Skip directly to search

Skip directly to content

 

Cyber Security Incidents in Australia Highlight the Need for a Balance Between Risk and Innovation

 
 

Payments | David Marsh |
23 November 2022

A series of high-profile cyber security incidents have dominated the media in recent months. Major brands have been compromised across health, telco, retail and real estate, exposing the data of millions of Australians and international students, including sensitive information such as passport numbers and medical details. The incidents present a timely reminder about the importance of a continued focus on security.

Banks and payment service providers have long been a target for fraudsters. According to the Australian Signals Directorate, Banks and Financial Services make up 4% of cyber security incidents (requiring ACSC assistance), which, while still concerning, compares favourably to other sectors. The payments industry has been an early adopter of cyber security threat mitigants, such as two-factor authentication, encryption and penetration testing. The resulting stability is one reason why banks have retained the trust of their customers.

As banks and payment service providers have shifted to close the gaps that hackers might target, consumers have become the weakest link in the chain. Criminals are looking to achieve their objectives by either scamming consumers into initiating payments or taking over a consumer’s identity to accumulate debt in their name. The Australian Competition and Consumer Commission (ACCC) estimates scams to be costing Australians $2 billion a year, but that figure is difficult to validate as consumers are often too embarrassed to come forward.

THE NEED FOR SECURITY REMAINS HIGH

A conversation going on at the moment relates to action initiation under the Consumer Data Right (CDR). Support for action initiation was recommended under the “Future Directions of the Consumer Data Right” review and endorsed in December 2021 by the Liberal government who were in power at the time. The recent spate of cyber security incidents has some in the industry concerned about potential risks.

A key feature of action initiation will enable an authorised third party to trigger payments from a bank account. In the ensuing consultation, the Australian Banking Association (ABA) submission calls out new attack vectors presented by such access. The ABA submission also calls for clarity in regards to liability where a third party sits between the bank and the customer, preventing the collection of data points that are normally used as part of a risk assessment.

Endava recently surveyed over 1,000 global non-bank organisations on their finance and payments strategy. The results highlight that security remains front of mind for organisations:

Figure 8 from Endava 2022 Global Payments Report, showing “Fraud and security issues” as the top payment issue or challenge the surveyed companies experienced.

Figure 10 from Endava 2022 Global Payments Report, showing “Controlling data security” as the top challenge in international payments the surveyed companies experienced.

Figure 12 from Endava 2022 Global Payments Report, showing “Secure” as the top benefit that the surveyed organisations report about their payments tools.

BALANCING RISK AND INNOVATION

If we look to the UK, where payment initiation has been available for some time, advocates point out that open banking payments avoid sharing sensitive card numbers and the risks associated with manual data entry. Meanwhile, critics highlight that the UK’s Payment Systems Regulator is consulting on mandatory consumer protection to minimise the impact of authorised push payment scams. Measures under consideration include reimbursing customers, which would presumably push up costs and may dilute some of the benefits associated with a basic account-to-account payment offering.

In Australia, regulation has traditionally played a role in protecting the interests of all participants in the payments ecosystem. Whether that be issuers, acquirers, merchants or consumers, regulation sets the rules each participant must abide by. In recent years, the number of participants involved in a single payment has increased dramatically. Digital wallets, payment orchestrators, BNPL services and other innovators form part of the value chain. With a more diverse set of stakeholders comes a broader set of perspectives.

Whilst it’s prudent to focus on risks associated with change, it is also important to recognise that many of the advances we have seen in payment technologies are a result of disruptive business models introducing innovation in payments. Without action initiation, some organisations have opted to use screen scraping technology to deliver payment services to customers. There are mixed views as to whether screen scraping should be permitted – but from a purely technical perspective, a robust set of formalised APIs would be preferable.

So, what is driving the need for third-party action initiation? Payments are just one component of the Consumer Data Right. It’s worth remembering that the initiative was designed to be an economy-wide framework. In the future, it might enable consumers to choose a trusted companion app or wallet that not only manages all their banking, telco, insurance and energy services, but also compares competing offers based on actual usage data and, with consent, switches services without the administrative barrier that impedes competition today.

Coupled with supporting legislation for Digital Identity, customers could be onboarded to those new services without the need to collect identity documentation at all, greatly reducing some of the risks that have been surfaced by the recent cyber security incidents. Interoperable Digital Identity is a separate initiative banks have stayed close to, with plans in the first instance to allow consumers to use their banking relationship to “vouch” for identity attributes.

CONCLUSION

If there is a takeaway from the recent cyber attacks and subsequent publication of sensitive information, it is that the loss of data may be as, if not more, damaging as the loss of money – and it cannot be resolved through re-imbursement.

