Placeholder Content Image

Australia to introduce new "gold standard" in ID verification

<p>The Australian government is set to introduce a new "gold standard" in ID verification that will protect valuable information from potential data leaks. </p> <p>Government Services Minister Bill Shorten will is set to use his address to the National Press Club on Tuesday to announce the national Trust Exchange, or TEx program, which is currently at the “proof-of-concept stage”, and is slated to be rolled out at the end of the year. </p> <p>The program will connect to a user's MyGov Wallet or digital ID without the need to hand over any documents, allowing businesses to verify your identity using a government-issued QR code.</p> <p>The QR codes could be used for job applications, hotel bookings, or entry into a pub or RSL clubs, eliminating the need to hand over physical driver's licenses or passports.</p> <p>The technology will store information such as someone’s date-of-birth, address, citizenship, visa status, qualifications, occupational licences or working with children check, and other information already held by the government.</p> <p>"Services Australia is partnering with other government systems to develop TEx which would give Australians the ability to verify their identity and credentials based on official information already held by the Australian Government," Shorten is set to say in his National Press Club speech.</p> <p>"That means sharing only the personal information to get the job done, and in some cases, not handing over any personal information at all."</p> <p>“You control what details are exchanged. You then have in your wallet a record of sharing, say, your passport and trade certificate with your employer.”</p> <p>Shorten will say codes "digitally shake hands with your myGov wallet," leaving you with a record in your account of what you shared, and who you shared it with.</p> <p>"All that has been exchanged has been a digital 'thumbs up' from the Government that you are who you say you are," Shorten will say.</p> <p><em>Image credits: Shutterstock </em></p>

Legal

Placeholder Content Image

The $500 million ATO fraud highlights flaws in the myGov ID system. Here’s how to keep your data safe

<p><em><a href="https://theconversation.com/profiles/rob-nicholls-91073">Rob Nicholls</a>, <a href="https://theconversation.com/institutions/unsw-sydney-1414">UNSW Sydney</a></em></p> <p>The Australian Tax Office (ATO) paid out more than half a billion dollars to cyber criminals between July 2021 and February 2023, according to an <a href="https://www.abc.net.au/news/2023-07-26/ato-reveals-cost-of-mygov-tax-identity-crime-fraud/102632572">ABC report</a>.</p> <p>Most of the payments were for small amounts (less than A$5,000) and were not flagged by the ATO’s own monitoring systems.</p> <p>The fraudsters exploited a weakness in the identification system used by the myGov online portal to redirect other people’s tax refunds to their own bank accounts.</p> <p>The good news is there’s plenty the federal government can do to crack down on this kind of fraud – and that you can do to keep your own payments secure.</p> <h2>How these scams work</h2> <p>Setting up a myGov account or a myGov ID requires proof of identity in the form of “<a href="https://www.afp.gov.au/sites/default/files/PDF/NPC-100PointChecklist-18042019.pdf">100 points of ID</a>”. It usually means either a passport and a driver’s licence or a driver’s licence, a Medicare card, and a bank statement.</p> <p>Once a myGov account is created, linking it to your tax records requires two of the following: an ATO assessment, bank account details, a payslip, a Centrelink payment, or a super account.</p> <p>These documents were precisely the ones targeted in three large data breaches in the past year: at <a href="https://theconversation.com/what-does-the-optus-data-breach-mean-for-you-and-how-can-you-protect-yourself-a-step-by-step-guide-191332">Optus</a>, at <a href="https://theconversation.com/medibank-hackers-are-now-releasing-stolen-data-on-the-dark-web-if-youre-affected-heres-what-you-need-to-know-194340">Medibank</a>, and at <a href="https://asic.gov.au/about-asic/news-centre/news-items/guidance-for-consumers-impacted-by-the-latitude-financial-services-data-breach/">Latitude Financial</a>.</p> <p>In this scam, the cyber criminal creates a fake myGov account using the stolen documents. If they can also get enough information to link to the ATO or your Tax File Number, they can then change bank account details to have your tax rebate paid to their account.</p> <p>It is a sadly simple scam.</p> <h2>How government can improve</h2> <p>One of the issues here is quite astounding. The ATO knows where salaries are paid, via the “<a href="https://www.ato.gov.au/business/single-touch-payroll/what-is-stp-/">single touch</a>” payroll system. This ensures salaries, tax and superannuation contributions are all paid at once.</p> <p>Most people who have received a tax refund will have provided bank account details where that payment can be made. Indeed, many people use precisely those bank account details to identify themselves to myGov.</p> <p>At present, those bank details can be changed within myGov without any further ado. If the ATO simply checked with the individual via another channel when bank account details are changed, this fraud could be prevented. It might be sensible to check with the individual’s employer as well.</p> <p>Part of the problem is the ATO has not been very transparent about the risks. If these risks were clearly set out, then calls for changes to ATO procedures would have been loud and clear from the cyber security community.</p> <p>The ATO is usually good at identifying when a cyber security incident may lead to fraud. For example, when the recruitment software company <a href="https://www.abc.net.au/news/2018-06-06/australian-data-may-be-compromised-in-pageup-security-breach/9840048?itm_campaign=newsapp">PageUp was hacked in 2018</a>, the ATO required people who may have been affected to reconfirm their identities. This was done without public commentary and represents sound practice.</p> <p>Sadly, the millions of records stolen in the Optus, Medibank and Latitude Financial breaches have not led to a similar level of vigilance.</p> <p>Another action the ATO could take would be to check when a single set of bank account details is associated with more than one myGov account.</p> <p>A national digital identity would also help. However, this system has been in development for years, is not universally popular, and may well be <a href="https://www.themandarin.com.au/226280-gallagher-warns-community-support-for-digital-identity-not-ubiquitous/">delayed</a> until after the federal election due in 2024.</p> <h2>Protecting yourself</h2> <p>The most important thing to do is make sure the ATO does not use a bank account number other than yours. As long as the ATO only has your bank account number to transfer your tax rebate, this scam does not work.</p> <p>It also helps to protect your Tax File Number. There are only four groups that ever need this number.</p> <p>The first is the ATO itself. The second is your employer. However, remember you do not need to give your TFN to a prospective employer, and your employer only needs your TFN <em>after</em> you have started work.</p> <p>Your super fund and your bank may ask for your TFN. However, providing your TFN to your super fund or bank is optional – it just makes things easier, as otherwise they will withhold tax which you will need to claim back later.</p> <p>Of course, all the usual data safety issues still apply. Don’t share your driver’s licence details without good reason. Take similar care with your passport. Your Medicare card is for health services and does not need to be shared widely.</p> <p>Don’t open emails from people you do not know. Never click links in messages unless you are sure they are safe. Most importantly, know your bank will not send you emails containing links, nor will the ATO.<!-- Below is The Conversation's page counter tag. Please DO NOT REMOVE. --><img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important;" src="https://counter.theconversation.com/content/210459/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /><!-- End of code. If you don't see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: https://theconversation.com/republishing-guidelines --></p> <p><em><a href="https://theconversation.com/profiles/rob-nicholls-91073">Rob Nicholls</a>, Associate professor of regulation and governance, <a href="https://theconversation.com/institutions/unsw-sydney-1414">UNSW Sydney</a></em></p> <p><em>Image </em><em>credits: Shutterstock</em></p> <p><em>This article is republished from <a href="https://theconversation.com">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/the-500-million-ato-fraud-highlights-flaws-in-the-mygov-id-system-heres-how-to-keep-your-data-safe-210459">original article</a>.</em></p>

