How the Superannuation Sector Can Strengthen Its Security Posture

Superannuation funds: How to protect the identity behind them: 

In recent weeks, reports have surfaced detailing coordinated attempts to compromise member accounts across several Australian superannuation funds. These developments highlight the evolving threat landscape facing all online financial services, not just banks, and underscore the critical importance of proactive investment in advanced cybersecurity measures.

Australia’s superannuation industry collectively manages over $4 trillion on behalf of 18 million members. With accounts accessible online for transactions such as contributions, rollovers, and even lump sum withdrawals, they present a natural target for cybercriminals. Unlike typical online bank accounts, super accounts often hold significantly higher balances, making them even more attractive to fraudsters.

Super funds have made substantial investments in member services, customer acquisition, and brand presence, helping Australians better engage with and manage their retirement savings. However, the digital threat environment is evolving rapidly, and even well-established systems must continually adapt to remain secure.

Understanding the Nature of the Threat Facing Superannuation Funds

The recent incidents were not the result of sophisticated state-backed actors using advanced zero-day exploits. Instead, they reportedly involved coordinated credential stuffing attacks, a relatively basic method where stolen usernames and passwords from unrelated breaches are reused across services.

Credential stuffing is a known and increasingly common tactic across all sectors. Unfortunately, it remains effective where only single-factor authentication, such as a username and password, is used, without multi-factor or biometric safeguards in place.

While some funds have already begun responding by engaging with cybersecurity agencies and industry bodies, this moment presents an opportunity to go beyond reactive measures and commit to a more resilient, long-term approach to protecting members.

A Call to Leadership and Futureproofing

The superannuation sector has a proud record of safeguarding Australia’s financial future. This is why moving to a multi-layered identity assurance, including biometric authentication, is an essential, not optional, move. Traditional defences such as SMS-based OTPs, while helpful, are already being bypassed through phishing, social engineering, and SIM-swap attacks. Only advanced biometric authentication, such as ValidSoft’s AI-powered voice biometrics with built-in deepfake detection, can provide the strong, user-friendly identity protection needed in today’s climate. It can also be deployed to uniquely provide irrevocability, non-repudiation, and data immutability, essential when transfers or withdrawals of significant funds can occur.

Want to Put Identity First?

In practical terms, implementing a solution like ValidSoft’s See-Say® enables superannuation funds to authenticate members during digital or voice-based transactions without relying on vulnerable factors like passwords or SMS codes. By using a member’s natural voice as their unique biometric identifier, combined with real-time deepfake detection, See-Say® ensures that access to high-value accounts cannot be impersonated or intercepted, even in cases where login credentials have been compromised.

This becomes especially relevant in situations where credential stuffing attacks have succeeded in reaching the login stage but are then stopped at the point of biometric verification. The solution operates seamlessly in real-time, allowing members to engage with their accounts without added friction while giving providers the confidence that every interaction is backed by irrefutable identity assurance.

The Way Forward for Superannuation Funds

We believe that Australia’s superannuation sector is well-positioned to lead the way in security innovation, demonstrating to members, regulators, and the broader market that their protection is a top priority.

We encourage superannuation funds to take this opportunity not to adopt temporary measures, but to implement long-term, future-ready solutions that align with the evolving digital threat landscape. In doing so, they will not only protect their members’ hard-earned savings but also strengthen trust and confidence in one of the most important financial pillars of Australian society.

Reach out to us today to see the technology in action!