Australia’s regulators have a good track record balancing the competing need for innovation with the requirement for security and stability, which is reflected in our nuanced payments regulation. Past examples include Australia’s Card-Not-Present (CNP) Fraud Mitigation Framework and a Consumer Data Right legislation that extends beyond the finance industry. The growing number of stakeholders will make this an increasingly challenging balance to strike, particularly from a timing perspective.

Next month, the Australian payments industry will come together at the industry association’s annual payment summit, aptly themed “Paving the way”. With reviews pending for the privacy act, licensing, crypto asset regulation and action initiation, industry participants will be looking for insights on when and where some of these issues might land.

David Marsh will be speaking on the “Future of Payments” panel at the AusPayNet Summit 2022, alongside representatives from Visa, NAB and Stripe.

You can find more insights in the Endava 2022 Global Payments Report.

David Marsh

Principal Industry Consultant

With over 13 years in the payments industry, David’s career has been centred around innovation, transactional banking integration, and technology. Having worked with government clients, corporates, and the industry association for payments, he brings broad experience and a hands-on perspective to challenges and opportunities in the payments space. Away from work, family commitments permitting, David enjoys mountain biking, bouldering and DJing.

 

Related Articles

  • 23 June 2022

    A Payments View on Marketplaces – How to Be(come) Successful

  • 12 May 2022

    Are Phones About to Become the New POS Terminals?

  • 22 February 2022

    4 Buy Now Pay Later Trends Set to Disrupt the Industry

  • 14 September 2021

    Once Upon a Time … in Payments

  • 16 September 2020

    MPE Summer Week Recap – a Seismic Shift in the World of Payments

 

From This Author

  • 23 March 2022

    Real-Time Payments in Australia – Why Corporates Should Get on Board

  • 08 April 2021

    Before Commission / After Digitisation – a Pivotal Era for Australian Payments

Most Popular Articles

Current Challenges in the Transportation & Logistics Industry
 

Transportation & Logistics Insights | Brian Estep | 22 March 2022

Current Challenges in the Transportation & Logistics Industry

4 Buy Now Pay Later Trends Set to Disrupt the Industry
 

Payments | Annmarie Mahabir | 22 February 2022

4 Buy Now Pay Later Trends Set to Disrupt the Industry

How Tech is Changing Sports Betting for the Better
 

Innovation | Andy Davies | 18 November 2022

How Tech is Changing Sports Betting for the Better

5 Things We Learned at World Aviation Festival 2022
 

Mobility | Vojin Rakonjac | 23 November 2022

5 Things We Learned at World Aviation Festival 2022

Cyber Security Incidents in Australia Highlight the Need for a Balance Between Risk and Innovation
 

Payments | David Marsh | 23 November 2022

Cyber Security Incidents in Australia Highlight the Need for a Balance Between Risk and Innovation

The Era of Ecosystems and the Rise of Open Insurance
 

Insurance Insights | Robert Anderson | 22 November 2022

The Era of Ecosystems and the Rise of Open Insurance

Top Challenges in Warehouse and Distribution Centers
 

Transportation & Logistics Insights | Brian Estep | 01 March 2022

Top Challenges in Warehouse and Distribution Centers

Staying relevant in the buoyant cross-border payments market
 

Payments | Peter Theunis | 15 November 2022

Staying relevant in the buoyant cross-border payments market

How the Board Game Catan Conquered the Digital World
 

Innovation | Moritz Hampel | 27 July 2021

How the Board Game Catan Conquered the Digital World

 

Archive

  • 23 November 2022

    5 Things We Learned at World Aviation Festival 2022

  • 23 November 2022

    Cyber Security Incidents in Australia Highlight the Need for a Balance Between Risk and Innovation

  • 22 November 2022

    The Era of Ecosystems and the Rise of Open Insurance

  • 18 November 2022

    How Tech is Changing Sports Betting for the Better

  • 16 November 2022

    4 Ways Insurers Can Leverage Technology to Differentiate Themselves

  • 16 November 2022

    The future of banking in the Nordics – being digital and personal

  • 15 November 2022

    Staying relevant in the buoyant cross-border payments market

  • 15 November 2022

    3 Experts’ Insights on the Complicated Relationship Between Fintechs and Banks

  • 09 November 2022

    How Can Banks Create a Secure, Optimised Cloud-Enabled Architecture?

  • 08 November 2022

    Tech is Good for You: How Wearable Edge Devices Changed Healthcare

  • 01 November 2022

    How Microservices Can Upgrade the Customer Experience

  • 25 October 2022

    How Technology Can Help Monitor the Circular Economy

  • 18 October 2022

    Why it’s time for banks to let go of legacy IT

  • 11 October 2022

    Buy vs. Build in Banking: Which Option is Right for You?

