Payment Security 101
Learn about payment fraud and how to prevent it
Eli: Peter Price, welcome to Eftsure’s podcast. Thank you for being here today. You’re the chairman of Crime Stoppers, New South Wales.
Peter: I’m the director and CEO. I used to be the chairman, and I was doing such a good job. They promoted me.
Eli: Even better. It’s a great pleasure to have you here today. Perhaps you could let our audience know a little bit about who you are and how you came to be involved in Crime Stoppers.
Peter: I am not a policeman and I have served in the defence force in South Africa, but I’m not a policeman. My background is in advertising. I spent 30 years in advertising, which is how I fell into Crime Stoppers. My advertising company was asked to do some work for the police, and that work in crime prevention resulted in a 72% drop in car park crime here in New South Wales. As a result of that, I was invited to attend a meeting with Crime Stoppers, and I had no idea what that was about. That was 23 years ago. I’ve been involved since then. Crime Stoppers is very much about brand marketing. For people in marketing, I like to refer to Crime Stoppers as the largest direct response marketing company in the world, because all we do every day is ask people to contact us, and we don’t give away any free state knives. That’s how I got involved with Crime Stoppers. I’ve been involved ever since. The requirement for communications professionals is obviously key because we spend all of our time basically communicating with it’s about crime prevention or about solving a crime. I guess I just fell into it.
It was an interesting opportunity for me. It’s not something that I sort out, but you could think of it as divine intervention, if you wish. It was like a whole bunch of elements that came together at the right time. Being ex-military had an effect on me. Being a victim of a crime many times over in South Africa had an effect on me. Being a comms person had an effect on me. When you put all that together and then you present crime stuff as you go, It’s a really good fit. But we found each other, and I’ve been very much in my wheelhouse and leading the organisation for a long time.
Eli: And tell me, for many people, when we think of Crime Stoppers, we think of a service that people can contact if they’ve witnessed a crime or a suspected crime. And not many people realise that Crime Stoppers is at the forefront of also fighting business crime. And that’s a very interesting aspect to what Crime Stoppers is doing. Could you let our audience know a little bit about that?
Peter: Sure. I mean, look, day in and day out, you see in the media called Crime Stoppers if you may have witnessed something, or you might have some dash cam footage about a crime but a large proportion of crime that we get involved with is organised crime. It’s not just a break and enter, or it could be a homicide, it could be a cold case. There’s a large amount of work that we do behind the scenes in organised crime. To explain what organised crime is, when you see a picture of a guy in a hoodie and he’s sitting at a laptop computer and they talk about cyber-crime, that’s a very cliched image because the reality is far from that. The reality is that organised crime, particularly run cyber-crime, that’s run by organised crime, is very organised. It is a business. They have shareholders, they have investors, they have KPIs. They run it just like a normal business. But their business is to take your money illegally. But these guys recruit some of the best talent from the universities. They pay them huge money, more money than you get in a normal job. The cliched image of a bloke sitting there in a hoodie is just not what it’s about.
That image is there to help the public understand that the people behind the keyboard look suspicious. But in actual fact, the people who lead these organisations, they look like me. They’re dressed in a suit, they’re accountants, they’re lawyers, and there’s professional people involved here. This is not an organised crime and particularly organised cyber-crime. It’s huge business. I mean, imagine if you had a bunch of… Would you trust a bunch of 20-year-olds to run an organisation of BHP. Not really. This is the size of the organisations that we’re talking about. These are not mickey mouse run of the mill in the garage operations. These are serious businesses.
Eli: And of course, these organised crimes are actually global in nature. You’ve got syndicates that are operating in other jurisdictions where Australian authorities, Australian police, have no remit. They can’t go over there and arrest people. Can you explain for us a little bit how international cyber-criminal syndicates are targeting Australian businesses?
Peter: Crime in this day and age is very much transnational. There’s international collaboration. You saw a few months ago how the Australian Federal Police have been involved in basically tapping into an organised network in Italy and through Europe into the WhatsApp environment. These guys communicate with each other all the time. They know that Australia is a high education, high income earning first world country.
What you need in order for organised crime to prosper and up, what you need is you need stable government and a strong police force. Then you go, why do you need a strong police force? You need those two things because those two things require that government and those police agencies to go by the book. They can’t do anything kind of black ops. They have to do it 100% by the book. They are completely surrounding bureaucracy, which is for an organised crime network that is great pickings. Because they know that they can sidestep them every which way, and the system doesn’t allow the police force to get around it. The system has to work in a certain way. And to make it a bit clearer, if you think of the military and the police, these are essentially vertical structures where you have a commander at the top, which is like a CEO, and you have basically top down direction, and everybody follows orders.
