Westpac, BankWest dump hacked RSA tokens

Powered by SC Magazine

RSA claims two-factor 'is not dead yet'.

Westpac has become the third bank to dump compromised RSA SecurID tokens used by staff and corporate customers.

It follows confirmation from RSA that its two-factor authentication tokens were compromised in a complex attack on its network in March.

Westpac's announcement comes hours after ANZ Bank said it would replace its fleet of SecurID tokens.

SC Magazine Australia understands Perth-based Bank West has also begun replacing its compromised SecurID tokens.

In a statement sent to SC Magazine today Westpac said "although the security of customers’ online banking has not been compromised, Westpac will replace tokens over the coming months to ease any customer concerns."

Those concerns would have intensified after three major US defence contractors were hacked in attacks linked to the compromised SecurID tokens.

Westpac online and customer service head, Harry Wendt, said the bank does not consider the tokens a risk.

"Although we do not believe that our customers are at risk from this event, we have initiated a token replacement program to alleviate any residual concern that our customers may have."

St. George and BankSA customers do not use RSA Secure ID tokens.

Not dead yet?

RSA continues to defend its two-factor authentication system despite the growing number of banks and government agencies turning away from it.

“Lets be clear, two-factor authentication is not dead,” said Andy Solterbeck, general manager at RSA, Australia and New Zealand at the EMC Inform conference today.

“It just has to be part of a multi-layered defence.”

Solterbeck said banks should consider investing further into the RSA stack, with technologies he describes as “risk-based automation”.

RSA said it would partner closely with banks and other organisations with critical infrastructure to glean intelligence about typical use of their networks and applications, such that the security vendor can accurately assess the risks of any given transaction.

Calculating this risk would depend on such factors as the IP address the transaction originates from, IP and MAC addresses and other user credentials.

Copyright © SC Magazine, Australia

Westpac, BankWest dump hacked RSA tokens
Top Stories
ATO investigates 25 tech giants in tax hunt
Prepared to take tax evaders to court.
Immigration, Customs restructure IT leadership
Customs CIO promoted into transformation role.
NBN Co begins FTTB rollout
Will bring service to 6000 apartments.
Sign up to receive iTnews email bulletins
Latest Comments
Who do you trust most to protect your private data?

   |   View results
Your bank
Your insurance company
A technology company (Google, Facebook et al)
Your telco, ISP or utility
A retailer (Coles, Woolworths et al)
A Federal Government agency (ATO, Centrelink etc)
An Australian law enforcement agency (AFP, ASIO et al)
A State Government agency (Health dept, etc)

Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
I DON'T support shutting the OAIC.