Technology

Placeholder Content Image

Australia's national digital ID is here, but the government is keeping quiet

<p>The Australian government’s Digital Transformation Agency (DTA) has <a href="https://www.itnews.com.au/news/australias-digital-identity-bill-tops-200m-535700">spent more than A$200 million</a> over the past five years developing a National Digital ID platform. If successful, the project could streamline commerce, resolve bureaucratic quagmires, and improve national security.</p> <p>The emerging results of the project may give the Australian public cause for concern.</p> <p>Two mobile apps built on the DTA’s Trusted Digital Identification Framework (TDIF) have <a href="https://www.itnews.com.au/news/ato-set-to-launch-mygovid-on-android-devices-531544">recently</a> been <a href="https://www.itnews.com.au/news/ausposts-digital-id-accredited-by-government-528637">released</a> to consumers. The apps, <a href="https://www.mygovid.gov.au">myGovID</a> and <a href="https://www.digitalid.com">Digital ID</a>, were developed by the Australian Taxation Office (ATO) and Australia Post, respectively.</p> <p>Both apps were released without fanfare or glossy marketing campaigns to entice users. This is in keeping with more than five years of stealthy administrative decision-making and policy development in the National Digital ID project.</p> <p>Now, it seems, we are set to hear more about it. An existing digital identity scheme for businesses called <a href="https://www.abr.gov.au/auskey">AUSkey</a> will be retired and replaced with the new National Digital ID in March, and the DTA has <a href="https://www.innovationaus.com/digital-id-gets-a-pr-makeover/">recently</a> put out a contract for a “Digital Identity Communication and Engagement Strategy”.</p> <p>The DTA’s renewed investment in public communications is a welcome change of pace, but instead of top-down decision-making, why not try consultation and conversation?</p> <p><strong>We fear what we don’t understand</strong></p> <p>Ever since the Hawke government’s ill-fated Australia Card proposal in the 1980s, Australians have consistently viewed national identification schemes with contempt. <a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3224115">Some</a> have suggested that the DTA’s silence comes from fear of a backlash.</p> <p>History provides insight into some, but not all, of the numerous potential reasons for the DTA’s strategic opacity.</p> <p>For example, people do not respond positively to what they do not understand. Surveys suggest that <a href="https://www.innovationaus.com/2019/11/Digital-ID-gets-a-poor-focus-reception">fewer than one in four Australians</a> have a strong understanding of digital identification.</p> <p>The National Digital ID project was launched more than five years ago. Why hasn’t the public become familiar with these technologies?</p> <h2>What is the TDIF?</h2> <p><a href="https://images.theconversation.com/files/311035/original/file-20200121-145026-iufjxx.jpg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=1000&amp;fit=clip"><img src="https://images.theconversation.com/files/311035/original/file-20200121-145026-iufjxx.jpg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;fit=clip" alt="" /></a> <span class="caption">Part of an overview of the TDIF available on the DTA website.</span> <span class="attribution"><a href="https://www.dta.gov.au/our-projects/digital-identity/trusted-digital-identity-framework/public-consultation-4th-release-tdif" class="source">Trusted Digital Identity Framework (TDIF)™: 02 - Overview © Commonwealth of Australia (Digital Transformation Agency) 2019.</a>, <a href="http://creativecommons.org/licenses/by/4.0/" class="license">CC BY</a></span></p> <p>The TDIF is what’s known as a federated digital identification system. This means it relies on multiple organisations called Identity Providers, who act as central repositories for identification.</p> <p>In essence, you identify yourself to the Identity Provider, which then vouches for you to third parties in much the same way you might use a Google or Facebook account to log in to a news website.</p> <p>The difference in this case is that Identity Providers will control, store and manage all user information – which is likely to include birth certificates, marriage certificates, tax returns, medical histories, and perhaps eventually biometrics and behavioural information too.</p> <p>There are currently two government organisations offering Identity Service Providers: the Australian Tax Office (ATO) and Australia Post. By their nature, Identity Providers consolidate information in one place and risk becoming a single point of failure. This exposes users to harms associated with the possibility of stolen or compromised personal information.</p> <p>Another weakness of the TDIF is that it doesn’t allow for releasing only partial information about a person. For example, people might be willing to share practically all their personal information with a large bank.</p> <p>However, few will voluntarily disclose such a large amount of personal information indiscriminately – and the TDIF doesn’t give the option to control what is disclosed.</p> <p><strong>Securing sovereignty over identity</strong></p> <p>It might have been reasonable to keep the National Digital ID project quiet when it launched, but a lot has changed in the past five years.</p> <p>For example, some localities in <a href="https://digitalcanada.io/bc-orgbook-tell-us-once/">Canada</a> and <a href="https://procivis.ch/about-us/">Switzerland</a>, faced with similar challenges, chose an alternative to the federated model for their Digital ID systems. Instead, they used the principles of what is called Self Sovereign Identity (SSI).</p> <p>Self-sovereign systems offer the same functions and capabilities as the DTA’s federated system. And they do so without funnelling users through government-controlled Identity Providers.</p> <p>Instead, self-sovereign systems let users create, manage and use multiple discrete digital identities. Each identity can be tailored to its function, with different attributes attached according to necessity.</p> <p>Authentication systems like this offer control over the disclosure of personal information. This is a feature that may considerably enhance the privacy, security and usability of digital identification.</p> <p><strong>Moving forward</strong></p> <p>Based on the idea of giving control to users, self-sovereign digital identification puts its users ahead of any institution, organisation or state. Incorporating elements from the self-sovereign approach might make the Australian system more appealing by addressing public concerns.</p> <p>And self-sovereign identity is just one example of many technologies already available to the DTA. The possibilities are vast.</p> <p>However, those possibilities can only be explored if the DTA starts engaging directly with the general public, industry and academia. Keeping Australia’s Digital National ID scheme cloaked will only increase negative sentiment towards digital identity schemes.</p> <p>Even if self-sovereign identity proved appealing to the public, there would still be plenty of need for dialogue. For example, people would need to enrol into the identification program by physically visiting a white-listed facility (such as a post office). That alone poses several technological, economic, social and political challenges.</p> <p>Regardless of the direction Australia takes for the Digital National ID, there will be problems that need to be solved – and these will require dialogue and transparency.</p> <p>Government and other organisations may not support a self-sovereign identity initiative, as it would give them less information about and administrative control over their constituents or clients.</p> <p>Nonetheless, the implementation of a national identity scheme by stealth will only give the Australian public good reason for outrage, and it might culminate in intensified and unwanted scrutiny.</p> <p>To prevent this from occurring, the DTA’s project needs to be brought out of hiding. It is only with transparency and a dialogue open to all Australians that the public’s concerns can be addressed in full.<!-- Below is The Conversation's page counter tag. Please DO NOT REMOVE. --><img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important; text-shadow: none !important;" src="https://counter.theconversation.com/content/130200/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /><!-- End of code. If you don't see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: http://theconversation.com/republishing-guidelines --></p> <p><span><a href="https://theconversation.com/profiles/dr-patrick-scolyer-gray-936770"><em>Dr Patrick Scolyer-Gray</em></a><em>, Research Fellow, Cyber Security, <a href="https://theconversation.com/institutions/deakin-university-757">Deakin University</a></em></span></p> <p><em>This article is republished from <a href="http://theconversation.com">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/australias-national-digital-id-is-here-but-the-governments-not-talking-about-it-130200">original article</a>.</em></p>

