Information Technology

Good people need encryption too.
Getty Images/iStockphoto
How do you tell your best friend that her boyfriend has all the charm of a malevolent vole?How do you explain to your doctor that you’ve just contracted a minor ailment after a night of major Pinot-fueled enthusiasm?And how do you reveal to your boss that, after two years of his dread ful direction, you’ve decided to enter a monastery?

more Technically Incorrect

May I suggest the answer to all of the above is: privately.This logic, however, may not be embraced by, say, every millennial. It’s definitely not embraced by many government agencies.Take, for example, the Australian Criminal Intelligence Commission. I’ll tell you where you should take it privately. Here, though, as my colleague Asha Barbaschow reported, are the public thoughts of the commission: If you use encryption, you’re likely a crook. Which may surprise one or two iMessage and WhatsApp users.

The commission’s actual words about encrypted communication services were: “These platforms are used almost exclusively by SOC [serious and organised crime] groups and are developed specifically to obscure the identities of the involved criminal entities and enable avoidance of detection by law enforcement.”I do understand that there are many bad people in the world. I fear I have done business with some. A few may have even become my friends for a short while.But to suggest — with a straight face and a public voice — that encryption is almost exclusive to the evil seems like the sort of exaggeration that only a politician would embrace. Publicly.Of course one should have sympathy with law enforcement in its quest to eliminate the truly bad. Of course it’s frustrating that the gentle and law-abiding use some of the same technological tools as the rancid and law-flouting. And governments far and wide have been exerting pressure — public and private — on tech companies to find some liberty-loving way around this dilemma. The governments insist it must be possible. Tech companies tend to follow the example set by Apple CEO Tim Cook when the company refused to hack into the San Bernardino terrorist’s iPhone: creating a backdoor for law enforcement creates a backdoor for bad actors too. And it’s not as if governments are just sitting there, playing by the supposed rules. Why, the MIT Review just revealed how the Chinese government took advantage of a hack that won a contest in Canada to spy on China’s Muslim Uyghurs.Moreover, who wouldn’t be suspicious that, given a backdoor, their government might be tempted to peek into the private lives of the law-abiding too? (Oh, you think they already do it?)There are still one or two things that humans want to communicate privately and securely to friends, family, lovers and even strangers they’ve just met on Tinder, rather than just post them on Facebook or Twitter.Even if there’s often the suspicion that nothing is private anymore, humans still cling to the belief that they can confide in one another, that they have to confide in one another.If nothing is private, what are we? A never-ending cabal of Instagram influencers? How dull that would be. More

Voice ID was introduced in 2016 to increase the security of bank transactions carried out over the phone.   
Francesco Carta Fotografo / Getty Images
British banking giant HSBC protected almost £249 million ($346 million) of customers’ money from fraudsters just in the past year, thanks to a voice recognition technology that does a better job of identifying a user during a telephone call. The voice system, called Voice ID, was introduced in 2016 to increase the security of bank transactions carried out over the phone. So far, the results seem promising: the rate of attempted telephone fraud this year was down 50% compared to the previous one. 

Since 2016, Voice ID has identified 43,000 fraudulent telephone calls and prevented £981 million ($1.3 billion) of customers’ money from falling into the hands of malicious hackers, said HSBC. “Scammers are sophisticated and it’s a constant challenge to keep ahead of them but this is promising,” said Kerri-Anne Mills, head of customer service at HSBC UK. “We’ve seen a 50% drop in reported telephone banking fraud year-on-year.” Telephone banking enables HSBC customers to carry out various sensitive operations, ranging from checking their balance to making payments and transferring money. Voice ID was introduced to replace the requirement to provide complex security numbers made of random digits, or to answer security questions which some users might struggle to remember.  Customers sign up to the service by registering their voiceprint. When, at a later stage, they phone their bank for a particular operation, they will first be asked to say a short phrase, which is analyzed by Voice ID against the original record to make sure that the voices match and that the caller is genuine. 

