title for FTR note
home | about | site use | resources | publications | timeline   spacer graphic   Ketupa

overview

issues

documents















related pages icon
related
Guides:

Privacy

Economy

e-Money




related pages icon
related
Profiles:

Identity
Fraud

Forgery
& Fraud

Australian
Privacy

Money
Laundering

section heading icon     issues

This page discusses issues regarding identity verification under the Financial Transaction Reports Act and '100 Points' schemes.

It covers -

     introduction

Perceptions of 100 Points identity verification schemes appear to vary widely.

Financial institutions, other 'cash dealers' and individuals/organisations responsible for compliance with FTR or other legal requirements have recurrently complained that the schemes are too inflexible or merely too costly.

Some consumer advocates have claimed that the schemes place an undue burden on disadvantaged members of society or exclude people who do have 'basic' documents such as a driver's licence (eg the blind and quadraplegics). Officials have responded that such exceptional cases are accommodated by the legislation or administrative guidelines and that recipients of income support are not overly disadvantaged by fees charged for obtaining/maintaining identity documents.

Security analysts in the public and private sectors have suggested that policymakers and consumers may have placed undue trust in 100 point schemes, with a faulty assessment of the ease with which such schemes can be subverted and the prevalence of subversion.

     possession is not identity

We have noted elsewhere that the 100 point total is essentially arbitrary and might just as easily - and validly - have been 110, 150 or 200 points. If you can achieve 100 points, the FTR Act - and other legislation or administrative protocols - typically accepts that you are who you say you are. That acceptance may be problematical because -

  • legitimate documents have been improperly obtained
  • documents have been altered or are entirely false
  • mechanisms for scrutinising documents and checking information are ineffective.

The 2004 AGIMO Options to combat e-fraud in Australia paper for example commented

Although a driving licence is routinely used as proof of identity, it is only a proof of driving ability, and not of identity. The supporting documents used by transport departments in the various states and territories of Australia to establish identity, for the purpose of issuing Driver's Licences, may themselves have been obtained fraudulently. The holograms that distinguish cards such as a drivers licence are not hard to copy and produce in vast numbers.

More broadly, most document-issuing bodies do not consider that they are issuing identity documents, although they will often readily accept the authenticity of documents from other issuing authorities.

A 2000 submission (PDF) by the National Crime Authority commented

A wide variety of false identification has been detected in NCA Task Force investigations, including false birth certificates, passports, drivers' licences and learner's permits. Some false documents and/or complete identities have been created in Australia, whilst others have originated overseas and been used in Australia.

Whilst an individual obtaining one of these false documents may not seem of great importance, a major issue is the cumulative effect once the first item of false identification is obtained. In particular, development of a chain of identity may be used to frustrate the financial sector's '100 points' identification system. For example, a fake birth certificate (70 points) may be used to obtain a false
drivers' licence (40 points), thus enabling the 100 points to be met and bank accounts opened. The establishment of bank accounts in false names and the use of false sender details for offshore remittances (IFTIs) has enabled criminals to circumvent financial transaction monitoring and reporting regimes and successfully remit millions of dollars in proceeds of crime.

In discussing document forgery and fraud we have thus noted the small-scale study indicating that around 13% of a sample of birth certificates examined by Westpac bank and the NSW Registry of Births, Deaths & Marriages were defective. Sampling by government agencies in the UK suggested that the percentage of false documents presented to government agencies in obtaining 'primary' documents such as passports was however much lower. The percentage of false/corrupted non-official and non-photographic documents used in Australian 100 Point schemes is unknown, although observers have noted that forging a letter from a real or purported landlord is trivial.

Few people sighting documents have formal forensic skills and much scrutiny is based on tacit knowledge ("it looks right") and context. Verification can be aided - or, according to some critics, severely inhibited - by reference to government and private sector databases. Those databases are of varying degrees of comprehensiveness and accuracy; we have for example noted concerns regarding commercial credit reference databases and identity reference services.

A 2005 submission to the Federal Privacy Commissioner (PDF) by a commercial identity reference service lamented

the right to privacy should not be something that can be hidden behind so as to afford protection to fraudsters and identity thieves.

