Banks support Google, Facebook, Amazon against data localization

Big Australian banks have strongly backed US tech giants Google, Facebook and Amazon to oppose any prospect of forcing them to house Australian customer data ashore, despite growing security concerns among security agencies. safety, regulators and consumer advocates.

In a tough response to the Home Office’s Data Security Action Plan discussion paper, the Australian Banking Association says moves to legally require data to be held onshore in Australia and preventing them from being sent abroad will create new security threats.

The consultation is a key part of the previous government’s national data security action plan, which is part of the digital economy strategy launched in Budget 2021-22.

“The concept of data localization may seem appealing as it can be seen as a way to reduce dependencies on other countries and give regulators greater visibility into where data is stored and with whom they are shared. However, the ABA cautions against a blanket policy or ban on storing or moving data overseas,” the ABA submission reads.

“Data localization can also weaken data security. Many Australian entities use third-party software or platform service providers, including large global entities. Australian and foreign entities may use offshore data centers. Requiring data to be kept ashore would disrupt these existing commercial and infrastructure agreements.

Or, to put it more bluntly, it would increase technology costs for banks that have saved billions by ceding infrastructure to public cloud giants.

Clouded Judgments

US giants Amazon Web Services, Google Cloud, Meta (Facebook) and Microsoft also oppose data localization in the country as it would require them to rework their cloud infrastructures to comply with local laws.

On a geopolitical level, data localization has become a lightning rod regulatory issue in Europe alongside the European Union’s General Data Protection Regulation (GDPR), which aims to protect citizens’ personal data from being collected and misused. massive exploitation by American technology platforms.

Facebook’s parent company Meta, which has had ongoing run-ins with regulators, is one of the most vocal opponents of forced data offshoring and local data protection regimes, essentially arguing that such moves here would enter Australia into the club of despots.

“Local data storage requirements also have broader implications for the state of an open global Internet,” Meta said in its submission.

“Personnel and data tracking measures such as those in India, Vietnam, Turkey and China are often intended to facilitate the surveillance or censorship of citizens’ online activities and to violate the human rights of individuals, including freedom of speech, expression, access to information and privacy, and due process rights.

The ABA also “warns against relying on new stand-alone legislation to impose data security requirements across the Australian economy”, saying consideration should instead be given to using the “existing legislative vehicles” or ways to “ensure alignment between data security policy and existing requirements”. ”

Apple holds the cards tight

Apple refrained from submitting a public submission to the National Data Security Action Plan consultation.

While banks have essentially accused Apple of creating a restrictive monopoly through Apple Pay, which now dominates contactless transactions, the use of biometrics to secure transactions made directly from iPhones has made them very resistant to fraud, unlike online card transactions.

Known as card-not-present (CNP) fraud, fraudulent online transactions made using Mastercard and Visa products (cards issued by Australian banks) have remained stubbornly high in Australia, with fraud losses returning to merchants regularly exceeding $400 million per year.

Write down that number and who foots the bill – the traders – because we’ll get to that.

The scale and persistence of losses due to CNP fraud, together with institutions’ willingness to pass on the financial blow opaquely to their merchant clients, represent a serious lack of public policy credibility for banks, which are now officially classified as critical infrastructure.

Banks thrown outside the political tent

The Albanian government also ostensibly sought to maintain a professional distance from major banking institutions at the recent jobs and skills summit, excluding individual Big Four representatives in favor of the ABA chief and former Labor prime minister. of Queensland, Anna Bligh.

A known irritant between banks and policymakers is the all-out digital push to send customers online while closing branches and ATMs, a stance that inflates banks’ profits but decimates jobs and businesses in areas. regional. It also further alienates vulnerable Australians such as the elderly.

The furious agreement over the need to reject applicable data localization regulations by banks and controversial platforms like Facebook and Google is also likely to spark fresh suspicion among wary non-banks and independents on their record. regulatory already unequal.

Faced with biometrics

Consumer advocates are already stepping up to expose the often hidden or sparingly disclosed use of artificial intelligence and the collection of sensitive personal data, including biometrics, with CHOICE citing its recent sting on retailers in April.

“CHOICE asked 25 major Australian retailers about their use of facial recognition technology and analyzed their privacy policies, which are available online,” CHOICE wrote in its response to the action plan discussion paper. home affairs data security. “Based on the responses and analysis, CHOICE has identified that Kmart, Bunnings and The Good Guys collect and use their customers’ sensitive information through the use of facial recognition technology.

“Retailers collect sensitive biometric data called a ‘facial print’ through their facial recognition technology systems. Under the Privacy Act 1988, the collection of sensitive information, such as biometric data, is subject to stricter notice and consent requirements. This matter was referred to the Australian Information Commissioner’s Office for review.

In July, the OAIC opened an investigation into the CHOICE revelations. The regulator said it would review “the personal information handling practices of Bunnings Group Limited and Kmart Australia Limited, focusing on the companies’ use of facial recognition technology”.

The OAIC said it had also launched “preliminary investigations with Good Guys Discount Warehouses (Australia) Pty Ltd following public reports that the company has suspended its use of facial recognition technology”.

But the real question is why some of Australia’s biggest retailers adopted such a flimsy privacy policy and resorted to intrusive technology to scan their customers’ faces.

Click collect on fraud

Let’s go back to this fraud of about + 400 million dollars per year online (card not present) which is transmitted to merchants.

In retail outlets these days, better terminals and plastic cards with embedded smart cards that can perform contactless or anchored transactions and biometric-enabled phones with Apple Pay have drastically reduced scammers’ margins. because the cloning of the magnetic stripe and the signature no longer work.

Merchants are also largely protected against liability for point-of-sale fraud for card transactions, as banks rent their payment terminals to merchants at a high price before the great racket of card fees. interchange comes into play, allowing banks to earn billions.

However, for click-and-collect transactions, it is almost always the merchant who bears the risk, as these are classified as “card not present” on the basis that they are processed online.

Liquidation of assets

The next step is to think about the fungibility or liquidity of goods obtained through card fraud, and what is easy to move on the black market that still has enough margin: consumer electronics and power tools, especially lithium batteries.

There is also a speed advantage. While many initial fraudulent online card transactions can be picked up by cardholders or detection engines in time for a delivery to an address to be stopped and payment reversed, click-and-collect fraud occurs. usually produced the same day.

The only catch is that someone needs to “mule” the goods out of the store.

Hence the use of facial recognition cameras which can also be used to target shoplifters and conventional thieves which often have a crossover with card and identity fraud.

Shoplifters of the world unite

The methodologies of various carders are sublimely exhibited in the recently released film Criminal Emily, which tells the story of a debt-ridden college student trying to break free from a cycle of low-wage poverty. Without spoiling the plot, dizzying facial recognition is in there. Mass facial biometrics is real, especially in retail, and it’s on the rise.

And even if that’s not enough, the fact that large stores such as Bunnings have used biometrics indicates that the passage of CNP fraud through banks is now stinging large retailers enough to try and solve the problem themselves. themselves.

These are, of course, the same banks that are howling a storm in unison with Facebook to avoid the prospect of sensitive personal data being blocked from leaving the country so they can save on technology infrastructure costs.

It’s a regulatory Vegas-quality marriage of convenience that probably won’t last long if events in the UK unfold.

After imposing the equivalent of consumer data rights and authorized push payments (APPs) on the public, UK banks now want US platforms to pay for their explosive fraud losses, claiming the platforms and social media are fraud catalysts.

A big, happy, regulatory family.

This article was first published by Mandarin.

Comments are closed.