In addition to making the process more convenient, HSBC argues that the technology is more secure: while hackers can steal or guess personal codes or passwords to pass security checks, it is much harder to replicate someone’s voice.  To identify a customer, Voice ID checks over 100 behavioral and physical voice traits, including how fast the speaker talks or how they emphasize words, according to HSBC. The bank maintains that the technology is sensitive enough to detect if someone is impersonating the speaker or playing a recording – while also being capable of correctly identifying a voice even if the caller has cold or a sore throat. The bank has seen a recent increase in customers signing up to Voice ID, and the technology has now been adopted by 2.8 million users. According to Mills, 14,000 customers currently enroll in Voice ID each week. This is because, partly driven by the fast digitization of services caused by the COVID-19 pandemic, customers are turning to new channels to manage their finances, which don’t require physically going into a bank. “We’ve seen unprecedented challenges as the pandemic and lockdown restrictions transformed our lives significantly and, unsurprisingly, more people have turned to online and mobile banking to take control of their finances, utilizing other channels for very particular interactions,” said Mills. But although Voice ID has been praised for its security benefits, it is easy to see why things might become thorny if hackers manage to find a way around the voice recognition technology. To demonstrate the potential shortcomings of HSBC’s feature, in fact, in 2017 a BBC reporter and his twin brother successfully fooled the technology. One of the brothers managed to gain access to their twin’s account via telephone, and was able to see balances and recent transactions. The issue is not restricted to voice recognition. As more and more services are carried out digitally, biometrics of all sorts are projected to be used to authorize sensitive processes. A recent report from Juniper Research, for example, estimates that digital payments made with a handset will increasingly be based on biometric identification such as facial, voice or iris recognition, as well as fingerprints. Biometric capabilities such as Apple’s Face ID will reach 95% of smartphones globally by 2025, according to Juniper; and by that time, users’ biological characteristics will be authenticating over $3 trillion-worth of payment transactions. While the security advantages of using biometrics to prove identity are evident, those technologies are a double-edged sword. On top of the risk that a malicious actor might imitate a user’s biological characteristics to gain access to critical services, there are also concerns to do with the opportunities to hack stored biometric data. “The risk with biometrics in general is that you can’t change biometric characteristics,” Nick Maynard, lead analyst at Juniper Research, tells ZDNet. “You can’t change a fingerprint or your face.” “So if somebody comprises that data, you can’t change it, and that information becomes very risky,” he continues. “That means that vendors have to adopt very strong security principles around how they handle that data.”  More

Unknown threat actors have been employing a Windows rootkit for years to stealthily install backdoors on vulnerable machines.

In a campaign dubbed Operation TunnelSnake by Kaspersky researchers, the team said on Thursday that an advanced persistent threat (APT) group, origin unknown but suspected of being Chinese-speaking, has used the rootkit to quietly take control of networks belonging to organizations. Rootkits are packages of tools that are designed to stay under the radar by hiding themselves in deep levels of system code. Rootkits can range from malware designed to attack the kernel to firmware, or memory, and will often operate with high levels of privilege.  According to Kaspersky, the newly-discovered rootkit, named Moriya, is used to deploy passive backdoors on public-facing servers. The backdoors are then used to establish a connection — quietly — with a command-and-control (C2) server controlled by the threat actors for malicious purposes.  The backdoor allows attackers to monitor all traffic, incoming and outgoing, that passes through an infected machine and filter out packets sent for the malware. The packet inspection occurs in kernel mode with the help of a Windows driver. The rootkit also waits for incoming traffic in order to bury communication with the C2 and eradicate the need to reach out directly to the C2, which would potentially leave a malicious footprint that could be detected by security products. “This forms a covert channel over which attackers are able to issue shell commands and receive back their outputs,” Kaspersky says. “Since Moriya is a passive backdoor intended to be deployed on a server accessible from the internet, it contains no hardcoded C2 address and relies solely on the driver to provide it with packets filtered from the machine’s overall incoming traffic.”