Technology

Placeholder Content Image

Amazon driver refuses to deliver alcohol to 92-year-old woman without ID

<p><span>An Amazon driver refused to deliver liquor to a 92-year-old UK woman after she failed to show her ID.</span></p> <p><span>Louise Wilkinson was expecting a bottle of Harveys Bristol Cream sherry from her grandson Carl Johnston as a holiday present, <em><a href="https://nypost.com/2019/12/31/amazon-driver-refuses-to-deliver-booze-to-92-year-old-granny-without-id/">The Sun</a> </em>reported.</span></p> <p><span>However, the grandmother of four was left surprised after the Amazon delivery driver arrived at her County Durham home and asked for her ID. She failed to produce a passport or driver’s licence, and the bottle was taken away despite her insistence that she was of legal age.</span></p> <p><span>“I can understand that if you are lucky enough to look around 18 you should have to show ID,” Johnston said. “But my grandma is 92.”</span></p> <p><span>A second attempt to deliver the item was again unsuccessful after the widow tried to use a bus pass as identification. “A bus pass isn’t on Amazon’s list of accepted identifications,” said Johnston.</span></p> <p><span>The accepted forms of identification are military ID cards, a biometric immigration document or a photographic identity card bearing a national Proof of Age Standard Scheme (PASS) holograms.</span></p> <p><span>Johnston questioned why the online marketplace’s drivers could not “just accept a visual check if you are clearly over 18”.</span></p> <p><span>The grandson said he plans to purchase another bottle and deliver it himself.</span></p>

