Superannuation fraud on the rise

Powered by SC Magazine
 

No recourse for victims, but improvements are underway.

Part three of a three part series into fraud.

When was the last time you checked the status of your superannuation fund? Often, perhaps, if you are nearing retirement. But if you aren’t, you are not likely to pay your quarterly or annual statement much more scrutiny than a passing glance.

This raises some very scary questions when one considers the ease with which criminals have accessed the superannuation records and – occasionally – the superannuation accounts of unsuspecting victims in recent years.

Superannuation fraud is potentially more dangerous than online banking or credit fraud because victims may be unaware their super has been cashed out for years. Worse still, the crime is so new that there appears little recourse for victims.

Superannuation fraud

  • Begins with identity fraud.
  • Fraudsters falsify hardship payments to cash-out super funds.
  • Identity requirements are lax.
  • No obligation for reimbursement of victims.

The scam

Criminals exploit a range of techniques to first steal the identity of victims before transferring their superannuation into self-managed accounts, according to NSW fraud squad commander Detective Superintendent Col Dyson.

“Superannuation fraud is emerging – and the difference is that it works well because no-one checks their super,” Dyson said. “This fraud is quick. It’s easy to move super from large companies to a self-managed fund and then remove to cash.”

State and federal law and intelligence agencies including the Australian Tax Office, the Australia Securities and Investment Commission (ASIC) and various police services have witnessed a small uptick in the incidence of superannuation fraud since it was exposed by SC Magazine in June this year.

Register for our daily newsletter to stay connected with the latest news and analysis.

But Dyson said the problem could be worse.

“We don’t know [the full extent] exactly because we don’t know how many people are aware that their super funds have been pilfered,” he said.

Victims rarely notice account changes, making it easy for criminals to change mailing addresses.

SC Magazine has spoken to several people who each admit that superannuation statements were likely sent to old residential addresses, increasing the risk of identity theft.

But while Australian banks voluntarily reimburse customers that fall victim to financial scams, there is no such obligation on superannuation funds.

“Superannuation funds are under no obligation to reimburse victims,” says Pauline Vamos, chief executive officer of the Association of Superannuation Funds (ASFA).

Lax processes

Vamos said criminals will siphon superannuation into self-managed funds or apply for hardship payments.

“Criminals steal identities and falsify hardship documents to get early payments.”

Identity rules around self-managed funds and hardship payments are relatively weak. Bank accounts receiving the stolen funds are not checked against existing records and can be in multiple names.

In October 2011, security researcher Patrick Webster highlighted just how immature security standards in the super industry were – disclosing the ability to access electronic superannuation notices of any First State Superannuation customer by changing numerical values in URLs used to issue statements to clients.

First State initially threatened legal action against Webster, but withdrew its claim after public pressure generated from news coverage of the incident.

Thankfully, changes are in the works.

The Federal Government has mandated that superannuation funds toughen identity requirements by year’s end, and the Australian Tax Office has already refused to pay into accounts owned by more than one holder, Vamos said.

Security boffins employed by superannuation funds have formed an informal and secretive community to exchange confidential information about the latest “tricks” used by criminals.

For its part, ASFA had issued warnings to superannuation funds about the security implications of issuing statements.

Dyson pointed out that the scam is uncommon, but is emerging and the public should be aware of the threat.

“Check your super details and look for changes,” he advised.

Copyright © SC Magazine, Australia


Superannuation fraud on the rise
 
 
 
Top Stories
Beyond ACORN: Cracking the infosec skills nut
[Blog post] Could the Government's cybercrime focus be a catalyst for change?
 
The iTnews Benchmark Awards
Meet the best of the best.
 
Telstra hands over copper, HFC in new $11bn NBN deal
Value of 2011 deal remains intact.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  38%
 
Your insurance company
  4%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  3%
 
A Federal Government agency (ATO, Centrelink etc)
  19%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1884

Vote
Do you support the abolition of the Office of the Information Commissioner?