Why I Think We Should Be Worried Optus Is Sharing Their Hacked Data with Financial Institutions

ilovefullprice on 07/10/2022 - 17:58
Last edited 08/10/2022 - 11:47

Given most long term Ozbargainers would more likely than not have multiple Optus accounts over the years (for reasons an experienced Ozbargainer would know 😉), I thought it would be worth while posting this to bring up a discussion on this.

I used to work for a bank and I am well aware that such data (no. of mob. phone accounts you own) can be used to determine whether you get approved for a loan or not. As part of the loan approval process, most banks already integrate fraud as a scoring metric to approve or disapprove a loan.

Based on most websites that I have googled on the Optus hack, it appears the hacked data can be used by financial institutions in the following:

In addition, information can only be used for the “sole purposes of preventing or responding to cyber security incidents, fraud, scam activity or identity theft”.

https://www.mortgagebusiness.com.au/technology/17263-custome…

So the sentence above has the word fraud. Banks can argue they are using the Optus hacked data for their general loan application process (which includes fraud purposes), rather than for genuinely only detecting hackers who had obtained your data and are using it to apply for a loan under your name.

If this does happen (ie. banks using the hacked data for their general loan application process), those who have multiple Optus accounts could be discriminated against from getting approved for a loan, when you are not actually a fraudster but have multiple Optus accounts for other valid (or non-fraud) reasons. (Note: it is more likely if someone has multiple mob. phone accounts, that’s not normal and would likely negatively impact your loan application).

Open for discussion.

Mobile

Related Stores

Optus
Optus

Comments

  • RotundPolarBear on 07/10/2022 - 18:34

    Curious what you would use multiple mobile numbers for, if not for fraud?

    • rhimes on 07/10/2022 - 18:53
      +1

      OP has a mistress or something on the side?

    • isthisreallife22 on 07/10/2022 - 18:54
      +6

      There may be people that just get prepaid sims for e.g. their ipad and keep getting new ones when the original runs out, rather than topping up or porting

      • ilovefullprice on 07/10/2022 - 19:26

        This is a good point. Hoping risk managers share the same thought and decides to exclude “no. of mob. phone accounts you own” as a feature in their loan application (fraud part) process.

    • mapax on 07/10/2022 - 19:29
      +2

      I have 4 mobile phone numbers. One for my personal phone, 2 numbers for security cameras, and I sometimes activate a 4th number for work.

      • elgrande on 07/10/2022 - 21:45

        Do you chat to the security cameras often?

        • mapax on 07/10/2022 - 21:49
          +1

          I send them a text to see how they’re going if I haven’t heard from them for 24hrs.

    • Mokr on 07/10/2022 - 19:46
      +2

      Gps trackers. Giving SIM cards to relatives.

      Just boredom

    • Nickels n Dimes on 08/10/2022 - 15:45

      I have 5 numbers under my name, one for my tablet and one for each member of my family, which allows me to switch providers easily, whereas different accounts have to be switched by the named account owner - can be very sticky if that person isn't old enough to actually activate a SIM.

    • cfuse on 08/10/2022 - 16:14

      I barely use my phone, so I have one prepaid voice sim and one post paid data sim.

      If you're going to commit fraud then what you want are numbers in other people's names.

  • isthisreallife22 on 07/10/2022 - 18:39
    +4

    those who have multiple Optus accounts could be discriminated against from getting approved for a loan, when you are not actually a fraudster but have multiple Optus accounts for other valid (or non-fraud) reasons. (Note: it is more likely if someone has multiple mob. phone accounts, that’s not normal and would likely negatively impact your loan application).

    That seems like a leap?

  • bobbieb on 07/10/2022 - 18:48
    +3

    I'm curious… given that many folk have multiple phone numbers for the family unit - even more if you include things like data-only sims - is there some specific concern?

    You're already required to declare your household expenditure - including telecommunications and internet expenses as part of the credit assessment - and that is checked against your credit card statements, etc.. They may not currently know specifically how many SIMs you have, but they know how much you're paying for them. I can't imagine them really caring either way.

    • ilovefullprice on 07/10/2022 - 19:43
      -2

      Some risk managers may have the view that if you have too many mob. phone numbers, this could be an indicator that you are conducting fraud on other things using so many mob. numbers. But your point is also valid. Hoping risk managers share the same thought and decides to exclude “no. of mob. phone accounts you own” as a feature in their loan application (fraud part) process.

      The expenditures you mentioned in your 2nd paragraph mainly falls under the non-fraud part of a loan application process.

      • bobbieb on 07/10/2022 - 20:11
        +2

        Some risk managers may have the view that if you have too many mob. phone numbers

        LOL… or you could just have a partner and a handful of kids with Iphones, ipads, etc.

