Optus data breach and the ancillary impact it may have on your members
Journal
There has never been more reliance and importance on data to provide administration of consumer products effectively and efficiently and in turn, organisations need to have robust Governance and security in place to safeguard information.
Despite having mechanisms in place, there have been recent high-profile instances of compromised data (Telstra staff names and emails, Optus customer data), which is like finding out your alarm is broken after you have been robbed.
The recent Optus data breach has demonstrated how far reaching and significant an impact compromised data can have to consumers. The level of publicity associated with the Optus data breach has heightened awareness and concern, with measures being taken to expedite and ensure that not only are the public safeguarded from any malicious use of the compromised data, but also that there is no financial detriment in protecting their interests.
Whilst ensuring there is effective data security is the primary preventative control, this article provides an overview of how technology can assist in managing the risk associated to fraudulent behaviour via data driven assurance checks where consumer data security has been compromised on a macro or individual basis.
What is the impact of the Optus data breach?
Focussing primarily within the financial services industry, the Optus data breach poses a significant risk to members due to the quantum and the nature of the compromised data.
Optus has publicly advised that as many as 10 million customers have potentially had any combination of the following information impacted:
Contact details
Medicare number
Drivers’ License details
Passport details
Despite assurance from Optus that no financial data has been exposed, access to the personal information listed above, if used maliciously, has the potential to significantly impact members/customers financially.
Whilst the breadth of the potential utilisation of the data may not be known, within the financial services industry, some of the impacts may include, but are not limited to:
The information provides an ability to pass call centre security checks and subsequently transact on member accounts
Reputational risk for processing fraudulent transactions leading to consumer defection
Apply to financial institutions for credit and/or loans
Access funds from Superannuation or other financial institutions
The Optus data breach is a significant and public example of how data may be used for fraudulent purposes. There is an ongoing risk that must be mitigated to ensure that regardless of scale or publicity, consumer interests are protected as much as possible.
“If you aren’t confident you have effective controls in place, you don’t”
Tactical or strategic approach to data quality?
Ensuring the quality of consumer data is of utmost importance and enables effective and efficient servicing and whilst there are elements of control within the supply chain, safeguarding from the unknown is paramount.
There are two main approaches that can be implemented when considering how best to mitigate the risk of fraud or suspicious activity within the industry:
Tactical solutions rely on process driven mitigants with reactive investigation once an incident has occurred. Typically, this will involve a Complaint or Audit failing followed by root cause analysis that identifies a procedural failing or data error, which can then lead to remediation.
Strategic solutions rely on process driven and scalable technology driven mitigants to monitor for fraudulent or suspicious activity. Typically, this will involve regular reports and checks to identify procedural failings or data anomalies, which if addressed in a timely manner, may prevent Complaints/Audit failings and remediation.
Both options are effective in certain situations, however there must be adequate confidence regardless of mitigation approach that the solution is appropriate in proportion to the associated risk.
Technology driven assurance is the most effective mechanism for efficiently mitigating data associated risk and when implemented correctly, can facilitate a scalable uplift in data governance.
Key takeaways:
Systematic data quality checks can act as a second line of defence in the prevention of fraudulent activity as the result of data breaches outside of the established data supply chain
Not all compromised data have such awareness and visibility, however, the risk is ongoing
Lack of systematic controls can have significant impact and may result in costly remediation
Processes being in place is not a guarantee that processes are effective
What is Investigate DQ and how can it assist?
Investigate DQ, is a scalable and data source agnostic quality assurance tool that can be quickly configured to regularly monitor connected sources for fraudulent/suspicious transactions and identify instances where a customer may be impacted.
This facilitates the proactive administration of impact as well as providing the capability for preventative controls for high-impact transaction types.
Having effective controls are not only in the best interests of those that are potentially impacted, but the broader customer base/the business is protected against potentially significant reputational damage and the associated costs of remediation. Broader application to increase member data protection and meet obligations.
Investigate DQ mitigating the risks associated with fraudulent and/or suspicious transactions is only one of limitless use cases in the wide-ranging application of Investigate DQ within financial services administration.
As a result of the capability to connect to any type and number of data sources, the practical applications of the tool can include, but are not limited to:
Monitor Service Level Adherence across the internal and external administrative supply chain
Ensure that members are administered in accordance with fund, business, and product rules including insurance benefits.
Validate that members are charged correct fees and premiums
Have a fully auditable history of member data quality impacts
Reduce cost of remediation as a result of systemic data quality issues
Key benefits
Investigate DQ enables Trustees to realise benefits such as:
Increased confidence in reporting data and adherence to product requirements
Reduced cost of remediation due to early identification and rectification of errors
An auditable mechanism to meet regulatory obligations effectively and efficiently
Expedited issuance of member communication and campaigns
Consolidation of detective and preventative controls across a range of internal and external data sources
If you are interested in taking control of your Data Quality and optimising Data Governance, book a demo to see how Investigate DQ can transform your data quality.