Food & Wine

Placeholder Content Image

PayID data breaches show that Aussie banks need to be more vigilant

<p>When we think of a bank robbery, we might imagine a safe with the door blown open. But nowadays it might be more accurate to picture criminals accessing our bank account online from another country. Bank robbers don’t need balaclavas and shotguns anymore.</p> <p>Australian banks have long provided convenient ways for customers to transfer funds. But the process of remembering and entering BSB and account numbers is prone to human error. Enter <a href="https://payid.com.au/">PayID</a>.</p> <p>PayID allows customers to attach their mobile phone number or email address to their bank account. They can then simply provide these details to other people, providing a convenient way to receive payments.</p> <p>It can only be used for incoming payments, rather than outgoing ones. So you might think that makes it less of a tempting target for hackers. But that’s not necessarily the case.</p> <p><a href="https://www.nppa.com.au/wp-content/uploads/2018/12/New-Payments-Platform-Financial-Services-Media-Release.pdf">Launched in February 2018</a> by <a href="https://www.nppa.com.au/the-company/">New Payments Platform Australia</a>, an alliance of 13 banks, PayID is reportedly available to <a href="https://www.nppa.com.au/wp-content/uploads/2019/02/NPP-One-year-on.pdf">more than 52 million account holders</a> across almost all major financial institutions. By February 2019, some 2.5 million PayID identifiers had been created, and 90 million transactions totalling more than A$75 billion had been processed.</p> <p>When entering a PayID mobile phone number to make a payment, the full name of the account holder is displayed, so the person making the payment can ensure they are sending it to the right PayID account.</p> <p>Shortly after the service launched, Twitter users began pointing out that this means you can enter random phone numbers and, if that number has been linked to a PayID account, the account holder’s name will show up – rather like a phone book in reverse.</p> <p><a href="https://images.theconversation.com/files/292436/original/file-20190913-8687-1rizahf.png?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=1000&amp;fit=clip"><img src="https://images.theconversation.com/files/292436/original/file-20190913-8687-1rizahf.png?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;fit=clip" alt="" /></a> <span class="caption">Twitter posting of PayID details.</span> <span class="attribution"><span class="source">@anthonycr0</span></span></p> <p>The following day, on February 17, 2018, NPP Australia acknowledged this issue in a <a href="https://www.nppa.com.au/wp-content/uploads/2018/12/PayID-privacy-statement.pdf">media release</a>, but effectively dismissed users’ concerns:</p> <blockquote> <p>While unfortunate for the individuals involved, the discussion highlights the choice and benefits to be considered by users when they opt in to create a PayID.</p> </blockquote> <p>This is not exactly reassuring for bank customers whose details were publicly posted. And developments this year suggest that the underlying problems persist.</p> <p><strong>Better luck next time?</strong></p> <p>In June 2019, around <a href="https://www.businessinsider.com.au/100000-australians-reportedly-at-risk-of-fraud-as-hackers-attack-westpacs-payid-platform-2019-6">98,000 PayID details were obtained</a> after hackers used several online bank accounts to carry out <a href="https://www.smh.com.au/business/banking-and-finance/australians-private-details-exposed-in-attack-on-westpac-s-payid-20190603-p51u2u.html">more than 600,000 PayID lookups over the course of six weeks</a>, reportedly by simply entering phone numbers in sequential order.</p> <p>It is not clear who was to blame, although there are allegations of a <a href="https://www.theage.com.au/business/banking-and-finance/australians-private-details-exposed-in-attack-on-westpac-s-payid-20190603-p51u2u.html">leaked memo pointing the finger at US-based fraudsters</a>.</p> <p>The exact motive is unclear, but any personal data has value in the underground economy. In this case, the data could potentially be used as part of a more complex phishing scam designed to steal further information from account holders.</p> <p>Although this is clearly a very simple attack involving nothing more sophisticated than simple trial and error, it appears the PayID system did not detect the large number of lookups – an average of 14,000 per account – or the speed with which they were undertaken.</p> <p>To give a real-world example, it would be like going into your bank 14,000 times and handing over a different piece of identification each time.</p> <p>This high volume of lookups should have raised significant security concerns. While legitimate users could be forgiven for needing a couple of tries to punch in the right number, no one should need thousands of attempts.