A tight-fisted approach to IT security spending by Australian companies is making the battle against the escalating problem of computer crime even tougher. This comes despite significant new initiatives such as a special NSW Police task force that has been set up with the support of financial institutions and credit card providers.
Established to combat credit card fraud, Strike Force Venlo is the first initiative of its kind to establish a joint action plan with dedicated resources and information-sharing between industry and law enforcement.
The task force meets at least once a month to identify priorities, risk and vulnerabilities with each financial institution appointing a dedicated officer to liaise with police.
However, Mastercard International Australasia director of risk management and security, John Sullings, said companies need to play their part and beef up IT security spending to really make a difference.
"Companies are spending the bare minimum on IT security; greater effort needs to be taken in the area of prevention and this includes educating end users such as online banking customers," he said.
"One area where banks have invested heavily is that of fraud detection tools. This has proven successful because the software pays for itself in less than six months, but companies generally [not just finance] need to do more to protect themselves and their customers."
NSW Police fraud squad Detective Sergeant Michael Boutouridis said priorities are identified such as the exponential growth of identity theft and credit card scams without public references made to specific brands or products to promote the free flow of information.
He said increased trust as a result of the ongoing liaison has allowed Police to take a proactive response to fraud and has given the financial industry a central point of contact for reporting suspicious activity.
Consultation has certainly been an education process for both sides.
For example, police have completed workshops to ensure they are more IT-savvy; industry was given access to Eagle Eye, a police case management system which provides guidelines on how to prepare briefs for court proceedings.
Before the task force involvement, industry had no access to Eagle Eye. Boutouridis said it has certainly helped in the preparation of briefs which have resulted in more convictions with longer sentences.
Banks and insurance companies now have immediate access to police whereas previously Boutouridis said leads were reported and then assessed to determine whether police would investigate, which could take up to six months before there was any follow up.
"By the time we went to investigate, the lead was cold although at times it may end up being a civil matter anyway; we had a terrible backlog without dedicated resources, whereas now we can strike when the iron is hot," he said.
Combining resources has also meant access to the banks' IT infrastructure with Boutouridis admitting "we rely on them in this regard, especially access to their sophisticated software".
Acknowledging private industry is often reluctant to report fraud and computer crime, he said police "can't chase every rabbit down every hole", especially if they [companies] are prepared to suffer the loss and carry the costs.
Although the strike force is set for review at the end of this month (June 30), Boutouridis said it has been a groundbreaking initiative setting new standards in consultation and improving the ability of both sides to combat crime.
"Credit card fraud can have a devastating impact on the financial system, because it affects consumer confidence and this undermines the entire industry," he said.