Last year, 159,600 Australians were victims of identity theft, making it one of the fastest-growing crimes in the country. Identity theft is top of mind for consumers following a series of high-profile data breaches, including Optus and Medibank, which put millions of Australians' personally identifiable information (PII) at risk.
This risk is only set to grow as the demand for digital goods and services rises, leading to an influx of sensitive data being shared online. As the digital landscape evolves, consumers expect businesses to proactively implement security and privacy measures to protect their data. Failing to do so can have a lasting impact on customer retention, brand reputation and revenue.
Read on to learn more about the common types of identity theft in Australia and the prevention measures you can implement to protect your business and customers.
What is identity theft?
Identity theft occurs when an individual steals another person’s information, such as name, date of birth, address, and bank account, and uses it without permission. This is often to obtain a benefit such as withdrawing money or conducting illegal activity using the victim’s identity.
The online shift in recent years has sharply increased the prevalence of this crime. With the acceleration of e-commerce and online services, businesses are promptly adopting cloud technologies due to their improved agility and flexibility. However, with nearly half of all data breaches happening in the cloud, the exposure of PII is at an all-time high.
While new technologies can offer great benefits, businesses must be aware of how they may put their customers at risk of crimes such as identity theft.
Common types of identity theft in Australia
Crimes involving the misuse of PII have become rampant as more services are digitised and in-person identity verification becomes less common. Fraudsters are creative and can use stolen data to bypass a business’s poor security controls to conduct illicit activity.
As technology evolves, common forms of identity theft include:
Financial identity. Fraudsters use someone’s personal data to access their finances or credit card information to make purchases. A person may also open an account or new line of credit using stolen data such as a Tax File Number (TFN). This has increased following COVID-19 and the acceleration of online shopping, leading to consumers sharing their financial data more freely.
Synthetic identity. Thieves fabricate a new identity using a combination of falsified and real information. This false identity can then be used to open fake accounts, conduct illegal activity, and make purchases. Synthetic identities are harder to detect by businesses as there are elements of legitimacy in combination with false data.
Tombstone identity. The PII of a deceased individual is stolen by thieves to commit fraudulent acts such as account takeover or even secure employment. It can take up to six months before government organisations and institutions are updated on the death of an individual, providing fraudsters ample opportunity to exploit this time lag to acquire the deceased identity.
By remaining vigilant of the common types of identity fraud and recognising when a customer exhibits suspicious patterns, your business can be better prepared to combat possible fraud.
Identity theft prevention
Businesses can protect their customer’s personal information by being aware of changing regulations and introducing preventative measures to increase security. With data breaches set to increase, the below practices can help to protect your business and customers from identity theft.
Data minimisation. Businesses put their consumers at risk when they store PII beyond the identity proofing session. By deleting sensitive data after onboarding and verification, fraudsters have fewer opportunities to access sensitive information.
Data protection policies. It is crucial for businesses to create and implement company-wide data handling and data breach protocols. Internal processes must be aligned for effective external security.
Up-to-date technology. Using innovative and automated systems, businesses can optimise their verification process and reduce poor data handling by removing human intervention.
Incidents of fraud can put customers at risk of identity theft and result in reputation and financial loss for businesses. Introducing the suggested preventative methods can help strengthen your organisation’s defence.
How Data Zoo can help
Data Zoo’s privacy-first ecosystem builds trust between you and your customers. We place privacy and compliance at the core of everything we do. We help create safer verification experiences by protecting your customers and their sensitive data. With Data Zoo, you can confidently mitigate risk, deliver safer verification experiences and meet evolving business and customer demands for privacy.
Protect your customer’s data and privacy. Our ecosystem is designed to onboard and verify customers with privacy top of mind. We do not store any PII after the verification process, nor do we sell/transfer it to any third party for primary or secondary unrelated reasons. In addition, we comply with and adopt local regulation best practices, such as GDPR and CCPA, for the management and handling of PII.
Utilise trusted third parties. Before integrating any third-party service provider or data source, we perform a rigorous due diligence process, including a vendor security assessment to ensure compliance with data privacy and security laws.
Eliminate data handling risks. Human analysts create risks from a data-handling perspective, including unnecessary friction. Data Zoo replaces these slow, manual and risky processes with a real-time and automated solution to ensure the protection and localisation of customer data.