So in that environment, it’s very linear. Everybody has to toe the line. In a criminal environment, it’s very creative. You’ve got a top-down structure in the military and the police, but you’ve got a circular structure in organised crime networks. One of the reasons that I have actually been successful is because I come from a creative background. I don’t think in a linear fashion. I think in a creative fashion. What I’ve managed to do is work with the police, work with government, and say, well, you guys have been trained to think in a linear way. My thinking is completely different. I come to the party with a completely different perspective. Organised crime operates in a creative way. They have to find new and inventive ways of committing their crimes every single day. That’s their job. They are one of the most creative businesses in the world.
Eli: What types of innovations if you like, in crime, have we seen in recent times? Like, how have the attack vectors been shifting and evolving over the recent years?
Peter: I think things like phishing, email phishing, setting up ghost websites where the average consumer doesn’t know that they’re actually sitting on a ghost website. It looks like a fair income thing, but it’s actually not. Then that’s on a technology front. But then on the other front, there’s also crimes where they involved in importing illicit tobacco, drugs, even things like putting drugs into laminated floorboards. It requires a certain amount of creativity.
Eli: Of course, we think of crime and cyber-crime as two distinct things, but quite often the same people are involved in both. Have we noticed, in particular since the pandemic started with businesses shifting to remote work, have we seen an uptick in cyber-crime targeting businesses with people unable to maintain the usual controls over their processes?
Peter: That’s a key point. I think with a distributed workforce, so essentially, say, let’s say I’m working from home, you’re working from home, your domestic setup is set up for a domestic setup. Your firewalls were never intended to be as secure as the ones at the office. And so all of a sudden, you’ve got a distributed workforce using inferior protection, and that’s where the Achilles heel is.
Eli: Companies around Australia are struggling with these issues. With staff working from home, they’re trying to find ways that they can replicate the controls that they were able to have in the office into the home environment. And there’s a lot of challenges associated with that. Do you have any particular advice for companies about what they can do to protect themselves with their staff working from home?
Peter: I think at the end of the day, in most businesses, productivity has actually picked up in the last 18 months. I think with people commuting less, there’s less downtime. They’re literally having breakfast, and literally going to work within half an hour as opposed to commuting for an hour. I think providing the right infrastructure that is actually reflectable, that increased productivity is going to be important. I would assume that companies would be securing modems and those kinds of things that are more secure and shipping them out to their staff and going, If you’re going to work from home, can you please use this equipment? That’s what I would expect to happen.
Eli: One of the challenges from the criminal’s point of view, if they’re based overseas, is how do they get the money out of Australia? We’ve seen reports in the press of things such as money mules, where they use local people to receive stolen goods before transferring those overseas. Have you seen an increase in reporting around money mules and that type of activity?
Peter: I think the money mules have been around a long time, probably since the beginning of the mural. But I think at the end of the day, there’s those people who are bottom feeders in the organisation structure, and they’re the ones who end up getting caught. What we’re looking for is we’re looking for the guys at the top. It’s okay to take a guy out who’s at the bottom of the last rung of the ladder because he’s obviously enabling the whole system because he’s part of that system. But we want the guys who are doing all the strategic thinking at the top. That’s our key. The thing is that nobody lives under a rock. Everybody has a neighbour, everybody lives somewhere. We say to people, if you suspect anything about what your neighbour might be doing, give us a call. It’s completely in confidence. Or you can drop us a note on the website that’s completely encrypted. But when you look at those organised crime groups, they’re people at different levels. I’ll give you an example. In the lead up to business email compromise, and directly linked to that, a few years ago, the transport workers, so the workers working on the trains and the buses, particularly the buses on the North Shore of Sydney, they were going to clean the carriages and whatever.
They’d find all these piles of open mail, just bundles of it on the ground. Eventually, they started to report, why are we getting this ongoing mail in our carriages? After some time, we began to realise, actually, there’s something happening here. What they were doing is organised crime was sending what we call boxes into areas on the lower North Shore in Sydney. They were targeting buildings where the letter boxes were outside. What they were doing, these boxes, is they’re breaking into the letter boxes, stealing all the mail, looking for identification documents, so information around banking, tax office, Medicare, those kinds of things, to put together a profile. Then they would take that information and then create a false identity. Then with that identity, they would then commit online crimes. All of these things tied together. Then as a result of that, we formed a task force with the cyber command within the police, and we developed a whole strategy around that called mail theft. When you look at cyber-crime, it has some grassroots beginnings. Those grassroots beginnings are trying to basically assume other people’s identities in order to transact a cyber-crime.
