Home' Superfunds : Superfunds March 2015 Contents Superfunds March 2015
themselves to be woefully inadequate as the digital
revolution and innovation in technology change the
business landscape forever, and many industries have
found themselves on the back foot, unsure how to
take control and waiting for the axe to fall.
SUPERANNUATION: CYBER CRIME’S
According to the Australian Federal Police,
superannuation fraud is now the largest earner
for cyber criminals in Australia. And it’s not hard
to see why due to the pool of almost $1.9 billion
in superannuation savings.
Funds hold a treasure trove of personal
information, including medical, banking, financial,
credit card and taxation records, and as more
and more customers are managing their accounts
directly online, the possibilities of a breach
are clearly rising. Mobile devices, cloud-based
technology and the use of external applications
add to the already risky online environment, and,
all in all, it’s a bit like Pandora’s box.
And superannuation has a further attraction.
Unless members are close to retirement age and
actively monitoring their balance, super can be
a case of ‘set and forget’. Members often don’t
read their statements carefully, so crimes can go
undetected for long periods of time. This is in stark
contrast to fraud committed against everyday bank
accounts, where the majority of customers are
quick to notice a rapidly declining balance or stolen
funds and can take action quickly.
The usual criminal pattern is frighteningly
simple. Hackers exploit a range of techniques
to steal a victim’s personal details, before
transferring their superannuation into self-
managed accounts. Funds held in a self-managed
superannuation fund (SMSF) are generally more
easily converted to cash, or alternatively, criminals
use personal details to apply for a financial
hardship grant, which allows for super funds to
be paid to them directly. Many victims have lost
hundreds of thousands of dollars, and sometimes
their entire superannuation balance in this way.
Unfortunately, a lack of rigour surrounding
many organisations’ online security protocols
means that accessing personal information
illegally can be relatively easy. In a recent case,
a fund member without ill intentions, who
was logging into his account, realised that by
making minor changes to a URL, he could access
other people’s statements. These statements
held names, age, addresses, email addresses,
membership numbers, insurance information,
superannuation amounts, beneficiaries, and
And the black market rate to purchase illegally
obtained personal data in Australia clearly reflects
the ease with which such data can be obtained.
According to the Australian Crime Commission,
Australia ranks as the third least expensive ‘source’
country in the world, with average prices for a
single stolen Australian credit card ranging between
$7 and $35. Stolen credit card magnetic strip
coding information ranges between $70 and $170.
FINDING A SOLUTION
Taking action is no longer a choice, and neither
is attempting to turn back time or hoping that a
breach doesn’t occur.
One large fund recently considered isolating
its member database from the internet in a bid
to protect members’ data and money. The hard
truth is that such a step is not only impossible, it
represents a fundamental shift away from the basic
value proposition of the business, namely that
members expect to be able to interact and transact
online. Rather than trying to deny the reality of an
online world, the onus is on businesses, including
super funds, to ensure that their process is as
seamless, safe and secure as possible.
Superannuation funds should focus on the four
key areas below.
1. Review vulnerabilities
It is alarming how many companies think that
they understand where their vulnerabilities are,
when in fact the opposite is true. Think about
the dichotomy between the hacker and the
organisation. An organisation has multiple points
of entry, physical of course, but also online, where
third parties can enter for legitimate or illegitimate
purposes. The hacker needs to find only one.
The best way to fully understand the risks that
a superannuation fund, or any business faces, is
to conduct a comprehensive review, with the help
of an independent, external expert. Once known
and unknown vulnerabilities are identified, then
plugging the gaps becomes a much easier task.
Links Archive Superfunds February 2015 Superfunds April 2015 Navigation Previous Page Next Page