Australians’ retirement savings are set to become more exposed to cyber security breaches, a report has cautioned, as superannuation funds follow an industry-wide trend of consolidation while lacking the capacity to handle larger amounts of data.
The white paper, Keeping Our Money Safe: Data and Security of Payments in 2020 and Beyond, from InPayTech has forecast pay-tech vendors catering to the super sector will need to be aware of evolving customer experiences and expectations around data security.
Australian superannuation assets are predicted to almost double in the next decade, with KPMG forecasting the industry, now at $2.8 trillion, will reach $5.4 trillion in 2029.
The big four accountant has previously reported 2019 for the super industry has been defined by mergers between funds, and it expects the trend will continue. KPMG noted regulatory pressures has led companies to seek the capacity of a larger entity to meet compliance standards.
However, InPayTech has warned the “prospect of a smaller number of mega-funds managing a larger pool of total superannuation assets, and the complexity of asset transfers in amalgamation processes, will make fund members’ data even more vulnerable to errors and security breaches.”
The paper mentioned a need for more attention to data mismatch and error management, increased knowledge transfer and cooperation between funds and other third parties.
“Fund trustees will be required to allocate greater resources and attention to technology, cyber security and related risks, and the roles of chief risk officer and chief technology officer will acquire greater budgets and significance in the internal hierarchy than is currently the case,” the report warned.
Last month, ASIC revealed an international syndicate attempted to steal as much as $10 million from superannuation and share trading accounts.
InPayTech chief executive Dean Martin has predicted in the next year or two super fund members will demand more security around their personal and private data.
“I think fund trustees will start to ask themselves, ‘Is my process for facilitating SuperStream payments, contribution payments, and processing protecting end-to-end or exposing my members’ data? Is it also potentially putting my employers, the ones that paid me in potential breach of the Notifiable Data Breach scheme as GDPR [General Data Protection Regulation] and the Australian equivalent of that sort of ramps up around that next bit of legislation?” Mr Martin said.
“They’ll be forced to ask those questions. I think as well, working Australian employees will be demanding that our personal and private data’s always secure and treated respectfully, particularly in a process where it could be transferred weekly, fortnightly, monthly or at the minimum of quarterly.”
He commented consumers have largely been unaware of data security around super until recently.
“You’d always operated under the assumption that your data is only accessed [safely], your data is being secured appropriately,” Mr Martin said.
“Five or six years ago, cyber crime, identity theft – were they really conversations people were having? Perhaps on a peripheral.
“Right now, that’s sort of a pretty central conversation the country’s having. Individuals are concerned about it, organisations are concerned about it, governments are concerned about it and they’re trying to address it.”
InPayTech has also advised that pay-tech and other market participants will need to develop application programming interfaces (APIs) and other technology solutions to accommodate emerging and developing data transmission and security standards.
Currently, data transmission through the centralised real-time network New Payments Platform (NPP) is not compliant with the regulations for SuperStream Transaction Network, the system for employers to make compulsory super payments.
As noted by the report, the NPP is set to become the “backbone of Australia’s payment infrastructure,” with its “scalable, layered architecture and ability to add new overlay services.” Pay-tech industry vendors will need to adapt their operations and service models and processes to the NPP infrastructure, InPayTech said.
The provider, NPP Australia, has indicated it is looking to develop support for super payments through its platform in its newly released roadmap.
But Mr Martin added there are other innovations that could be added to the ecosystem, to make super contributions frictionless and to enable two-way communication between members and employers.
“Let’s use that ecosystem that an employee interacts with, just as you probably would have. You would’ve at certain points in your life been checking your salary,” he said.
“How great would it be if your account balance for your super’s there and your last super payment was there so you know when your last super payment went in, how much it was and when it happened. And extend that idea a little bit further, how about if when you’re in there, you see your super balance and when you’ve changed your role or your industry, it’s in a different type of insurance for you.
“You can just, while you’re checking something you’d normally do in your payroll, book your leave or check your salary. But what if while I could do that, I could have a meaningful interaction at the other end of this?”
Sarah Simpkins is a journalist at Momentum Media, reporting primarily on banking, financial services and wealth.
Prior to joining the team in 2018, Sarah worked in trade media and produced stories for a current affairs program on community radio.
You can contact her on [email protected].
Super funds must now have a retirement income strategy in place. ...
Super fund leaders are confident they will meet the impending RIC deadline. ...