Kaspersky suspects the APT is Chinese-speaking, supported by the use of post-exploit tools previously linked to Chinese threat groups including China Chopper, Bounder, Termite, and Earthworm. Malicious activities include host scanning, lateral movement across networks, and file exfiltration.  Victims of the APT have been found in Asia and Africa. The researchers say that “prominent” diplomatic organizations in these regions have been targeted. While the rootkit was detected in October 2019 and May 2020, the team suspects that based on timestamps related to the post-exploit of another victim in South Asia, the APT may have been in operation since 2018, or earlier.  However, it appears that attacks are extremely focused — with less than 10 victims worldwide recorded by Kaspersky telemetry. At least, so far.  Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Internet-connected technology that’s used to power smart cities makes a very tempting target for cyberattacks and local authorities need to be aware of the risks that they – and their citizens – could face if malicious hackers are able to tamper with infrastructure or services.Urban infrastructure, including emergency services, transport, traffic light management, CCTV and more, is increasingly using sensors and becoming connected to the Internet of Things in an effort to collect data and provide better, more efficient services.

However, the UK’s National Cyber Security Centre (NCSC) – the cyber arm of intelligence agency GCHQ – has warned that cyber-physical systems in smart cities could be compromised by cyber attackers if they are not secured properly.SEE: Sensor’d enterprise: IoT, ML, and big data (ZDNet special report) | Download the report as a PDF (TechRepublic)The huge volume of sensitive data being collected and stored by IoT-connected smart cities, plus the ability to disrupt, “makes these systems an attractive target for a range of threat actors,” the NCSC’s new guidance for securing smart cities warns.”These connected physical environments are just emerging in the UK, so now is the time to make sure we’re designing and building them properly. Because as these ‘connected places’ become increasingly joined up, the ubiquity of the services they provide will likely make them a target for malicious actors,” said Ian Levy, technical director at the NCSC. To help guide local authorities and protect infrastructure, organisations and people from the threat of cyberattacks that could target smart cities, the NCSC has published a series of principles that should be adhered to in order to provide these networks with the highest possible level of cybersecurity.

To start with, local authorities should understand the role of their connected place. By determining who is responsible for the connected place, what the IoT network will look like, what data will be collected, processed, stored, and shared and what operational technology is in place already, authorities can begin connecting smart cities with security in mind from the start.Authorities are also urged to understand the potential risks to the connected place. These risks range from knowing exactly what devices and software is being used to connect the place up – ensuring that it’s from a trusted, reputable vendor – to ensuring those devices are sufficiently secured when it comes to authentication. For example, a city shouldn’t be rolling out IoT devices across the network if those products still have a default username and password, as that would make them an easy target for cyber attackers, particularly if data is “collected or processed in a dumb way,” said Levy.SEE: Wi-Fi hotspots, pollution meters, gunshot locators: How lampposts are making cities smarterSmart cities are supposed to help improve services for people, but being irresponsible with data storage could result in privacy violations and poorly implemented security could allow cyber attackers to interfere with services and systems people need.”We hope these principles will help designers, owners and managers of connected place systems to make well-informed cybersecurity choices,” said Levy. While the NCSC guidance doesn’t refer to any particular potential cyber-threat actor, the director of GCHQ recently warned that the emergence of China as technology producer means that the UK and other countries could face challenges if organisations – or local authorities – become reliant on devices and software made in the country.”States that do not share our values build their own illiberal values into the standards and technology upon which we may become reliant. If that happens, and it turns out to be insecure or broken or undemocratic, everyone is going to be facing a very difficult future,” said Jeremy Fleming. MORE ON CYBERSECURITY More

The Internal Revenue Service (IRS) has secured an order to obtain records from Kraken on customers performing cryptocurrency trades. 