Eli: You mentioned earlier the decentralised nature of the criminal activities. I imagine that that obviously helps protect themselves, so that if one component of the act is discovered, the rest of it can be isolated and continue operating. What strategies do you see in Australian law enforcement agencies adopt to try and address that challenge?
Peter: I think we have jurisdictional boundaries, which is why we have organisations like Interpol and Europol who work very collaboratively. To explain to people who don’t really understand, but Interpol is like a clearing house. If we need things that we suspect somebody’s in a different country, then Interpol has a desk in every country. They’re have 192 member countries. They have a desk in each of those places. Interpol has a desk in Canberra. We go to the guy at the Interpol desk in Canberra and say, this is our issue. We think that this person is overseas, etc. Then that information gets relayed. Now, the communications infrastructure around the world has allowed police to collaborate more effectively than ever before. Even using things like WhatsApp as an encrypted platform. We know that the crooks are using it, so we have to be in the same game. There is more collaboration. I can say that Crime Stoppers has had a significant role to play. A few years ago, with Interpol, it was an initiative that I was instrumental in launching. What happened is they decided to launch the largest fugitive hunter campaign the world has ever seen. There were about 170 odd targets, which we had great notices.
A fugitive gets a red notice from Interpol when they’re International Fugitive. They asked Crime Stoppers to get involved because we have such a strong relationship with the media and as well as the consumer facing side of police business. We led the public face of that campaign. Operation Infrared was all about red notices. Now, what we did is we were targeting… We had out of the 170 fugitives, about 35 were allocated to Crime Stoppers. We put these people’s picture in every newspaper and on every television station in the whole world in one week. There was nowhere for these people to hide. Some of these refugees were serious criminals. Almost half of those people were arrested, almost half of them. So global cooperation is good, but you need global organisations to basically help do that. Crime Stoppers, because it is international and operates in 27 countries around the world, can facilitate that.
Eli: Peter could you talk a little bit about the differences between a crime-solving approach and a crime-prevention approach, and how those two can work?
Peter: Our mandate as Crime Stoppers is to help stop, solve, and prevent crime. A crime that is being committed can be very expensive to solve that crime. The resources police resources require to investigate, etc, are very expensive, and can take a very long time. It’s very well known that crime prevention is a significantly lower cost to deploy than to solve a crime. This is, I guess, where the benefits of a system like Eftsure’s business email compromise system basically help those companies. Because if you think about the cost of deploying a system like Eftsure versus the cost of losing money through being vulnerable and being targeted, the cost of the system is actually significantly less than the vision of the money. Now, I’m not here to endorse your product or anything, but it’s systems like these that we support, not from an endorsement perspective, because obviously, people need to choose whatever they wish. But I’m just saying systems like these, these kinds of payment systems help put up safeguards in companies so that they do not become a victim. We’re trying to get less and less people to become victims. In the cyber arena, this is 100% of our focus.
We have so many initiatives every year that we run, whether it’s child exploitation, child sexual abuse, online intimidation, bullying, or phone scams, all of these things are related where the internet is actually the enabler. What we have to do is we need to get on the front foot there. We need to basically teach people how to behave better online so that they don’t become victims. It’s very important to remember that people working in companies go home and are parents. They’re people at home. It doesn’t matter whether they get that message at home, or they get that message at work. They’re still people. I think what happens in a lot of instances, people, for example, in the accounts payable department, so might come to work, and their organisation has set up rules and policies and procedures inside that company. But when they go home, it just goes out the window. Then they get this email, and they go, oh, I think I’ll just click on that. Then it’s all over. I think it’s important to remain consistent in your approach to protecting yourself from being a victim of an online crime.
Eli: Thank you for joining us.
Peter: You’re most welcome. Thank you.
Learn how Crime Stoppers NSW is at the forefront assisting Australians in the fight against many types of crime, including Business Email Compromise, Payment Redirection Scams and Identity Theft. Crime Stoppers NSW is also actively cooperating with law enforcement agencies globally to stop international crime syndicates – a major source of fraud targeting Australian businesses.
Continue reading to find out more how Eftsure & Crime Stoppers NSW are partnering to combat growing cybercrime.
Segregation of duties is critical for safeguarding business finances – and keeping auditors happy. Eftsure makes it easier, helping you...
End-to-end B2B payment protection software to mitigate the risk of payment error, fraud and cyber-crime.