with an increased focus on the use of PayID, and applying measures such as two-factor identification,” the ABA has stated.
“Banks have spent around $19 billion on IT systems to build resilience including against frauds and scams and to keep customers safe.”
In addition, BIS research paper on cyber risk in central banking noted “the new digital perimeter that must be protected has shifted to identity — the cornerstone of modern security controls in the cloud — and the primary control enforcement on users, devices and data.”
Inevitably, all financial services are going to outsource more of what they do as they seek to expand their ecosystems, Mr Cornell said, as many are partnering with fintechs, using the cloud and joint venturing with other organisations.
For example, Banking as a service (BaaS) was already entrenched in the financial system, which “brings its own risks”, he said.
“Like so many elements of our new digital world, the attractions are immediate but the risks — and costs — only become obvious after things fail and we have the mass hacking of personal details or failures like those in the cryptocurrency world,” Mr Cornell said.
“Trusted Digital IDs are not the complete answer but they are certainly a vital step forward.”
[Related: Government and banks respond to Optus data breach]