In the latest crackdown centered on cryptocurrency trading which is not reported for tax and income purposes, the IRS has been granted permission by a federal court in the Northern District of California to issue a “John Doe” summons on Payward Ventures Inc. and Kraken, its US-facing arm. The US Department of Justice (DoJ) said this week that the IRS is seeking information on US taxpayers who have conducted at least $20,000 — or the equivalent — in cryptocurrency trades on the platform between 2016 and 2020.   It is important to note, however, that the summons does not imply wrongdoing on the San Francisco-based cryptocurrency exchange’s part.  The summon seeks records on US taxpayers from Kraken, counted among its customers, who may have not complied with internal revenue laws and tax requirements — such as trading in cryptocurrency but failing to record taxable profits. A John Doe order is issued in circumstances when individuals have not been identified.  According to IRS guidance (.PDF), “convertible” cryptocurrency — able to be exchanged for fiat currency, such as Bitcoin (BTC) — may have tax liabilities in the United States. Virtual currency taxes have to be determined based on “fair market values” at the time of trading or purchase. Mining, too, might be taxable.  

Court documents state that the information request “is part of an ongoing, extensive investigation involving substantial IRS resources that is producing real results — millions of dollars in previously unreported and unpaid taxes recovered for the treasury to date.” “There is no excuse for taxpayers continuing to fail to report the income earned and taxes due from virtual currency transactions,” commented IRS Commissioner Chuck Rettig. “This John Doe summons is part of our effort to uncover those who are trying to skirt reporting and avoid paying their fair share.” A similar summons was previously issued to Circle, a blockchain-based payments platform headquartered in Boston.  Coinbase, too, is also subject to scrutiny by the IRS and law enforcement agencies as a popular cryptocurrency exchange. In the firm’s latest transparency report, Coinbase revealed 4,227 requests in 2020, with 90% made from the US, UK, and Germany. In total, under 5% were civil or administrative requests, whereas the rest stemmed from criminal investigations.  Update 14.40 BST: A Kraken spokesperson told ZDNet:”One of Kraken’s guiding principles is maintaining the security and privacy of its client accounts. We understand that the court has expressed concern over the scope of the proposed IRS Summons. Though the posture of this case has not given Kraken an opportunity to weigh in, we share similar concerns.” Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Google has joined Stop Scams and outlined new measures to try and clamp down on financial fraud in the United Kingdom. 

On Friday, Vice President and MD of Google UK & Ireland, Ronan Harris, said that Google is the first major tech giant to partner with Stop Scams UK, an industry-led group that aims to tackle scams at the “source” by sharing threat data and creating scam-busting initiatives for organizations to roll out. Members include Lloyds, Barclays, NatWest Group, and Vodafone. Ofcom and the Financial Conduct Authority (FCA) have also provided their support.  UK Finance estimates that £1.26 billion ($1.75bn) was lost last year alone to scams in the UK. Phishing messages, fake emails pretending to be from banks and insurers, spoof phone calls, and social engineering are all common but due to the COVID-19 pandemic and stay-at-home orders, other forms of scam have pushed to the forefront.  These include delivery-based text messages, fake vaccination appointment ‘reminders’ and charges, romance scams, investment ‘opportunities,’ and the fraudulent use of photos of trusted financial experts — including Martin Lewis — across social media to tout dubious cryptocurrency schemes in a time where many of us have lost work and may be worried about our financial future.  Action Fraud estimated that £2 million was lost to coronavirus-themed scams between the start of the pandemic and April 2020 alone.Scammers may use standard letters sent in the post, text messages, email, phone calls, or social media platforms to lure in their victims. Now, while working with the FCA, Google has pledged $5 million (£3.5m) in advertising credits to give organizations a wider scope to launch public awareness campaigns. 

