Kay Hull (Riverina, National Party) Share this | Hansard source

The Law and Justice Legislation Amendment (Identity Crimes and Other Measures) Bill 2008 is one of the more important pieces of legislation that we have had to deal with, in that it will protect many Australians, whether they are living here in Australia or whether they are overseas. It is a fact that there is an enormous amount of identity fraud occurring. This occurs when a person’s personal information is used by somebody else, without the person’s knowledge, to obtain credit, goods or other services fraudulently. It can even extend to securing a passport in a person’s name. Recent research commissioned by Fellowes, a company dedicated to antifraud, showed that, whilst the majority of Australians are worried about the risk of identity fraud, an alarming 75 per cent of us are throwing out enough personal information—such as credit card statements—in our rubbish and recycling to put us at risk of identity fraud.

Criminals use a mixture of tactics to acquire information that is needed to steal your identity and some of these tactics are very crude, such as taking personal information from a stolen purse or wallet, going through rubbish and phishing or stealing somebody’s identity online. I will address my grave concerns about that later on. Worryingly, victims often do not realise that their identity has been stolen until it is too late, and it can take a considerable amount of time, effort and energy to right the damage that has been caused by somebody taking your identity. Sometimes it takes years to resolve. Around 87 per cent of Australians are aware of identity theft. They are concerned about it but they are not doing a lot to protect themselves, or they are putting themselves at risk in numerous ways that they have not recognised can contribute to having their identity stolen.

Identity fraud costs the nation over $1 billion per year. When it comes to concerns about identity fraud, women fear financial loss and a poor credit rating, they feel personally violated and embarrassed, they feel this problem far more than men and they can certainly be attacked in a greater proportion. It is the 81 per cent of Australians with a household income between $40,000 and $69,000 who are most likely to put themselves at risk of identity theft by throwing out personal information such as utility bills—electricity and telephone bills—and, worse still, other things like credit card statements. When people are finished with such bills and statements, they very often just throw them into the waste paper basket, providing a huge source of information. Personal information, such as date of birth, address, mother’s maiden name and passwords are now equally as valuable as money. They can now be traded like currency. This is enough information for a fraudster to open bank accounts and apply for credit cards, loans and much more.

How can your identity really be stolen? As I said previously, it is a fact that, whilst Australians are terribly concerned about this, they are not so aware of how they are contributing to identity fraud or what they can do to prevent it. Internet sites are a classic case. Anybody who uses the internet will regularly be asked to share personal information to gain access to websites and to buy goods. Fraudsters can easily combine the personal information you provide to unsecured internet sites—they might get your mother’s maiden name—with other bits of valuable information that they glean about you to obtain credit using your name. All of a sudden you will start getting the bills in the post.

Fraudsters can use simple things such as mail forwarding—completing a change-of-address form to redirect your mail—to receive a wealth of information about you delivered directly to their doorstep. There is a term called ‘phishing’, describing identity theft via email, where fraudsters will send an email claiming to be from a bank, a credit card company or some such organisation that you may have a relationship with. They only have to send it out—we all get them on our screens every single day—to determine whether you are a NAB or Commonwealth Bank customer. They only have to send out mass emails to pick up quite a few people who are most surely going to be a Commonwealth Bank, NAB or Westpac customer or something like that. And they look enormously authentic. I have had an apparent ATO site look so authentic, seeking information while telling me that I had a certain amount that I had not received as a refund and they wanted my bank account details in order to deposit it. It was quite extraordinary how legitimate it looked. It is only a small amount of money; they are not talking about hundreds of millions. They say, for example, that there is $36.72 that is required to be put in your bank account. People see that as legitimate and as something that is realistic. It is not hundreds and thousands, so they log in and these websites are extraordinarily authentic looking. The next minute, they have inadvertently put in their details and created a way by which somebody can illegally use their tax file number or, worse, access their bank accounts. This is like a phishing expedition and a source of an enormous number of problems. Typically, if you click on a link in the email you generally can risk even your details being downloaded by some exceptionally clever people. Even if you open your link you can be subject to hacking.

