Optus data breach and what it means to your members - Investigate DQ

There has never been more reliance and importance on data to provide administration of consumer products effectively and efficiently.

The recent Optus data breach has demonstrated how far reaching and significant an impact compromised data can have to consumers. The level of publicity associated with the breach has heightened awareness and concern, with measures being taken to expedite and ensure that not only are the public safeguarded from any malicious use of the compromised data, but also, that there is no financial detriment in protecting their interests.

This article provides an overview of how technology can assist in managing the risk associated to fraudulent behaviour via data driven assurance checks.

What is the impact of the Optus data breach?

Focussing primarily within the financial services industry, the Optus data breach poses a significant risk to members due to the quantum and the nature of the compromised data.

Optus has publicly advised that as many as 10 million customers have potentially had any combination of the following information impacted:

Contact details
Medicare number
Drivers’ License details
Passport details

Despite assurance from Optus that no financial data has been exposed, access to the personal information listed above, if use maliciously, has the potential to significantly impact members/customers financially.

Whilst the breadth of the potential utilisation of the data may not be known, within the financial services industry, some of the impacts may include, but are not limited to:

The information provides an ability to pass call centre security checks and subsequently transact on member accounts
Reputational risk for processing fraudulent transactions leading to consumer defection
Apply to financial institutions for credit and or loans
Access funds from Superannuation or other financial institutions

The Optus data breach is a significant and public example of data may be used for fraudulent purposes, however, there is an ongoing risk that must be mitigated to ensure that, regardless of scale or publicity, consumer interests are protected as much as possible.

Tactical or strategic approach?

Ensuring the security of consumer data is of utmost importance and enables effective and efficient servicing and whilst there are elements of control within the supply chain, safeguarding from the unknown is paramount.

There are two main approaches that can be implemented when considering how best to mitigate the risk of fraud or suspicious activity within the industry:

Tactical solutions rely on process driven mitigants with reactive investigation once an incident has occurred
Strategic solutions rely on process driven and scalable technology driven mitigants to monitor for fraudulent or suspicious activity

Both options are effective in certain situations, however, there must be adequate confidence regardless of mitigation approach, that the solution is appropriate in proportion to the associated risk.

Technology driven assurance is the most effective mechanism for efficiently mitigating data associated risk and when implemented correctly, can facilitate a scalable uplift in data governance.

Key takeaways:

Data breaches outside of the established data supply chain could have implications for members
Not all compromised data have such awareness and visibility
Lack of systematic controls can have significant impact and result in costly remediation
Exceptional data quality enables evidence-based strategic decision-making informing business transformation initiatives

How Investigate DQ can assist

Investigate DQ is a scalable and data source agnostic quality assurance tool that can be quickly configured to regularly monitor connected sources for fraudulent/suspicious transactions to identify instances where a customer may be impacted.

This facilitates the proactive administration of impact as well as providing the capability for preventative controls for high-impact transaction types.

Having effective controls not only are in the best interests of those that are potentially impacted, but the broader customer base/the business is protected against potentially significant reputational damage and the associated costs of remediation.

Broader application to increase member satisfaction and obligations

The utilisation of Investigate DQ to mitigate the risks associated to fraudulent and/or suspicious transactions is only one-use case in the wide-ranging application of Investigate DQ within Fund administration.

As a result of the capability to connect to any type and number of data sources, the practical applications of the tool are numerous and can include, but are not limited to:

Monitor Service Level Adherence across the internal and external administrative supply chain
Ensure that members are administered in accordance with fund, business and product rules, including insurance benefits.
Validate that members are charged the correct fees and premiums
Create an auditable history of member data quality impacts
Reduce cost of remediation as a result of systemic data quality issues

Key benefits

Successful integration of the Investigate DQ tool enables Trustees to realise benefits such as:

Increased confidence in reporting data and adherence to product requirements
Reduced cost of remediation due to early identification and rectification of errors
An auditable mechanism to meet regulatory obligations effectively and efficiently
Expedited issuance of member communication and campaigns
Consolidation of detective and preventative controls across a range of internal and external data sources

Managing and preparing for data breaches may sound like familiar challenges to organisations. If you would like to take control of your Data Quality and optimise Data Governance, please contact QMV to learn more about Investigate DQ

Tom

Rob Smith - Lead Product Consultant, Investigate DQ

Learn more about Investigate DQ