In addition, Google says that the company is going to spend the next few months developing and rolling out further restrictions for financial services in the United Kingdom that advertise through the firm’s platform in order to tout fraudulent ‘opportunities’ to invest, to start a pension, and more.  “Over the past year, we introduced several verification processes to learn more about the advertisers and their business operations,” Harris commented. “During the verification period, we pause advertiser accounts if their advertising or business practices are suspected of causing harm. We are currently requiring all UK financial services advertisers to complete these programs in order to run ads.” Over 4,000 websites were added to the FCA’s warning list in 2020 for potentially running scam operations and Google has updated existing advertising policies to prevent the use of terms that make unrealistic promises when it comes to financial returns.  “Our teams are working hard on this issue because we all want UK consumers to feel safe and protected when they are managing their finances,” Google says. “Even as attempts by scammers evolve, we will continue to take strong action and work in partnership with others to help keep consumers safe.” In related news this week, Google announced an upcoming, automatic enrollment of more users into two-step verification (2SV). As passwords are not considered enough to protect our accounts, two-factor authentication can help by creating an additional layer of security. Another option is using hardware-based verification, such as the Google Titan key fob.  Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Image:Vocus
On Anzac Day, former cybermoat conjurer and secretary of the Department of Home Affairs Mike Pezzullo issued a provocative missive on the beating of the drums of war. A nanosecond of thought is all that is needed to reveal the target of the missive — China — and as if to hammer the point home, this week saw Beijing cut off China-Australia Strategic Economic Dialogue talks. Then the Australian prime minister, in a revealing feat of geopolitical misspeaking, used the words “one country, two systems” when talking about Taiwan. One country, two systems is the way Beijing handles its special administrative regions of Hong Kong and Macau. This is the backdrop upon which two Vocus executives spoke this week at CommsDay Summit, with both reinforcing the company’s pitch as being able to provide sovereignty to its customers. “Sovereignty is a factor which Vocus increasingly sees as a competitive advantage in a market where security is critical to success,” Vocus general manager for government and strategic projects Michael Ackland said. “We’ve seen an accelerating trend, particularly from government customers, where the use of sovereign assets is not just a nice-to-have but a must-have.” The company is currently on a path that will see it be acquired by Macquarie Infrastructure and Aware Super, at a valuation of AU$3.5 billion, to remain in local hands. It was something Ackland said would help with the sovereignty play.