As I said, there are simple actions like the theft of wallets or purses, but even unsolicited contacts like phone calls from people claiming to be from a bank to update your personal information are significant issues. It can include very raw stuff like bin raiding, going through rubbish and, basically, looking through one’s personal things that have been sent out. It is surprising in this day and age of recycling just how much information now goes out to people who have not been security checked but are working in recycling areas. They can glean an enormous amount of information just from the paperwork that you put into your recycling without shredding it. You have no idea who has access in those areas, which are not subject to security checks. They can most definitely access an enormous amount of information. Card skimming takes place when you make a transaction. Somebody will skim your card and it can be used to create enormous debt. It is not just the individual who is at risk. Companies are also at risk—there is corporate identity theft. By accessing publicly available company records, fraudsters can change the names of company principals and registered addresses. They can then trade off the back of the real company’s good name and obtain goods and services on credit from suppliers.

That is not the only area of risk. A company’s bank details may be in the public arena in order to encourage customers to pay for goods directly into the company’s bank account. How often does something come to your house giving you the BSB and all the other details of a person’s bank account for you to directly deposit money into? If you have evil on your mind, there is a lot you can do to access people’s bank accounts. Just by collecting information—looking, phishing and finding out about people generally—a lot of information can be gleaned that can leave them open. Businesses, in particular small businesses, are particularly at risk and need to be aware because they tend to have websites explaining their services, highlighting their own identity and promoting themselves. Businesses give out an enormous amount of information about themselves, and on their invoices they have their BSB number and their bank details. When it is all coupled together, it would not be hard to put together a process that could see a bank account entirely wiped out or identity fraud take place. We have even seen ruthless criminals go through the death notices in the papers to identify deceased people and note their date of birth and address. That then becomes valuable information for them to construct a new entity that can actually be out there as a live dead person, so to speak. That is pretty scary.

On 5 February Facebook had its fifth birthday. Facebook is the bane of my life, thanks to my children and grandchildren. The information going on to Facebook is just absolutely extraordinary. There are over 150 million people around the world using Facebook. The popularity of social networking is exploding, and it is just amazing how it is being used. Hackers can use compromised profiles in Facebook to host trojans, such as key loggers, that steal banking passwords and credit card numbers, because people give out so much information on these sites. The fact is many people use the same login and password—it becomes something that they use for everything. So if someone can find your login details, it is likely that it could also be your credit card or bank account password. In this world of passwords, we really need to be very cautious and make sure we change them regularly.

Many organisations now search the internet and Facebook as an unofficial step in their recruitment process. As I said, the extent of the information available on a person’s Facebook page differs from person to person and depends on the security and privacy measures an individual chooses. When you look at the general profile of a Facebook user, the worrying thing is that, while you can choose just your delegated friends to be able to see your information—so you can control that if you like—you cannot control your delegated friends. They might give your information out to somebody else. You think that it is just a small group of people, but you cannot control how many people they pass your information on to. It could be that they are quite innocently giving out your details. When I looked through the profiles on Facebook, I saw that some members put everything, from their mobile telephone number to their CV, on line. Some list only their name and age.

We have seen plenty of scams. For example, there was a guy with a Facebook page who started getting calls because he was supposed to have been kidnapped somewhere in the United Kingdom. The hackers then used Facebook to try to get money from all of his friends on Facebook. One friend supposedly even sent money across to a Western Union branch in London to secure his release. That is an amazing problem, and he took quite a long time to try to resolve it. That was one case of other people using private information to get money.

While looking into this issue we clicked on to the page of my office staffer, Lucy. She clicked on to a stranger’s Facebook page and she now knows who that person is married to, she knows she has two children, she knows that they have just started school, she knows the names of six of her relatives, she knows exactly where she lives—which is quite isolated—she knows the high school this woman attended and she knows her date of birth. This is significant information that we are providing, free of charge and with no understanding, to so many people. This morning I was looking at some internet stuff down at the AFP and it was staggering to see how people can use and abuse internet sites. The Law and Justice Legislation Amendment (Identity Crimes and Other Measures) Bill is great, but what we have to do is get out and educate the public. We need to tell them that what they are doing is of enormous concern. I support this bill and I urge a publicity and promotion campaign to ensure that people do not place themselves at such grave risk.

See this speech in context