Cyber security experts say policy reforms are needed to stem the rising tide of scammers fleecing consumers and businesses, amid projections Australians will lose more than half-a-billion dollars to fraudsters in 2019.
The Australian Competition and Consumer Commission (ACCC) yesterday outlined the prospect of a 56% increase in scam-related losses over just two years, revealing $532 million is expected to be taken in 2019 through everything from investment scams to dating and romance fraud.
More than 3,000 small businesses lost over $4.5 million to scam activity last year, according to the ACCC.
The watchdog has partnered with over 100 organisations from the public and private sectors in an education campaign designed to raise awareness about the growing risk of scam activity.
But experts SmartCompany has spoken to believe governments must do more to address scam-related issues, such as the increasing availability of personal information on the black market, which makes it easier for scammers to identify targets.
“We’re still a bit naive”
Tanveer Zia, associate professor in computing at Charles Sturt University, says 2018 was the “mega scam year”, with losses skyrocketing from $340 million to $489 million.
“Users are taking risks and they’re not following guidelines,” Zia says.
“We’re still a bit naive.”
As an increasing number of Australians use the internet in their daily lives, scammers have more opportunities than ever to defraud consumers and businesses, but Zia says policy settings aren’t doing enough to help.
“We haven’t got strong enough legislation yet,” he says.
In the first three months of 2019, the Office of the Information Commissioner has tracked 215 data breach notifications in Australia, 61% of which were the result of malicious or criminal attacks.
From April 2018 to the end of March 2019, 964 breaches were tracked.
Zia, echoing recommendations made by the ACCC in its digital platforms inquiry recently, believes Australia will need to tighten its privacy laws to crack down on personal information flooding the black market.
“We need to go a bit further than the Australian Privacy Principles,” he says.
Under the principles, organisations are allowed the flexibility to tailor their compliance to their circumstances and there’s no explicit right for consumers to seek the deletion of their personal information.
The ACCC has recommended strengthening Australia’s privacy laws to increase protections for consumers — advice the federal government will respond to later this year.
But Zia, pointing to consumer data right reforms in Europe, says Australia needs to do a better job incentivising companies to take care of their data.
Australia is already preparing to implement a consumer data right, which will improve the ability of users to understand and control what data companies have on them, although it is unlikely to apply to companies in all sectors for several years.
It is also not clear that the changes will be as far-reaching as the GDPR regime, which outlines penalties of up to €20 million or 4% of total global annual turnover for non-compliance.
“A manipulation arms race”
Suelette Dreyfus, a researcher in cyber security at the School of Computing and Information Systems at Melbourne University, says consumers need more power over their data.
“Scammers want to manipulate you and they can do a much better job once they’ve slurped up your private life,” Dreyfus tells SmartCompany.
“The large number of data breaches that have happened makes life very pleasant for scammers … they can manipulate their targets much more effectively.”
Dreyfus says outreach programs which aim to educate Australians about scams are necessary to stem the tide, but that fraudsters will continue to devise more sophisticated scams.
“It’s like a manipulation arms race,” she says.
“We could go a lot further, and one of the spaces we should go into is giving consumers more ability to simply require companies to delete their personal data.”
“Some companies will resist this because they view private data as a gold mine, but at the end of the day, data is a consumer’s life in bits.
“The consumer needs to have more say about taking that life back from someone who wants to sell it, but also someone who doesn’t keep it safely.”
Canberra looks to “practical responses”
In Canberra, debate is ongoing over what reforms to cyber security, cyber safety and privacy should look like.
A spokesperson for Minister for Communications, Cyber Safety and the Arts, Paul Fletcher, said the government is working with industry and other agencies to develop “practical responses” to scam communications.
“The Morrison Government is committed to taking action to prevent scams and minimise the harm they cause,” the spokesperson said.
“Using expert engineers from within Government and industry, the [Scam Technology] Project is looking at a range of measures including data matching technology, software solutions and new protective hardware to help prevent scam communications.”
Shadow Minister for Communications Michelle Rowland has a dim view on government efforts thus far.
“This surge in losses highlights why Labor has been calling for action on scams,” she said in a statement circulated yesterday.
“More than ever, we need measures which make it harder for scammers to reach Australians over telecommunications networks and social media — especially when they are conducting these crimes from overseas.”
Labor is pushing for the introduction of network-based caller identification to help stem the tide of “spoof calls” which allows scammers to disguise their numbers.
It also wants a “dynamic scam blacklist” created to begin systematising offenders.