</p> <p>It should have been a simple security step to add lookup limits and to identify this as highly abnormal behaviour. Yet neither the bank concerned nor NPP Australia had implemented mechanisms to detect or prevent this form of misuse.</p> <p>After a security breach this size, the banks might reasonably be expected to take urgent steps to prevent it happening again. But it did happen again, two months later.</p> <p>In August 2019, a further <a href="https://www.canstar.com.au/online-banking/payid-hack-which-bank-accounts-hit/">92,000 PayIDs were exposed</a>. In this case, it was reported that the breach happened <a href="https://www.nppa.com.au/uplifting-cybersecurity-controls/">within the systems of a financial institution connected to the NPP Australia systems</a>. Worryingly, this breach reportedly revealed users’ full name, BSB and account number.</p> <p>Banks were quick to <a href="https://www.nppa.com.au/uplifting-cybersecurity-controls/">reassure customers</a> that this does not allow transactions to be undertaken. However, it did deliver yet more valuable information into the hands of cyber criminals – further enabling phishing opportunities.</p> <p>While affected customers have been contacted, the only option to remove this risk is to stop using PayID. This is easily done but removes the convenience factor for most bank customers.</p> <p>What’s the real risk?</p> <p>Because the system enables payments <em>into</em> accounts, rather than authorising withdrawals <em>from</em> them, the risk may seem minor. Indeed, many in the banking sector have dismissed it as so. But there is a deeper risk.</p> <p><a href="https://theconversation.com/phishing-scams-are-becoming-ever-more-sophisticated-and-firms-are-struggling-to-keep-up-73934">Phishing</a> is a form of cyber crime in which victims are tricked into revealing confidential information through convincing-looking emails or SMS messages. Unfortunately, there are already examples of this in relation to PayID.</p> <p><em><img src="https://images.theconversation.com/files/292438/original/file-20190913-8674-1cbmg07.png?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;fit=clip" alt="" /> <span class="caption">Real examples of PayID-related SMS phishing messages.</span> <span class="attribution"><span class="source">canstar.com</span></span></em></p> <p>The approach depicted above is not particularly sophisticated. But imagine a more tailored email message quoting examples of identifiable information (PayID, full name) or, as with the most recent breach, BSB and account number.</p> <p>Coupled with the correct branding and reassuring words of your bank, it would be easy to convince an unsuspecting user of the need to “login to change your PayID for security reasons”. Just a few minutes of creativity on a computer can produce convincing results.</p> <p>The image shown below was created to show how easy this process is. It uses genuine branding, but the “login” button could easily be set to direct users to a website designed to steal login credentials.</p> <p><em><img src="https://images.theconversation.com/files/292440/original/file-20190913-8701-1nq3pl8.png?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;fit=clip" alt="" /> <span class="caption">Mock-up of a potential PayID-related phishing email.</span></em></p> <p>With the <a href="https://www.mebank.com.au/news/household-financial-comfort-report/">ME Household Financial Comfort Report</a> indicating that almost 50% of households have at least A$10,000 in savings, there is a clear incentive for cyber criminals to target our bank accounts. As with any phishing attack, it only takes a few people to succumb to make the enterprise worthwhile.</p> <p>Although bank customers can do little more than think twice before responding to messages, the real power is with the banks. Simply being alert to unusual patterns of behaviour would have prevented these security breaches.</p> <p>This is not new territory for financial institutions, who routinely look for <a href="https://www.cnbc.com/id/46907307">unusual patterns in credit card transactions</a>. Perhaps it is time to apply these same concepts in other scenarios and better protect Australia’s banking customers.<!-- Below is The Conversation's page counter tag. Please DO NOT REMOVE. --><img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important; text-shadow: none !important;" src="https://counter.theconversation.com/content/123529/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /><!-- End of code. If you don't see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: http://theconversation.com/republishing-guidelines --></p> <p><em><a href="https://theconversation.com/profiles/paul-haskell-dowland-382903">Paul Haskell-Dowland</a>, Associate Dean (Computing and Security), <a href="http://theconversation.com/institutions/edith-cowan-university-720">Edith Cowan University</a></em></p> <p><em>This article is republished from <a href="http://theconversation.com">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/payid-data-breaches-show-australias-banks-need-to-be-more-vigilant-to-hacking-123529">original article</a>.</em></p>

