Digital Id Fraud Incidents Process
Experiencing a digital id fraud incident can be distressing, but it is important to take prompt action to report and address the issue. Follow this procedure to complain about a digital id fraud incident.
We have established a Fraud Incident Response procedure to ensure that any concerns or complaints regarding identity fraud are promptly and effectively addressed. This procedure outlines the steps involved in lodging a Digital Id Fraud Incident and the process we follow at Ratify ID to resolve such incidents.
Lodging Your Incident
To lodge an incident, please provide a written statement outlining the relevant details including:
Acknowledgment of Your Incident:
Upon receiving the details of your incident, we will send an acknowledgment email within 24 hours, confirming receipt.
Investigation and Resolution of Your Incident:
We will conduct a thorough investigation of your incident, which may involve gathering additional information or contacting relevant parties.
Our aim is to resolve incidents within a reasonable time frame, generally within 5 – 10 business days.
During the investigation, we may need to contact you for further details or clarification regarding your complaint.
The incident will be handled by a dedicated Digital Id fraud controller at Ratify ID who has experience and skills in investigating and resolving fraud complaints.
Our Response:
Investigating a digital id fraud incident involves documenting the incident, allocating an investigator, securing affected systems, conducting appropriate analyses, collaborating with law enforcement if appropriate, notifying relevant parties, collecting and analyzing data, coordinating with third parties, reporting and documenting findings, implementing remediation measures, and continuous monitoring. It’s important to preserve evidence, engage experts when needed, and maintain detailed records. The investigation aims to gather evidence, identify the perpetrators, and take steps to mitigate the incident’s impact while preventing future occurrences. Collaboration, documentation, and continuous learning are key throughout the investigation process.
We will either:
a) investigate actual and suspected Digital Id Fraud Incident, unless the incident or suspected incident has been referred to, and been accepted by, an Enforcement Body such as Police or another Entity; or
b) if the Digital Id Information held by us in connection with the services you have used does not include Personal Information, take reasonable steps to support an investigation being conducted by Police or another Entity.
With all Digital Id Fraud Incidents, we will take reasonable steps to:
a) mitigate the adverse effects of the incident; and
b) eliminate or, if it cannot be eliminated, minimise, the risk of recurrence of similar incidents.
Resolution
Once the investigation is complete, we will provide you with a written response outlining our findings and any actions taken as a result.
Subject to the investigation findings we will explain any remedies or corrective measures implemented to address your Digital Id Fraud Incident.
Reporting on Digital Id Fraud Incidents
We will at all times maintain documented procedures setting out criteria for Digital Id Fraud Incident investigation processes and procedures including appropriate criteria for making timely decisions at critical stages in managing a Digital Id Fraud Incident.
We will also keep records of:
a) decisions to use civil, administrative or disciplinary procedures, or to take no further action in response to a suspected Digital Id Fraud Incident; and
b) our investigation of and responses to actual and suspected Digital Id Fraud Incidents.
c) maintain documented procedures setting out criteria for Digital Id Fraud Incident investigation processes and procedures including appropriate criteria for making timely decisions at critical stages in managing a Digital Id Fraud Incident
Will also:
a) provide Digital Transformation Australia with a report on Digital Id Fraud Incidents at least once every quarter; or
b) if the Digital Id Information held by us in connection with the services we have provided does not include Personal Information, we will take reasonable steps to support the reporting of Digital IdFraud Incidents by another suitable Entity (Accredited Provider or Relying Party).
We will include, at a minimum, the following information when reporting on Digital Id Fraud Incidents:
a) the number of Digital Id Fraud Incidents related to the Applicant in the period since the last report. The number of such incidents may be zero;
b) a description of the type or types of Digital Id Fraud Incidents and their severity; and
c) a description of the measures taken by us in response to the incidents covered by the report.
If you are not happy with our response to your Digital Id Fraud Incident:
If you are dissatisfied with our response or the handling of your Digital Id Fraud Incident, you may choose to escalate the matter to the Office of the Australian Information Commissioner at www.oaic.gov.au
If you have any questions or require further information about our process for resolving Digital Id Fraud Incidents, please contact us at fraud@localhost or Contact us here.