​Calls for contactless payments to require consumer consent

A parliamentary committee has recommended that banks ensure contactless payments on debit and credit cards include a feature that requires the consent of customers before it is activated.
Written by Aimee Chanthadavong, Contributor

An Australian parliamentary committee has recommended that consumers be given the option of disabling contactless payment features.

In its tabled report, the committee said financial institutions that issue debit and credit cards should create an "opt in" function that would require customers' consent before contactless payment technology features are activated on their cards.

The parliamentary joint committee on law enforcement has tabled 14 recommendations for the federal government as part of its inquiry into financial-related crime.

The committee received submissions from several organisations, including the Australian Federal Police, the Reserve Bank of Australia, the Australian Taxation Office, and the Attorney-General's Department.

The committee said it shares the same concerns that law-enforcement agencies have about the roll out of new technology without consultation with agencies, and believes it has the potential to become a driver of financial-related crime.

"The committee believes that banks and other financial service providers ought to consider law-enforcement issues more carefully, and to facilitate discussions with law enforcement about new technologies prior to roll out," it said.

"As part of its recommendation, the committee is persuaded of the advantages of seeing the private and public sector closely collaborate to address financial related crime."

Victoria Police was one law-enforcement agency that highlighted seeing a "significant increase" in deception offences in Victoria, arguing that "tap and go" technology provides motivation for the physical theft of credit cards, with little risk of capture by police or of physical identification.

However, representatives of the banking industry disagreed that contactless payment technology poses any fraud-related threats. Guy Boyd, global head of financial crime for Australian and New Zealand Banking Group, said in his submission that "the PayWave mechanism itself is not a large driver of fraud losses for consumers or the banks".

The committee also recommended that the Attorney-General's Department review the arrangements for victims of identity crime to obtain a Commonwealth victim certificate, which is designed to support claims of victims of Commonwealth identity crime.

The recommendation comes after iDcare, a national support centre for victims of identity crime, argued in its submission that the current criteria to obtain a Commonwealth victim certificate is difficult to fulfil, and less than 6 percent of identity crime perpetrators are arrested and prosecuted successfully.

"Given the seriousness of the problem, the significant personal impacts suffered by the victims of identity theft, and the likelihood of increasing incidences of identity crime, the committee believes there is further work to be done to both deter identity crime and to assist its victims," the committee said.

The Australian Attorney-General's Department recently announced that it will be introducing a national facial biometric matching capability by mid-2016 to allow law-enforcement agencies to share facial images amongst themselves.

The department said the system is designed to share still images, and ruled out the addition of directly feeding licence plate cameras or closed-circuit TV into the system.

Rather than creating a new centralised database, the department said the system will function in a hub-and-spoke topology to avoid "considerable privacy and data security concerns".

However, the ABC had previously reported that the federal government failed to conduct privacy impact assessments on nearly 90 percent of national security measures introduced over the past 14 years.

In March this year, the personal details of the world's G20 leaders, including passport numbers, visa details, and dates of birth, were accidentally emailed to the organisers of the Asian Cup by a staff member of the Department of Immigration and Border Protection (DIBP), which chose to avoid notifying the leaders.

The DIBP also found itself the subject of criticism for publishing the details of approximately 9,250 asylum seekers in February last year.

Editorial standards