Trust no-one – Australia’s New Payments Platform is a little too convenient

This month’s launch of Australia’s New Payments Platform is likely to increase the risk of fraudsters seeking to exploit the availability of real-time bank payments.That is according to Centrify, a leading provider of Zero Trust Security through the power of Next-Gen Access, enables more than 5000 organisations globally, including over half the Fortune 100 in the US, to proactively secure their businesses.

The New Payments Platform (NPP) provides Australians with the ability to send each other money in “real-time”, through a new system for settling transactions between banks assisted by the Reserve Bank of Australia.

The NPP will allow customers of as many as 60 financial institutions to link their bank details to a PayID, so they can hand out their phone number or email address to receive payments instead of number-based bank account details. The first product built on the platform is Osko, a person-to-person payment utility from BPay.

Centrify’s Senior Director for APAC Sales Niall King has advised Australian consumers and businesses to review their security practices before using NPP-enabled services. “Security is the price we pay for convenience,” he said.

“As technology and threats change, so too do attitudes, as demonstrated by a recent IBM Security study of consumer perspectives about digital identity and authentication, which found that people now prioritise security over convenience when logging into applications and devices. Increasingly, consumers, especially millennials, recognise the benefits of biometric technologies like fingerprint readers, facial scans and voice recognition, as threats to their digital identity continue to mount.

“While the New Payments Platform will let you make payments faster and easier, it also raises the risk that criminals will exploit this capability to get away with fraud faster and easier.  Because bank transfers will no longer have a three-day buffer period to clear, banks will need to detect fraudulent activity in real time. You can guarantee the bad guys will work overtime to exploit any vulnerabilities, especially through scam emails or calls designed to steal consumer information.”

“In the UK, where its Faster Payments real-time payments platform was launched 10 years ago, research into the platform shows problems with fraud and scams, partly because banks in the UK had trouble identifying potentially fraudulent transactions. While Australia’s banking system has undoubtedly learned from that experience, consumers and businesses should not take security for granted when starting to use the New Payments Platform.”

Centrify advocates a Zero Trust security model which centres on the concept that users inside a network are no more trustworthy than users outside the network.

King said the launch of the New Payments Platform provided an ideal opportunity for Australians to rethink their security in relation to financial services. “Although passwords are still widely used, they no longer provide adequate protection for your online activities,” he said.

“For this reason, bank customers need to do more than just regularly change their access credentials to something that is difficult to guess. They need to embrace all the security technologies that their bank offers, whether that is multi-factor authentication or biometric identification. They should review their existing security credentials, research what additional security is available from their bank and then take full advantage of that extra protection before starting to use the New Payments Platform.”