The future of security is layered

Have you had your personal information stolen or misused?  Would you know? Every day, whether you realise it or not, it’s likely you’re sharing personal data online.

Click image to zoom Tap image to zoom

An estimated 159,600 Australians experienced identity theft during 2021-2022, according to the Australian Bureau of Statistics. According to recent data from the Australian Federal Police this is costing Australia upwards of $1.6 billion each year, with almost $900m lost by individuals.  

"If you delve a little further into the darker parts of the web, you’ll also find a raft of ID documentation, passwords and PINs following a spate of sizeable data breaches.”

Identity crime is a significant threat in Australia, with a growing number of people falling victim every year. Victims of identity crime often experience ongoing consequences, including financial losses and damage to their credit score.

In a modern digital world, basic research via social media or a search engine can reveal details about where you live, your date of birth, your personal email address, workplace and details about your partner or family situation.

If you delve a little further into the darker parts of the web, you’ll also find a raft of ID documentation, passwords and PINs following a spate of sizeable data breaches.

While data including your name, your address or your phone number on its own likely won’t see your identity stolen, when combined with other information, these become more powerful.

Multi-factor authentication

Multi-factor authentication is now an essential ingredient to help protect you from fraudsters infiltrating your banking and other accounts or opening false accounts under your name.

Limiting who, with and where you share your data is a good start. But to participate in today’s digital world, inevitably you need to share some data with providers to receive services.

Passwords offer some protection but are no longer sufficient in the data sharing world in which we now exist.

This is where multi-factor authentication comes in - combining two or more methods of authentication increases the security of your data and accounts immensely.

Complementing something you have (a smart phone or other device), or something you are (biometrics/FaceID), with something you know (password or pin code) improves security and avoids fraudulent actors from gaining access to your personal data.

Even better, the newest approach to authentication – behavioural biometrics, adds an innovative ‘something you do’ layer to security.

Behavioural biometrics analyse how an individual usually interacts with their smartphone or other device and uses this information to create a unique profile. This profile is then used to ensure the person in possession of the device is the registered user.

For instance, if you open an account as a five-foot 10 inch tall, one-finger typist and two months later a six-foot two fraudster puts your smartphone in their pocket and attempts to access your bank accounts typing at 120 words per minute, your provider will flag the account.  

Behavioural biometrics will be increasingly important in an artificial intelligence world as these unique characteristics are much more difficult to mimic than visuals.

Onboarding customers

Traditional digital onboarding processes require a customer to provide the bank or other service provider with identity data, which is then verified at an independent and reliable source to prove you are who you say you are.

With personal data increasingly getting into wrong hands, how do we ensure it’s really you opening the account and not someone trying to steal your identity?     

The build of ANZ Plus represented an opportunity to recreate the customer onboarding experience and the result is an experience that uses our strengths in multi-factor authentication.

The multi-layered approach to security taken at ANZ Plus means a few things:

  • Data on a supplied document needs to be verified at independent and reliable sources
  • A person can’t simply open an ANZ Plus account using stolen identity data, as we must view and verify the authenticity of the physical document, not just the basic data
  • Ensuring that the person presenting the document is the rightful owner of the document, by matching a selfie to the image presented on the ID

The addition of a selfie, a photograph of a physical identity document and behavioural signals into the onboarding process has enabled ANZ Plus to prevent the fraudulent opening of accounts. This has saved customers, from not just ANZ, but from other Australian banks, millions of dollars in losses.

The early success of this approach has meant ANZ has prevented more than 500 fraudulent actors from opening ANZ Plus accounts with stolen data. It has also provided us with a strong foundation to protect our customers from fraud after they’ve joined, given that all customers are automatically enrolled in multi-factor authentication – their device and a selfie.

This enables us to limit the use of those hard to remember, but easy to guess, ‘secrets’ such as key words or personal questions.

Customer experience

Importantly, the introduction of a multi-layered approach to onboarding has not been at the expense of the customer experience, with customers able to join ANZ Plus in minutes and start banking with a fully functioning account. A Net Promotor Score (NPS) of 50+ is proof things can be both simple to use and safe.

We know identity fraud is often difficult to detect until its already well progressed so unfortunately the amount of money Australians lose each year is likely much higher than estimations suggest.

The threat from identity theft, as well as increasingly sophisticated fraud and scams, will continue to require financial services providers to innovate and enhance customer education.

At ANZ, we’re continuing to explore new ways to utilise our strength in multi-factor authentication to reduce the risk of fraud and ensure our customers’ ongoing protection.

Gabe Steele, Join Value Stream Lead, ANZx

The views and opinions expressed in this communication are those of the author and may not necessarily state or reflect those of ANZ.

editor's picks

10 Aug 2023

Shutting down the mule trade

Shaq Johnson | Head of Customer Protection, ANZ

Criminals can trap Australians into acting as “money mules” – helping to launder billions of dollars by transferring illegal funds between accounts. An ANZ pilot is disrupting the trade.

22 Jun 2023

New ways to thwart scammers

Shaq Johnson | Head of Customer Protection, ANZ

Scams are becoming so sophisticated they are difficult for customers to spot. Companies must constantly adapt and refine measures to protect customers and the wider community.