Money & Banking

Placeholder Content Image

Is this the end of ID cards? The new change coming to your driver’s license

<p>Say goodbye to your ID cards because digital driver's licences are set to be trialled in Sydney from November.</p> <p>The opt-in scheme will be available to more than 140,000 drivers across the city's eastern suburbs.</p> <p>The trial will have licenses available on drivers’ smartphones and can be used to gain entry to pubs and clubs, as well as for roadside police checks within the trial area.   </p> <p><img id="i-2be3c8ddaca6f1ed" style="display: block; margin-left: auto; margin-right: auto;" class="blkBorder img-share b-loaded" src="https://i.dailymail.co.uk/i/newpix/2018/08/20/09/4F3B4AA900000578-6077835-image-a-2_1534755428456.jpg" alt="Digital driver's licences are set to be trialled in Sydney as part of an opt-in scheme " width="634" height="317" /></p> <p>Minister for Finance, Services and Property Victor Dominello announced the new trial on Monday.  </p> <p>“Smartphones have become de facto wallets and we're using cutting edge technology so that drivers can use a digital licence in everyday scenarios,” Mr Dominello said. </p> <p>“If you're going to the movies you can use your phone to get in, if you’re going to the airport you can get an eticket. Now we're making it even more convenient if you go to a pub or club in the trail area, you can use your digital driver's license.”</p> <p>The digital license will have increased protection against identity fraud, said Mr Dominello</p> <p>“A digital driver's license is far more secure than a plastic card because you can't lose your digital ID,” he added.</p> <p>“Parliament has approved new laws to enable a state-wide roll-out of the technology. This trial will bring us a step closer to delivering on that promise.”</p> <p>Drivers who opt-in for the trial will still have to carry their physical licence with them. </p> <p>The Sydney scheme follows a successful <strong><u><a href="https://www.oversixty.com.au/finance/insurance/aussie-state-to-introduce-digital-drivers-licences">trial in NSW’s Dubbo</a></u></strong>, which included 1400 participants and a 83 per cent customer satisfaction rating.</p>