Financial institutions are bound by the current 100 points identity check. However, verifying the documentation required to achieve the 100 points is virtually impossible.

1. The RTA in NSW will not confirm/deny that John Thomas Brown born on 20/5/1950 is indeed the holder of drivers license number 7571XX issued on 12th June 2004 on card
number 444444.

2. Energy Australia will not/confirm deny that the same person is the registered consumer of their product.
3. The Department of Immigration will not confirm/deny passport information.

The list is endless and they all cite Privacy Legislation or Privacy concerns as the reason

     futures

Are 100 point schemes likely to evolve and be adapted in future?

Arguably they are attractive because they are perceived to work in the finance sector, are endorsed by government and sound less threatening than unfamiliar terms such as steganography. One of our more mordant clients sniped that people support schemes because of intangibles (100 = percent = complete = safe) rather than on the basis of understanding risks and weaknesses,

It is thus unsurprising that there have been calls for use of 100 point identity verification in new areas. In 2003 for example a federal parliamentary committee received suggestions that anyone wishing to gain an internet account should be required to provide the internet service provider with 100 points of identification, a proposal consistent with obtaining a phone account but likely to substantially inhibit churn between ISPs (many of which, in practice, simply require that the user supplies a valid credit card detail and a a landline number).

The same committee heard suggestions that all "web content providers" provide 100 points of identification to ISPs, a requirement that would be ineffective for overseas content hosts (ICHs) or free hosting services. Some ISPs/ICHs are unlikely to welcome expectations that their staff sight the originals of particular identity documents; as noted above few staff have appropriate forensic skills and such examination would often be a case of 'going through the motions'.

In 2003 the AUSTRAC chief executive commented

When the FTR Act was first thought of, this was quite revolutionary stuff. And in many ways it still is. The approach is still revolutionary, but the financial system that we leverage off is changing. The question is how we realign ourselves to deal with proprietary systems that banks give their customers to use so that in some cases they bypass the Australian operations of the banks, so we have some jurisdictional issues. How do we make sure that banks and other cash dealers under our legislation are still able to identify unusual transactions, the suspicious ones? If things are happening electronically, is there a person there who sees a transaction or a pattern of transactions and says, 'I think this is odd. I want to report it as suspicious'?

Looking ahead, AUSTRAC commented that

Underground banking is very interesting. There are some remittance dealers who basically operate as underground bankers in the sense that they are providing alternative kinds of systems to banks. Obviously the institutions do not like that. It uses their infrastructure, because the remittance dealers are customers, but of course the cream off the top is actually going to the remittance dealers, not to the institutions. But there are other kinds of underground bankers who very rarely use the financial system. Some of the ethnic underground bankers, in fact, just run sets of books which are basically setoff accounts. They will actually set-off with a counterpart in another country once every few months, once in a blue moon, so that a whole lot of transactions will happen and you will just see one big global set-off at the end of a period. Those things are not actually conducive to the sort of analytical work we do. Having said that, when you have other intelligent sources that tell you what is going on, the combination of sources is still useful, but it is an area where it is difficult to automatically pick up issues.

Underground bankers will always be an issue. They are an issue in all societies. Often underground bankers are not doing anything nefarious; it is just a cultural way of dealing in value, particularly for people who come from countries where they do not trust the stability of the institutions or their political processes and they have to trust the people they really do trust to move their money around.

Underground bankers are very complicated. We are actually doing a fair bit of research work on that under the National Illicit Drugs Strategy, and we have identified quite a few additional cash dealers who are being enlightened as to their obligations to report under the FTR act. I think we are at a point in time where, while everything is pretty effective at the moment, there are some big changes coming, and the sooner we are ready to jump in, the better.

     studies

There have been no major academic studies of the Australian 100 Points scheme, in particular its adoption outside the financial sector, although the literature on identity verification per se and on money laundering is now extensive. Salient research documents and government reports are highlighted here.

For the early development of the FTR the 1993 Checking the Cash report by the Senate Standing Committee on Legal & Constitutional Affairs is of particular value.

 



icon for link to next page   next page  (documents)








this site
the web

Google

 

 

version of November 2005
© Caslon Analytics