Only a Digital ID will stop scams and Identity Theft (opinion)

Digital ID will stop scams and Identity Theft. However, it is bogged down in red tape and privacy concern throwbacks from those that still remember Bob Hawke’s controversial 1985 Australia Card national ID proposal.

1985 is significant – that was 38 years ago, well before the World Wide Web was officially born in the early ’90s. And since then, the WWW has become weaponised by cybercriminals and cyberhackers to deliver email and online scams focussing on the end goal – emptying your bank account.

The problem is simple. We are oversharing personal data

Any online transaction with the government, banks, education, utility providers, stores, loyalty programs, ride-share, short-term rental, Facebook, TikTok, Google, Microsoft and many more collects and keeps too much information to verify that you are who you say you are.

How often have you been asked to provide a copy of the front and back of your driver’s licence, passport, ID selfie photo, utility bills, and answers to secret questions? An average person hands over personality-identifiable information at least 20 times a year. Many have between 50-100 online accounts and passwords.

The answer is equally simple. A single, unhackable Digital ID

Prove once you are who you say you are, and then use an unhackable Token/Authenticator App for every online transaction.

It is coming, at least at State and Federal government levels. Digital ID (website) will identify you to all government departments. It will allow you to update details in a central location – new email address, change of home address, mobile, and more.

Before you complain about privacy, the Government already has most of your details stored in dozens of disparate databases across even more Departments. Any one of those could suffer a hack. It makes sense to protect one super database.

Issue #1 is to ensure that your Digital ID information is safe.

Who would have thought that Medibank (9.7 million) or Optus (9.8 million), with their sizable cybersecurity budgets, could have been two of Australia’s largest hacks?

Well, let me add a few more Aussie hacks:

  • Canva – an Aussie company (137 million)
  • Latitude Financial (14 million)
  • Afterpay (8.2 million)
  • MyDeal (2.2 million)
  • Bunnings (Flexbooker breach up to 3.7 million accounts)
  • Telstra (130,000)
  • Samsung (190GB of data – content not disclosed)
  • Door Dash (Australian customers)
  • Meriton (tenancy lists)
  • Good Guys (1.85 million in its Customer Loyalty Program)
  • Red Cross (515,000 vulnerable people)
  • ProctorU online remote learning (444,000)
  • Australian National University (200,000)
  • Eastern Health (4 Melbourne hospitals)
  • Service NSW (104,000)
  • Melbourne Heart Group (Cabrini Hospital, 15,000 patients)
  • Australian Parliament House (MPs from all parties)
  • Tasmanian Ambulance (Every ambulance user from November 2020 to January 2021)
  • Northern Territory (4,400 Covid email addresses)
  • West Australian Parliament (Nation State attack)
  • Toyota (10 years of customer data over 2 million records)

This is the tip of the iceberg – 2,784 notifiable Australian breaches have occurred since 2020. There is a list from 2018 to 2023 here. And these don’t include major international breaches like Twitter, Facebook, Amazon, Microsoft, etc.

Some or all of the following personal data was stolen

  • Real name
  • Physical address and delivery address
  • Email address
  • Password used for login (and we all reuse passwords)
  • Mobile and landline numbers
  • Emergency and next of kin numbers and details
  • Date of Birth
  • Gender
  • Driver’s Licence (often includes front and back image)
  • Passport number
  • Government ID numbers
  • Tax File Numbers
  • Bank Account numbers
  • Credit card numbers, expiry and CVV code
  • Utility bill numbers
  • Payment data
  • Medical records, claim history, Medicare ID numbers (Why did Optus need this)
  • Academic results
  • User data gathered without permission by telemetrics and analytics (device, time, IP address and more)

What happens to this data?

Cybercriminals and cyberhackers try to monetise it via the dark web selling it to the highest bidder. But they do something far worse. They dump it into a vast data lake repository of profiles on almost every internet user on the planet.

Sophisticated AI starts to match this to existing data and spits out records ripe for scams and ID Theft. For example, it only takes three forms of ID to open a bank account – Driver’s Licence, Passport and Utility bill.

These lists are sold to scammers in China, Russia, India, Nigeria, Iraq, and Middle East, to name a few. Here skilled teams work on luring you into a costly trap.

Back to Digital ID

If and when it becomes law and is widely implemented (which could take years), no online entity will be able to store your data – instead, just a 100% fool-proof Digital ID. But there are problems.

While all levels of Government can be forced to participate, what about the millions of small and big businesses you may deal with? It will take time and money to update their payment and loyalty systems. What about online markets like Kogan, eBay, Alibaba, etc., representing millions of overseas traders exempt from Australian Consumer Law?

And what about those Australians that don’t use a computer or mobile phone? We need to accommodate them too.

On the negative side, this is the Australia Card – one unique ID for us all. Undoubtedly, it will supersede the many forms of ID like Tax File numbers, Directors’ ID, NDIS etc. It gives the Government (all levels) the power to communicate with us directly.

On the positive side, it could eliminate tax returns, NDIS, Medicare, and other institutional frauds. It will allow quick payment to those in need (bushfire, flood) and stop the rorts there. And it will stop ID Theft.

The Digital ID journey starts with the first step

Digital ID will be necessary to participate safely in the digital world.

Pro

  • No personal data is stored at online suppliers.
  • Safe online transactions.
  • Faster access to services.
  • Cheaper access to services (does away with several levels of authentication).
  • Fraud reduction.
  • Commercial e-Payment protection.
  • Enables online fraud-free voting.
  • Enables a single land/housing register.
  • Could eliminate tax returns.
  • One place to store, access and update your personal data.
  • Enables timelier and more accurate census data.
  • e-Passport systems, travel and payments.
  • It will kill the monetisation of your data.
  • Enables trust in the internet.

Con

  • Tin hats will hate it, but the Government already has most of this info.
  • Need to preserve the right to anonymity online (if there is such a thing)
  • Biometrics and facial ID will be needed.
  • Risk of the most mega-hack of all time.
  • What to do with non-participants? How do you handle POA and delegation?
  • Huge, massive job to implement.
  • Initial legislation may be flawed or not comprehensive enough.
  • Single point of failure – government servers.
  • Need to strengthen privacy legislation and penalties.
  • Does it give the government too much power?

Digital ID is ambitious and involves many stakeholders, including ministries, levels of government, private companies, international organisations, civil society organisations, and more. Few projects touch everyone in a country, like introducing a Digital ID system.

Digital ID

Trust in the Internet and online services is critical to developing a thriving local Internet economy and participating widely in the global digital economy. Low trust in the Internet, e-government services, and e-commerce services hamper the government, businesses and consumers from fully taking advantage of the Internet’s economic benefits.

European Union Consultancy to Develop a Government Cybersecurity Assessment and Strategic Roadmap.

CyberShack Opinion pieces

Previous Post
Next Post