The Australian Banking Association (ABA) is fighting back a stipulation in the proposed Privacy Impact Assessment (PIA) contained in the Consumer Data Rights bill prior to the election period. This is Australia’s banking industry opposition to changes in the way banking procedures are handled, in order to still provide safety and privacy for their customers. They claim that the proposed changes in the Consumer Data Rights can enable cybercriminals and other threat actors to have less resistance when launching their attacks.
“The ABA view is that this fails to consider the intentions of fraudulent and criminal actors and cybercriminals who seek to operate using illegal means, and who may be difficult to enforce Australian laws against when located overseas or otherwise difficult to identify given the environment in which they operate, being primarily over the Internet,” said ABA in their comment.
PIA’s proposal is overly optimistic and shows their lack of knowledge of the current cybersecurity situation in the world. They also have not taken note how much the banking sector’s risks and attractiveness for the cybercriminals. It will take until July 1, 2019, before the full technical assessment and testing will be completed, as the date starts the pilot program.
“The ABA has identified aspects of the PIA where industry experience would suggest a higher risk likelihood is plausible. As the PIA is refined, the ABA suggests that these risk assessments are reconsidered with input from the Rules and Standards that are developed, and also insights from consumer testing and the pilot program,” explained the ABA representative.
Fine tuning of the mechanics at the middle of the pilot program may make or break the relationship of the Royal Commission with the banks. The elections will be a critical period on how banks trust government’s motivation if it will help lessen the risks of the industry from cybercriminals or just lip service during the election period only.
“The PIA does not appear to have contemplated a scenario where a cybercriminal attempts to tamper with the data recipient’s website so that the website directs the consumer to a fake data holder website,” emphasized ABA.
Consumer Data Right will come in force is not expected to minimize the number of phishing victims, ABA sees that phishing will be more common once ‘Open Banking’ becomes enforceable in the land down under. Since its very beginning, the Consumer Data Right bill was not a very popular piece of legislation, it experienced delays of passage since last year.
ABA itself made a 180-degree turn, as it used to support the Consumer Data Right bill during the Parliamentary discussions.“Privacy and protection of data should be an important priority, which is why the industry is seeking further testing during the pilot program to ensure we get this right. We support the PIA’s recommendations on measures to reduce risks to customer’s data and the pilot program will help inform further initiatives which will boost security,” said ABA in full support of the bill prior to its passage in the Australian Parliament.