  • 04 October 2022

    The Rise of Super Apps: How Banks Can Compete

  • 27 September 2022

    AI Art in Game Production – an XDS 2022 Table Discussion

  • 20 September 2022

    Payments Data Monetisation is Key to Driving Sustainable Growth

  • 13 September 2022

    Navigating the Healthcare Ecosystem

  • 30 August 2022

    hey y’all! I’m Ashley Grant

  • 23 August 2022

    5 Ways to Fix Your Data Spine in Banking

  • 16 August 2022

    De-risking Digitalisation

  • 09 August 2022

    hi, I’m Brian Estep

  • 02 August 2022

    hey! I’m Lia Rollman

  • 19 July 2022

    The New Ways of Issuing Cards

  • 12 July 2022

    Scores on the Door: Rating Autonomous Vehicles

  • 06 July 2022

    Data-Driven Impact: Don’t Settle for Less

  • 06 July 2022

    We’re in Nottingham – a Q&A on Endava’s New Delivery Centre in the UK

  • 05 July 2022

    hey, I’m Chris Hart

  • 28 June 2022

    Platforms: a Blessing or a Curse?

  • 23 June 2022

    A Payments View on Marketplaces – How to Be(come) Successful

  • 21 June 2022

    Intelligent Commercial Underwriting

  • 14 June 2022

    The Future of Supply Chain: What’s Next?

  • 31 May 2022

    The Future of Autonomous Vehicles in T&L

  • 26 May 2022

    hello! I’m Hannah McCarthy

  • 24 May 2022

    Going Native: Why Cloud-Native Services are Essential

  • 19 May 2022

    How to Tackle Legacy – Breaking Down Walls Between Change and Run

  • 17 May 2022

    Advantages of a Yard Management System

  • 12 May 2022

    Are Phones About to Become the New POS Terminals?

  • 10 May 2022

    The Digital Economy is an Upgrade of Smart Cities and Communities

  • 05 May 2022

    hello! I’m Sumita Davé

  • 03 May 2022

    Physical Automation in the T&L Industry

  • 28 April 2022

    zdravo! I’m Andrej Kotar

  • 26 April 2022

    Open Banking in the US

  • 20 April 2022

    hello! I’m Paul Maguire

  • 19 April 2022

    Digital Automation in the T&L Industry

  • 12 April 2022

    How Do Banks Embrace Embedded Finance – Have the Fintechs Already Won?

  • 06 April 2022

    ESG Data Architecture is a Business Imperative – How to Get Started

  • 05 April 2022

    hi! I am Roy Murphy

  • 05 April 2022

    Modernizing the Shipping and Cargo Process

  • 30 March 2022

    The Metaverse Evolution and Learning from the Games Industry

  • 29 March 2022

    Do Androids Dream of Trading Electric Sheep for Digital Wood? An Introduction to Automated Game Design

  • 23 March 2022

    Real-Time Payments in Australia – Why Corporates Should Get on Board

  • 22 March 2022

    Current Challenges in the Transportation & Logistics Industry

  • 16 March 2022

    bok! I’m Sanja Cvetkovic

  • 15 March 2022

    Rapidly Transforming: Healthtech Trends in 2022

  • 08 March 2022

    How to Digitize Warehouses and Distribution Centers

  • 01 March 2022

    Top Challenges in Warehouse and Distribution Centers

  • 28 February 2022

    Tackling CIB Legacy at its Core

  • 23 February 2022

    salut! I am Isabela Buhai

  • 22 February 2022

    4 Buy Now Pay Later Trends Set to Disrupt the Industry

  • 15 February 2022

    salut! I’m Natalia Ciobanu

  • 14 February 2022

    Product-Led Innovation – a Q&A with Joe Dunleavy

  • 01 February 2022

    Buy Now Pay Later: Will Regulation Burst the Bubble?

  • 31 January 2022

    Innovation Will Spur Ireland’s Race to the Top

  • 28 January 2022

    The Value of Digital and Automation in the Product Returns Process

  • 26 January 2022

    Virtually Disrupted? Keeping Pace with Accelerating Customer Expectations

  • 19 January 2022

    The 3 Big Ps in Modern Insurance: Personalisation, Prediction and Prevention

  • 18 January 2022

    An Introduction to Mobility as a Service in the US

  • 12 January 2022

    Buy or Build? A Game-Changing Question in Insurance

  • 12 January 2022

    hello! I’m Paul Willoughby

  • 11 January 2022

    Payment Service Providers 2.0

  • $name

We are listening

How would you rate your experience with Endava so far?

We would appreciate talking to you about your feedback. Could you share with us your contact details?