Banks told to tighten security after payments data breach – Digitalmunition




News no image

Published on August 26th, 2019 📆 | 4134 Views ⚑

0

Banks told to tighten security after payments data breach

In that event, scammers compromised 98,000 PayIDs with 600,000 PayID lookups over six weeks.

Dr Haskell-Dowland said that, although bad actors were not able to directly access bank accounts with the details obtained, it provided the seed of a broader scam incident.

“You’ve got the potential for what we call a phishing attack,” he said. “They’ve now got means of contacting customers, their BSB and account numbers, and be able to quote individual information.”

“Information security is obviously of paramount importance. We are deeply disappointed this occurred and apologise to those affected.”

— CUA Spokeswoman

With this information, scammers could contact customers with enough authenticity to convince others that they are actually from the bank and trick them into handing over more sensitive information.

Dr Haskell-Dowland said even simple measures – like a limit on the number of lookups an individual can make or an artificial intelligence algorithm that identifies searching patterns – should have been in place.

“Those protections should have been in place since the beginning or at least after the June breach,” he said.

“That prior incident should have caused a complete review of the system … I think there is a level of responsibility on the NPPA to protect their infrastructure better.”

Chief executive of NPPA Adrian Lovney said the body had taken steps to increase its cyber security since June.

“We recently commenced implementation of more targeted cyber security requirements upon participating institutions,” he said.

The latest hack brings the total number of personal details gleamed from the PayID system in recent months to almost 200,000. Arsineh Houspian

The most recent breach came through CUA’s systems; however, several other institutions using the NPP, including the big four banks, were affected.

“CUA has worked closely with our NPP payment industry providers, NPPA and Cuscal to enable notification of affected individuals,” a CUA spokeswoman said.

“Information security is obviously of paramount importance. We are deeply disappointed this occurred and apologise to those affected.”

The NPP is an industry-led initiative to standardise real-time payments between bank accounts, with the New Payments Platform Australia body governing its rollout.

PayID was one of the first innovations of the platform, yet subsequent breaches have thrown it into disarray.

Westpac, while also the centre of the first PayID breach, has been hit by the second breach, which occurred on August 16.

The bank has warned its customers to be wary of SMS phishing attempts, personalised messages that looks like a legitimate message from Westpac or another bank.

However, it said no customers from its subsidiaries Bank of Melbourne, St George, and BankSA were affected.

Westpac, along with the other big four banks, would not confirm how many of its customers had been affected by the breach.

The National Australia Bank, however, did say it has now put an extra layer of fraud detection and security controls in place to protect its customers.

“NAB has contacted impacted customers following the data breach event at another Australian financial institution, which exposed PayID details registered to customers from a number of banks, including some NAB customers,” a spokesman said.

The Commonwealth Bank has also taken steps to inform customers of the breach, including those of its Bankwest division.

“This incident affects a small number of CommBank and Bankwest accounts,” a spokeswoman said. “We are encouraging all customers to be extra vigilant to protect their information and be aware of scams and phishing attempts.”

ANZ Banking Group issued a similar statement and urged customers to contact the bank if they were the target of a hoax email or text.

“ANZ will never send an email or SMS asking for your account or financial details, or your log-in details,” the ANZ spokesman said.

Source link

Tagged with:



Leave a Reply