KUALA LUMPUR, 21 Nov 2008: The existing laws in Malaysia are inadequate to protect internet users from identity theft, computer crime experts said.
According to intellectual property lawyer Deepak Pillai, “Malaysia’s legal position does not address online identity theft directly”.
He said the long delayed Data Protection Bill is badly needed to strengthen the existing laws, namely the Computer Crimes Act 1997 and the Penal Code, in curbing identity theft activities in Malaysia.
Deepak was speaking during a forum on Identity theft in cyberspace hosted by the Information Technology Law Committee of KL Bar yesterday.
“The Data Protection Bill, which has been on the cards since 1999, should (when passed) be adequate as a safeguard as it deals directly with identity theft offences,” he said.
He also said another positive move in curbing the problem would be to get the Anti-Spam Act passed. He said it would act as an additional safety net to contain identity theft activities in Malaysia.
The Anti-Spam Act would regulate interstate commerce by imposing limitations and penalties on the transmission of unsolicited e-mails via the internet.
Deepak said the UNISYS Security Index 2007 shows that Asian countries have the highest level of security fears in the world. This, he said, is due to the lack of data protection laws and the rising rate of identity theft crimes in the region.
The index measures consumer confidence in relation to key areas of security. The country report for Malaysia reveals that 78% of Malaysians are very or extremely concerned about unauthorised access to their personal information.
Another speaker, Shamsul Jafni Shafie, who is a former director of the Security, Trust and Governance Department of the Malaysian Communication and Multimedia Commission (MCMC), said identity theft and internet fraud in Malaysia is growing.
Statistics from a Cyber Security Malaysia research show that 1,043 incidents involving intrusions, frauds, hack threats and malicious code contents for the year 2007.
In revealing this, Shamsul said the problem is compounded by the authorities’ reluctance to act.
“In many cases, the amount lost is usually reimbursed by the banks (in the case of credit card or ATM fraud), so authorities are reluctant to spend time and money to pin down the culprits,” said Shamsul.
Professor of Law from Universiti Malaya, Prof Abu Bakar Munir, who was another speaker at the forum, said that the total loss resulting from identity theft crimes globally has exceeded US$1 billion a year.
Some of the common ways identity theft is perpetrated is via phishing, and through information retrieved from online social networking sites such as Facebook, Friendster and MySpace.
Deepak, in his presentation, also warned about the growing menace of SMiShing, which uses Short Message Service (SMS) technology to con mobile phone users into revealing their financial data.