“It’s about having a sovereign network, which is supported by two of Australia’s leading institutions and operated by secure staff, based in secure network operations centres,” Vocus COO Ellie Sweeney said a day earlier. Sweeney outlined that Vocus runs a separate secure network, called VAS, alongside its regular commercial network using segregated systems and equipment, while adding that the company will double its capital expenditure on network security during the next fiscal year. In March, two years after it first ran the idea up the proverbial flagpole, the federal Digital Transformation Agency released its Hosting Certification Framework for data centre providers, which Sweeney said could be extended to network providers. “It’s not much of a stretch to consider that if government is so concerned about how, when and where data is stored and processed, the next logical step is to take an active interest in how, when and where data is carried across networks,” the COO said. Sweeney added the company saw opportunities in building submarine cables as “new sovereign infrastructure”. This should hardly be surprising, given in 2018 Canberra decided to use around AU$200 million of its foreign aid budget to lock Huawei out of building a subsea cable to the Solomon Islands and Papua New Guinea. Instead of Huawei, Vocus eventually picked up a AU$137 million contract to build the cable. “As we have seen over the past year or two in the submarine market, governments around the globe are willing to intervene to ensure cables are built by trusted vendors and are routed through trusted territories to avoid geopolitical issues,” Sweeney said. The Vocus chief operating officer said the consortium model used to fund subsea cables might be dead, at least in the eyes of government customers. “We’ve certainly seen a growing appetite from our wholesale customers seeking capacity from Asia to the US via Australia to avoid politically contentious areas to our north,” she said. “Vocus’ complete ownership of the ASC [Australia-Singapore Cable] cable and the domestic network it’s connected to gives us a unique advantage for customers seeking certainty of about where their data is travelling. Route diversity is also increasingly seen as a critical factor, both for terrestrial networks and international networks.” During her speech, Sweeney announced Vocus would build a cable to close the loop on its national network between Geraldton and Port Hedland, under the banner of Project Horizon. “In total, Project Horizon will establish a 2,000-kilometre network of both new and existing fibre between Port Hedland and Perth via Newman, Meekatharra, and Geraldton,” Sweeney said. “The Horizon system will be designed with transmission capacity starting at 38Tbps per fibre pair, giving us a clear upgrade path … as demand requires it. It will provide another layer of redundancy and give Vocus a ‘figure 8’ of network rings across Australia’s eastern and western states. It will allow Vocus to provide geographically diverse backhaul out of Darwin.” The company is also planning to connect ASC with its North-West Cable System between Darwin and Port Hedland, as well as branch the North-West cable to Kupang on the island of Timor. Project Horizon is due to be completed by the end of 2022. Sovereignty in space Vocus not only sees sovereignty over terrestrial infrastructure as an advantage; it also wants to push it on the arena of low-Earth orbit (LEO) satellites. With its national fibre footprint, Vocus believes it is well placed to capitalise on LEO players wanting ground stations to keep latency low. “These low latencies are dependent on the deployment of extensive ground infrastructure with high-capacity fibre backhaul, so processing and storage can occur as close to the edge of the network as possible. This means having ground stations in regional areas close to where the end-users are located, to minimise round-trip time,” Ackland said. “By now you should be starting to see why a fibre company is taking such a strong interest in LEO satellites.” Ackland said the company’s controlled environment vaults (CEVs) could be upgraded to function as ground stations “all over the country”. The other card Vocus has up its sleeve, according to Ackland, is the millimetre wave spectrum it gained in December alongside the likes of SpaceX Starlink, Field Solutions Group, WorldVu (One Web), Inmarsat, Viasat, O3B/SES, New Skies Satellites/SES as well Telstra, Optus, and NBN. “Our fibre network provides the foundation to install many more CEVs and ground stations in the future as LEO satellite operators require them. And while we have the fibre, and we have the CEVs to establish ground stations, we now have another key asset to make our LEO satellite business a reality — the spectrum required to turn these CEVs into ground stations,” he said. Ackland said there was a strong argument that LEO satellites could replace voice services in the bush, which he believes would remove the need for Telstra to hook up premises with copper lines under the Universal Service Obligation. The Vocus executive went further and questioned whether NBN should be investing in its loss-making regional networks. “Wouldn’t it be more economically efficient to subsidise non-NBN services to ensure they’re set at a similar price to metropolitan equivalents, and for NBN to write off the losses? These are no longer questions that can be left for another day,” he said. “These are questions which need to be considered here and now, since LEO operators like Starlink now offering commercial services.” Even though Ackland said the LEO service is better than fixed wireless, and sometimes fibre to the node and HFC connectivity, he doesn’t believe the world will switch completely. “They will provide a viable alternative in many instances where latency meant satellite could never have been considered,” Ackland said. “I should also make it clear that LEO satellites are not going to make NBN’s two Sky Muster satellites redundant overnight either.” Vocus is using NBN business satellite services to complement its terrestrial footprint when providing connectivity to the likes of the Australian Bureau of Meteorology (BoM). In March, the Bureau called on the federal government to have its own satellite capability. “All satellite data used by the Bureau is received from international partners … this arrangement has worked well but access to this data is not guaranteed into the future,” BoM said. “In recent years there has been an exponential growth in commercial satellite data providers offering new business models, resulting in potential threats and opportunities in the space industry. In the future, this may pose a risk to the volume of data the Bureau can access if current arrangements for the free and open exchange of international satellite data are reduced.” The Bureau recently added to its wishlist, floating the idea of running a subsea cable to Antarctica and improving satellite connectivity to its weather stations. Earlier this week, Vocus was part of the launch of space communications startup Quasar, which is looking to provide ground stations as-a-service via electronically-steered phased array technology.”This technology emulates the behaviour of a traditional parabolic antenna, but no longer requires the antenna to mechanically track satellites across the sky,” Ackland explained. “As a result, Quasar’s technology is able to connect to hundreds of satellites at once, managing connections through time slots for uplink and downlink activity.”One thing which excites me about our work with Quasar is that it’s an Australian company, backed by Australian funding, developing a sovereign Australian capability in the modern-day space race.” Related Coverage More