        All that I'll say is that the banks have far more reliable means of identifying fraudsters and are more than aware of how easy it is to get a phone under a fake name.

        • ilovefullprice on 07/10/2022 - 21:52
          -3

          As I used to work in a bank, I am aware data like this (no. of mob. phone accounts) can be used in scoring loan approvals (with the argument that this data can be used for general fraud prevention, rather than specifically for this Optus data hack fraud prevention).

          • HelpMeiCantSee on 08/10/2022 - 09:35
            -2

            @ilovefullprice: That’s an absurd (and discriminatory) assertion. Perhaps if you have 20 accounts, maybe- but legit fraudsters would be using a fake name anyway.

            That being said, I’m completely unsurprised that bank(s) would assess such an asinine and arbitrary criteria. Total spend may be relevant, no.of services not.

            There was a time I had a 3G sim for home internet (no adsl available where I lived), iridium satphone , globalsat/Inmarsat backup satphone, work mobile (x2), personal mobile, portable data sim/dongle. Oh and my wife’s phone too. That was life in the early 2010s in rural Australia to try to stay connected. Oddly enough, HF radio was most reliable then too, but sadly was used more for fun/novelty!

            Then there were the sims for the GPS trackers (2g text based devices back then). I think I had 4.

            Anyway that was a fun trip down memory lane, I’m surprised how much I miss those days! Funny how the human brain works hey

            • ilovefullprice on 08/10/2022 - 11:47

              @HelpMeiCantSee: Yes, I was referring to those who has 20+ or an abnormally large number of mob. accounts. So more on the extreme end, especially relevant to those who are “experienced” Ozbargainers.

              • Nickels n Dimes on 08/10/2022 - 15:51

                @ilovefullprice: 20 at once? Most likely a business owner or drug dealer. 20 over a lifetime wouldn't be unusual at all, I have 4-5 at once for my family use and probably 70-80 SIM accounts in my lifetime.

                • ilovefullprice on 08/10/2022 - 16:20

                  @Nickels n Dimes: 20 is just an arbitrary number here. The threshold number is to be determined by banks by analyzing the data and determining what is the threshold number considered to be abnormal.

  • CyberMurning on 07/10/2022 - 18:52

    i still worry about covid……

  • singingwolf on 07/10/2022 - 19:07
    +4

    Talk to the Federal govt. This is their idea. I don't want my data shared with anyone.

    • cfuse on 08/10/2022 - 16:23

      Why don't they just save time and post it directly to the dark web? /s

  • miwahni on 08/10/2022 - 01:45
    +2

    I have done this day in day out for years and can honestly say that the number of mobile phone numbers someone might have has never been a metric in the decision process. Access to the Optus leaked info database could be a good thing, as banks could be keeping a closer eye on apps from people whose data was leaked, in order to doubly confirm the applicant is genuine and not someone using leaked details fraudulently.

    • ilovefullprice on 08/10/2022 - 12:04

      It has never been a metric in the past doesn’t mean it can’t in the future. Once banks have this data, and laws are vague, they don’t need to seek your consent or ask you in an application form to use it (for other things).

      No doubt I agree sharing the leaked data with banks are a good thing for the banks to keep a closer eye in order to double confirm etc. What I am questioning is if they use this data for something else more, ie. use it in their general loan application process, since in the sentence from the link in my post above states that this data can be used for fraud purposes, and most bank’s general loan application process these days has a fraud component in the application process.

      If the law says that this leaked data can’t be used in the bank’s general loan application process (but just for keeping a closer eye), then I will be happy.

  • ColtNoir on 08/10/2022 - 10:36

    Having worked for a telco, most people will have more mobile numbers/services/accounts than they realise.

    Your mobile broadband, mobile.
    Fetch box add-on, separate service(for each).
    4G backup for your fixed internet, mobile number.
    Optus email address, that’s a service.

    The data from Optus if used for other purposes would cause more harm than good to the bank.

    • ilovefullprice on 08/10/2022 - 12:11
      +1

      The data from Optus if used for other purposes would cause more harm than good to the bank.

      The product team will like what you say. The risk team will not.

  • cloudmonk on 08/10/2022 - 17:16
    +3

    This is almost worse then the hackers putting your details on the dark web.

    Identify the compromised identity documents and have the numbers canceled and issue new ones. No need to forward your personal details to other financial institutions.

    This just goes to show the 100 points of ID system is now compromised and we need to look at a third party trust system such as you need to go to say your my gov and confirm your opening an account with ABC Bank.

Login or Join to leave a comment
Login Join