How ANZ could have changed security

ANZ's plan to cut 23 of its fraud-detection staff had me hopeful that it would stop giving carte blanche to customers who failed to secure their systems, but would it be willing to put its neck on the line for it?
Written by Michael Lee, Contributor

commentary ANZ's plan to cut 23 of its fraud-detection staff had me hopeful that it would stop giving carte blanche to customers who failed to secure their systems, but would it be willing to put its neck on the line for it?


(Change Jam Questions image by Dreamfish, CC BY-SA 2.0)

The Sydney Morning Herald reported this morning that ANZ is about to cut 23 of its fraud team, leading to speculation that more fraud is going to slip through the cracks. When I first heard the news, the bank's plan didn't make much sense to me. Surely, by cutting staff, more fraud would go undetected, costing it in terms of reputation and financial loss? Could that much be saved by making that many people redundant?

Well, even if we very generously say that each member of staff cut saves ANZ $200,000 — and those are some pretty highly paid bankers — it only represents a saving of $4.6 million. Credit-card fraud alone rose by tens of millions of dollars last year. Even if ANZ fired that many people each year, it wouldn't be able to keep up.

Then I began to get a bit excited. Could it be that ANZ is going to be one of the first banks to stop taking responsibility for its customers' lack of security?

ANZ, like every Australian bank, has a money-back guarantee whereby innocent victims of fraud are compensated for any losses.

This means that customers who are doing the right thing — securing their computers against credit-card stealing trojans, and protecting their PINs at ATMs — are rightfully compensated when the bank's security measures and staff fail to protect them. They are the ideal customers, the ones who do everything by the book, but, through no fault of their own, have their credit-card details stolen when a company that was meant to be storing their details safely didn't.

But we don't live in a perfect world where everyone follows best practice or even knows what it is. Banks are paying for fraud that customers could have prevented if they'd been just a little more careful. Judging by the rate that fraud is increasing year on year, it seems like that's a huge cost to pay.

It's commendable that banks wear more of the risk and the financial burden than those of us who are careless, but it's also detrimental to educating the masses. So, my excitement stemmed from the possibility that a bank is willing to put its neck on the line for the greater long-term benefit of security education. After all, for ANZ to make the most of its smaller fraud team, it would have to focus on the people who are responsible for the bulk of fraud-related problems, and thus represent the highest financial losses.

It would have been a refreshing difference from fraud-compensation schemes that give people the false impression that they can be a little more reckless with their credit-card details, since their bank will protect them. It could also have been an industry-changing stance against supporting poor security, resulting in saving banks millions of dollars in compensation — money that could go towards security research and other measures. It could even change the focus from helping victims recover to preventing them from being one in the first place. Wouldn't that be something?

So I was saddened to learn from the bank that the real reason behind its 23 redundancies is that it has improved its automated fraud-detection systems to provide an equivalent level of protection without the need for as much manual intervention.

I should have known from the start that no bank would be willing to be seen as abandoning its customers, even if it was for the benefit of both bank and customer in the long run, but I was surprised to see that when offered the opportunity to take a small step in breaking the status quo and making use of the extra anti-fraud resources that the technology had freed up, ANZ picked what appears to be a short-term gain and a long-term loss.

While the speculation over whether ANZ would be able to maintain its anti-fraud activities today has been proven to be incorrect, it might not be tomorrow.

Editorial standards