Suicide Prevention Australia has asked the federal government to do more to regulate the gambling industry, particularly when it comes to the behind-the-scenes data-sharing arrangements betting platforms have with one another.The Senate Standing Committees on Environment and Communications is currently looking into the online gambling space. The focus of the inquiry are the amendments to the Interactive Gambling Act 2001 that would prevent interactive gambling service providers from accepting payments by credit card, creating a criminal offence and civil penalty provision for those that do so, to be overseen and enforced by the Australian Communications and Media Authority (ACMA).But in its submission [PDF] to the inquiry, Suicide Prevention Australia has highlighted simply blocking credit card use is not enough to curtail the domino effects a gambling problem can have.”While we welcome the reforms in this amendment, we believe the Commonwealth government should go further in reducing potential harms to the lives of Australians who engage in interactive gambling,” it wrote.The organisation shared with the committee the findings of a roundtable it hosted in October. “Our roundtable identified the need for greater regulation of the gambling industry across jurisdictions in Australia. In particular, the need for restrictions on gambling companies use of personal information to target gamblers by offering incentives to gamble,” it said.

Suicide Prevention Australia said that betting companies share client data among each other.”For example, when a client ceases gambling with one company, the company trades client lists with another company who then offers targeted incentives or enticements to the person so they begin gambling again with a new company,” the submission explained.This alarming practice was detailed by the ABC in an article it published last year, which shared the experience of an Australian man who had closed a betting account only to be wooed back in by special treatment and VIP status. He also received unsolicited calls from a competing betting platform when his account with the first was frozen. “The issue of data sharing and incentives has a significant impact on Australians who gamble, as problem gamblers are being actively incentivised to resume their problematic behaviours, which can extend to resuming other forms of gambling eg electronic gaming machines,” Suicide Prevention Australia said. “Gambling companies are further not required to conduct financial risk assessments on clients prior to opening an account with the company.”To that end, it has asked the committee to consider its recommendation to strengthen privacy regulations for people who gamble to prohibit companies from sharing or selling client contact data among the industry.The organisation also called for more to be done around advertising regulation, pointing to a study commissioned by the Victorian Responsible Gambling Foundation on young men and their gambling behaviours that found, on average, participants had four separate accounts with online betting companies. It said the report also found gambling uptake was driven by promotions from betting companies.In its submission [PDF], the ACMA said the potential benefits of banning the use of credit cards for online gambling domestically needed to be balanced against the risk of consumers moving their gambling activities to offshore providers.It noted that illegal offshore gambling services often allow consumers to use Australian credit cards to deposit money into their accounts. “We have observed that these illegal gambling providers are increasingly using third party payment processors to mask their gambling services and the MCC [merchant category code] can reflect services other than gambling,” it wrote. “This can make it difficult for credit card providers, or indeed those potentially charged with regulatory oversight, to identify the illegal activity and take disruptive action.”The providers of these illegal offshore services are typically located in jurisdictions with limited regulatory oversight and minimal or no consumer protections, it added.IF YOU OR ANYONE YOU KNOW IN AUSTRALIA NEEDS HELP CONTACT ONE OF THESE SERVICES:Suicide Call Back Service on 1300 659 467Lifeline on 13 11 14Kids Helpline on 1800 551 800MensLine Australia on 1300 789 978Beyond Blue on 1300 22 46 36Headspace on 1800 650 890QLife on 1800 184 527RELATED COVERAGE More