Travel Tips

Placeholder Content Image

Flight Centre agent plays funny prank on man who lost ID

<p>A Flight Centre agent has played a funny prank on a man who lost his identification after a rowdy night out, sending in a letter in the mail that appeared to be a booking confirmation for first class return flights to the Maldives.</p> <p>After losing his ID on a night out on the town, UK resident Will Armstrong was shocked to discover a letter in the mail which made him believe someone had used his mislaid license to book the first-class flights, worth £5,000 ($A8,500).</p> <blockquote class="twitter-tweet"> <p dir="ltr">so I was pretty drunk the other night and I lost my ID, then this turns up today... <a href="https://t.co/TX0CHttfnT">pic.twitter.com/TX0CHttfnT</a></p> — will (@willarmstrong__) <a href="https://twitter.com/willarmstrong__/status/927958251551055872?ref_src=twsrc%5Etfw">November 7, 2017</a></blockquote> <p>Fortunately, Armstrong quickly found out that it was a ruse from a cheeky Flight Centre travel agent, named Steve, who had found the missing ID just outside his store.</p> <p>Armstrong tweeted images of the prank, and even popped instore to visit Steve, which have since been retweeted more than 60,000 times around the world.</p> <blockquote class="twitter-tweet"> <p dir="ltr">here's the man himself, thank you Steve! <a href="https://t.co/D0ctqiSXlY">pic.twitter.com/D0ctqiSXlY</a></p> — will (@willarmstrong__) <a href="https://twitter.com/willarmstrong__/status/928269821170651136?ref_src=twsrc%5Etfw">November 8, 2017</a></blockquote> <p>What are your thoughts? Funny prank? Or did it go a little too far?</p> <p><em><strong>Have you arranged your travel insurance yet? Save money with Over60 Travel Insurance. <span style="text-decoration: underline;"><a href="https://elevate.agatravelinsurance.com.au/oversixty?utm_source=over60&amp;utm_medium=content&amp;utm_content=link1&amp;utm_campaign=travel-insurance" target="_blank">To arrange a quote, click here.</a></span> Or for more information, call 1800 622 966.</strong></em></p>

Travel Tips

Placeholder Content Image

How to set up emergency medical ID on iPhone

<p>Among the features introduced to Apple’s new Health app is one that could potentially save your life. The digital “Medical ID” provides important health-related information about you, like allergies and medical conditions, which anyone can access in the event of an emergency.</p> <p><strong>How to set up your Medical ID</strong></p> <p>This feature is only available if you have upgraded your iPhone software to iOS 8. First, open the Health app on your iPhone. Tap “Medical ID” located at the bottom right of the screen. You will be asked if you want your Medical ID to be available even when your phone is locked. Click yes as this allows people access to your health information in emergencies.</p> <p>Now plug in the details you would like others to know. There are options to include information about allergic reactions, medications you take, blood types, organ donor, as well as an emergency contact. Tap done when you are finished. Your Medical ID will now be ready to use.</p> <p><img width="324" height="577" src="https://oversixtydev.blob.core.windows.net/media/9090/medical-id_499x885.jpg" alt="Medical ID" style="display: block; margin-left: auto; margin-right: auto;"/></p> <p><strong>How to access your Medical ID on a locked iPhone</strong></p> <p>When someone who does not know your passcode attempts to get onto your iPhone there will be an option to tap the “Emergency” button, which is located on the bottom left of the screen.</p> <p><img width="323" height="572" src="https://oversixtydev.blob.core.windows.net/media/9091/emergnecy-1_499x885.jpg" alt="Emergnecy 1" style="display: block; margin-left: auto; margin-right: auto;"/></p> <p>They will be taken to the “Emergency Call” screen and at the bottom left of the screen will be the “Medical ID” button. Once they tap this, it will reveal your medical ID information.</p> <p><img width="301" height="535" src="https://oversixtydev.blob.core.windows.net/media/9092/emergency-2_499x885.jpg" alt="Emergency 2" style="display: block; margin-left: auto; margin-right: auto;"/></p> <p><strong>Related links:</strong></p> <p><em><strong><span style="text-decoration: underline;"><a href="/lifestyle/technology/2015/08/blue-green-iphone-messages/">Why are some iPhone messages blue and others green?</a></span></strong></em></p> <p><em><strong><span style="text-decoration: underline;"><a href="/lifestyle/technology/2015/04/online-scams/">Online scams you need to know about</a></span></strong></em></p> <p><em><strong><span style="text-decoration: underline;"><a href="/lifestyle/technology/2015/03/things-your-iphone-earphones-can-do/">12 things you didn’t know your iPhone earphones could do</a></span></strong></em></p>

