MyCRA is a partner in Cyber Security Awareness Week 2012 running 12-15 June. The issue of smartphone security was put forward as a growing area of concern amongst information security experts. We look at the dangers of lax smartphone security – since reports show about 4000 smartphones are lost or stolen in Australia every week.

By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repairs and

Yesterday Inside Retail published research from PayPal Australia showing that smartphone users did not afford the same type of security for their smartphones that they may afford for their home computers. The article, titled Security fears over m-commerce reveals some worrying statistic on smartphone security, considering the increasing use of smartphones to perform functions normally reserved for personal computers.

PayPal Australia’s research shows:

One in six (16 per cent) of Australian smartphone users have lost, misplaced or had their phone stolen in the last year

BUT only 30 per cent remotely wiped their data after losing their smartphone and less than half (43 per cent) changed their online passwords.

AND half (49 per cent) of Australian smartphone users don’t use a passcode on their mobile device.

Here is an excerpt from that article:

In support of National Cyber Security Awareness Week (NCSAW), PayPal and the Centre for Internet Safety at the University of Canberra (CIS) have called for Australians to stay vigilant with their smartphones as they would their personal computers and wallets. Australians increasingly use smartphones to store a substantial amount of personal data, from bank statements to calendars to social networking profiles….

Prashanth Ranganathan, director of mobile security and risk at PayPal is in Sydney this week in support of NCSAW, speaking to industry stakeholders about the need for consumer education as mobile payments becomes increasingly prevalent.

“Australia is among one of the largest mobile markets in terms of smartphone penetration

[3]. Australian consumers are increasingly using their smartphones to shop and pay while on the go but are unaware of the size of the digital footprint stored in their smartphones. By transacting through PayPal, consumers are provisioned with an additional layer of protection by ensuring their personal financial information is never stored on the physical device and never shared with businesses they are transacting with,” Ranganathan said.

Australians are keen to take advantage of the mobile convenience of smartphone technology, but according to PayPal’s research are not protecting themselves beyond the home. Smartphone owners were three times more likely to be more mindful of the security of their wallets than of their smartphones and one in three (36 per cent) stay logged into mobile applications.

Alastair MacGibbon, director at CIS said: “With over 12 million Australian smartphone users expected in 2012, criminals are now making moves to target mobile users. Australians must stay alert and ensure they protect themselves across all their devices. As the technology evolves and more Australians use their smartphone devices to fulfill a wider range of functions, consumers need to keep an eye out for fraudulent encounters and be educated about ways to safeguard their smartphones from cybercrime.”…

PayPal and CIS have listed key tips to help consumers better protect themselves while transacting on their smartphones:

• Set up your first line of defense – Enable a unique passcode so that your smartphone automatically locks when you’re not using it.
• Know who you’re transacting with – Use reputable mobile sites and applications. Look out for trust cues like the padlock symbol before entering your financial information.
• Watch out for duplicate applications – Cyber criminals take advantage of trusted brands by creating free applications that mimic the company’s official application. If you’re unsure, always download the application directly from the company’s website.
• Know how you’re connected – Use a secure network to transact online and watch out for people looking over your shoulder while using free Wi-Fi networks.
• Keep track of what you’re sharing – Be aware of the permissions your applications request from you. Review permission requests carefully and only share information that you are comfortable sharing.
• Don’t store sensitive data on your device – never store sensitive financial data on your smartphone.
If your smartphone is lost, stolen or misplaced, remember to:
•Remotely wipe your data – Enable this feature at purchase so that you can use it to your benefit if you lose your device.
• Immediately change your passwords – Change your online passwords for the mobile apps and websites that you automatically sign into, such as email, calendars, social networking sites, app stores, messengers, video sites.
• Get help – Contact your provider or manufacturer and enquire about mobile tracking or whether they can disable your phone on your behalf.

The rise in the use of smartphones, and mobile digital devices in general points to a need for users to be more cautious about the security of those devices, and aware of the potential for identity theft should they fall into the wrong hands.

Smartphones, tablets and laptops give people their lives at the touch of a button – allowing access to email, bank accounts and social networking, but he says this access would be a goldmine for fraudsters.

Research put out by AVG Security last year shows the number of mobile phones reported lost or stolen in Australia has doubled in the past five years to 200,000 annually — that’s 4000 a week, or one every three minutes.

If people have their laptop or I-phone stolen, these days it can be the same as someone breaking into their home or stealing their PC. If the device is not secure, often there is enough information on there for a criminal to go about hacking into their bank accounts, or stealing someone’s identity and taking credit out in their name.

Identity theft can hit twice, often with victims facing an uphill battle with their credit rating following it. Many times the identity theft victim is unaware their good name has been used until they apply for credit somewhere and are flatly refused. People may have credit applications as a minimum and possibly defaults, mortgages and mobile phones attributed to them incorrectly.

Once an account remains unpaid past 60 days, the debt may be listed by the creditor as a default on a person’s credit file. Under current Australian legislation, defaults have to remain listed on the victim’s credit file for a 5 year period.

What is not widely known is how difficult recovery from identity theft can be, due to defaults remaining on credit files for 5 years. Unfortunately there is no guarantee they can be removed from a person’s credit file. The onus is on the identity theft victim to prove their case to creditors.

Security companies like AVG also have software such as ‘AVG Mobilisation’, which can help users track and locate a lost or stolen smartphone or tablet on Google Maps. They can also enable remote locking, and remote wiping allowing personal information to be removed if the device is lost or stolen. There are similar products with other security companies.

People who suspect identity theft should report the matter immediately to Police, no matter how insignificant they think the fraud is.

This crime is not very widely reported. But it is only through people reporting identity theft that any real statistics get collated on this issue. Likewise, if people want to try and repair their credit rating, the first thing I tell them is to make sure they have a Police report.

For more information on identity theft risks and how people can repair their credit rating following identity theft, visit the MyCRA Credit Rating Repairs website

Image above: Ambro/