See if your information has been exposed in a data breach with our latest free tool Check Now
Industry news

An open letter to the Australian business community

Mark Chazan
5 Min

Dear customers and partners,

Thanks to the widespread public and political cover that followed the data breach at Optus last month and Medibank following that, it has become clear that Australians have been let down by the trust they placed in companies to protect their personal data.

Recent data breaches at Woolworths, Telstra, NAB (National Australia Bank), MyDeal, Vinomofo, Australian Clinical Labs, and Energy Australia have further underlined that personal information is not as safely stored as many would like to believe it to be.

With the widespread news, you could be forgiven for thinking Australia is under a sudden cyber assault, but the reality is it has been escalating exponentially for years. What is different now is that:

  • More people are paying serious attention to the privacy of their own information
  • Mandatory requirements to report breaches have led to more breaches becoming public
  • The scale and severity of the Optus and Medicare breaches required the companies to directly advise over 10 million customers that their data had been compromised

The result is that as Australians we have lost any cybersecurity “she’ll be right” innocence we had. That Australians are now paying greater attention to their data privacy is a positive aspect as it applies pressure on organisations to provide better data security. As a payment security company, Eftsure, in our day-to-day interactions with the market, is among the first to see the immediate impact of how this increased awareness and scrutiny is changing attitudes towards privacy and security of data. Businesses and their suppliers are taking extra precautions before sharing their data, and while that can slow us down operationally, we applaud this shift in mindset.

While the extra precautions suppliers are taking are welcomed by Eftsure, they can lead to slightly slower verifications. In addition, more suppliers may contact customers to check the legitimacy of the request from Eftsure; particularly for customers that do not have information on their website explaining that Eftsure has been engaged in this process.

When we founded Eftsure 8 years ago, our goal was to build a community network that formed a safe environment in which businesses could interact and trade securely. In service of that goal, we built our product to enable businesses to verify the bank account data they use to pay other businesses. This, in turn, required a highly secure database, software, and rigorous processes that our customers can trust and use easily. To that end, we have always had security, confidentiality, and privacy as the overriding requirement for everything we do. It is at the core of our business and manifests in never becoming complacent and continually implementing best practice security measures.

We are constantly reviewing and adding security systems and processes and regularly commissioning independent audits and reviews of our systems and processes. We built our procedures around secure verifications and provide mechanisms for businesses and their suppliers to verify our identity, procedures, and security standards. Through using Eftsure, our customers have been saved from numerous attempts to defraud them that would have succeeded if they were not using Eftsure.

It is our view that the breaches of this month can have devasting consequences for the victims in the future. In the same way that a bank robber does not run out and spend the cash stolen immediately but waits until the heat and attention subside before spending their stolen cash, the hackers do not always use the stolen data immediately. Often it gets used months or years later making it harder to trace the link between the stolen data and its exploitation of it. Often the data is taken to sell to fraud syndicates who will exploit it later. The stolen data improves their ability to impersonate both individuals and companies. They can use it to set up fake bank and other accounts in the impersonated company’s name and use these to significantly ramp up Business Email Compromise (BEC) and other payment redirection scams. The significant increase in BEC scams following the Global Microsoft Exchange Server Data breaches last year points to the same occurring in the coming years because of these recent local breaches.

In supporting data privacy requirements and verification processes of suppliers in this current cyber climate, we would like to provide the following information to current and prospective customers.

Groups: Existing customers & supplier verifications New customers
Recommendations: Due the events, we have experienced that suppliers are more hesitant to verify their payment information over the phone. To improve the speed of verification, Eftsure customers should request their suppliers to keep our reference code nearby or verify their details using the bank link functionality in the supplier portal. If your suppliers still require more information, please forward them to: Supplier information Eftsure works with highly regarded third-party privacy and security partners. If you are considering becoming a customer, we can provide their independent viewpoints on our processes, security measures and privacy
Customers should wherever possible add information to their website explaining that Eftsure have been engaged to help prevent payment diversion frauds to ensure they receive their payments. Eftsure can assist with content and/or refer you to pages on other customer sites as examples Please remember that the breaches are going to lead to more business identity impersonations which will be weaponised against all businesses paying to suppliers – Eftsure specialises in protecting against these attacks but please, even if you do not sign up with Eftsure, revisit your payment checks and controls and train your staff on these types of attacks to lower the chance of becoming a victim
Please also ensure your employees know your Finance Teams are using Eftsure and suppliers are being made aware that they use Eftsure to verify their payments which may result in Eftsure phoning them to verify their bank account details. We can provide you with our security information pack and answer any security or privacy questions you may have
We have free whitepapers on our website with information on how to secure your payments and we host regular webinars explaining the attacks so please reach out if you wish to attend an online webinar.

Two things are likely to be true; that these headline grabbing data breaches will not be the last and that companies will continue working with and sharing data with partners, be they cloud based accounting systems, ERP (Enterprise Resource Planning) software, payroll systems and other technology solutions. In that context we applaud the increased vigilance in regards the data you possess and share and encourage you to verify that all your partners have the policies and procedures in place to protect that data. Some of the questions you should ask: How is my data stored? Where is it stored? How is it transferred there? Who has access to my data? What data are we sharing and is that shared somewhere else as well? Who are the people behind the entity we are about to share this data with?

We are clear on our answers so if you have any questions about Eftsure’s stringent data privacy and security measures please reach out to your Eftsure contact.

If you are not a customer of Eftsure, I encourage you to exercise greater vigilance. If you are, I thank you for joining us in making the Australian Business community safer.

Mark Chazan
CEO – Eftsure

Related articles

The new security standard for business payments

End-to-end B2B payment protection software to mitigate the risk of payment error, fraud and cyber-crime.