Technology

Placeholder Content Image

From PTSD to entrepreneur

<p>With an award-winning business under her belt, Over60 sat down with mum-of-three and ex-Police officer, Nicole Graham, to talk about how suffering PTSD and mitral valve prolapse led her to start Emergency ID to help others like her.</p><p><strong><strong><img width="162" height="205" src="https://oversixtydev.blob.core.windows.net/media/1221/nicole-police-pic_162x205.jpg" alt="Nicole Police Pic" style="float: left;"></strong> You used to work in the Police force, why did you decide to leave?</strong><br>“I joined the Police force in 1989 at the age of 20. I had a strong sense of social justice and enjoyed the mateship within the force. We literally put our lives in each other’s hands and faced the most harrowing experiences side by side.</p><p>I was a ‘career cop’ and my ultimate aim was to become the first female commissioner. However, that all went pear-shaped when, like so many other Police, I was struck down with post-traumatic stress disorder (PTSD) after 13 years.</p><p>During my time stationed in busy western Sydney and remote rural communities, I experienced many horrific situations – fatalities, sieges, autopsies, stabbings, suicides, accidents and domestic violence – and I specialised in taking statements from sexually and physically abused children.</p><p>It eventually took its toll and I was severely affected by flashbacks, depression and anxiety. Most people don’t realise the huge amount of stress Police deal with and they have an extremely high rate of PTSD, depression, divorce and suicide. We need to look after and appreciate our Police a lot better than we do.”</p><p><strong>You’ve had major heart surgery, can you tell us about this?</strong><br>“I was 34-years-old and the mother of two young children. I was into fitness and competing in biathlons. During a routine GP visit I mentioned that I had been experiencing dizziness, vomiting and tiredness but had been pushing through to maintain my fitness.</p><p>[The doctor] listened to my heart and sent me immediately to a cardiologist. Within a week I was in St Vincent’s Hospital having open heart surgery. I was diagnosed with mitral valve prolapse, which meant oxygenated blood was not pumping around my body as it should, and told I was extremely lucky that I didn’t have a massive heart attack.</p><p>It was a long and slow recovery after a few complications, life support, intensive care and rehabilitation.</p><p>Living through such a traumatic time made me realise what is important in life. In the long run it changed me for the better. They say what doesn’t kill you makes you stronger – and that was certainly the case for me.”</p><p><strong>Was this surgery one of the reasons you started your business?</strong><br>“One of the outcomes of my heart issue was that I was recommended to wear medical jewellery so that if anything happened to me in the future, medical or emergency personnel would have some knowledge of my history.</p><p>That’s when I found there were very limited choices available and it was generally very unattractive – I guess as a 30-something young woman I didn’t fit their target market!</p><p>It got me thinking and I realised that members of my own family would have benefited from medical jewellery too.</p><p>I had an uncle with an intellectual disability who was killed by a drunk driver. He had spent hours in the hospital and then the morgue before we even knew anything had happened because he had no ID on him.&nbsp;</p><p>My father suffered from cancer when he was 26 until his passing at 43. He had great difficulty remembering his lengthy medical history, medications and contact details of specialists. Medical staff really needed to know those details so he could be treated correctly but he didn’t wear or carry anything as there was nothing suitable.</p><p>I also knew from my time in the Police, that it is so difficult to contact people in times of emergencies. Often the only details we had of those seriously injured, or worse, was an address from their licence. We were so often unable to contact loved ones and many heartbreaking moments could have been avoided if people carried emergency information on them.”</p><p><strong>What is Emergency ID all about?</strong><br>“Emergency ID is all about having a huge variety of products and services to relay vital information to first aiders, emergency services and hospital personnel if you are involved in an accident or medical incident. It’s all about providing information that could save your life, rather than leaving those treating you guessing if you have any previous medical conditions, medications or history that can affect your treatment.&nbsp;It’s also about having emergency contacts on or with you at all times so that the correct people can be notified and with you when you need it the most.”</p><p><strong>What are you most proud of in relation to your business?</strong><br>“Nine years ago the business consisted of a laptop on my dining room table and five products. We now have the largest and most diverse range available and we are world leaders in our field. We have also been independently judged and awarded numerous times – we are the most awarded in our field. We’re proudly 100 per cent Australian and AUSBUY accredited.</p><p>I am also very proud that as we grow we are becoming more and more involved in giving to charities and organisations. For example, we have proudly supported the Love Your Sister campaign, we are in a fundraising partnership with The McGrath Foundation, and I recently did the St Vincent’s CEO Sleepout, where I slept out on the street to raise money for the homeless. We also proudly donate Emergency ID to those in dire financial need and who are homeless though the Matthew Talbot Hostel and St Vincent de Paul Health Clinic in Kings Cross, NSW.</p><p>Lastly I am very proud to have just become a volunteer speaker for Beyond Blue, working to reduce the impact of depression and anxiety in the community by raising awareness and understanding, empowering people to seek help, and supporting recovery, management and resilience.”</p><p><strong>What’s next for you?</strong><br>“Doing more community work.&nbsp;I have lots of speaking engagements including one for Beyond Blue and supporting more and more charities and community events.&nbsp;I’d also like to take Emergency ID Australia worldwide, so we can not only assist Australians, but anyone who could benefit from wearing or having Emergency ID in a crisis.&nbsp;Oh, and travelling and being with the loves of my life – my husband and my three children. My 20-year-old skydiving instructor son, my 18-year-old budding lawyer daughter and an overly loved, attention-seeking four-year-old. Yes, there is a huge age gap there.”</p><p>&nbsp;</p><p>&nbsp;</p>

Money & Banking

Our Partners