Westpac, BankWest dump hacked RSA tokens

Powered by SC Magazine
 

RSA claims two-factor 'is not dead yet'.

Westpac has become the third bank to dump compromised RSA SecurID tokens used by staff and corporate customers.

It follows confirmation from RSA that its two-factor authentication tokens were compromised in a complex attack on its network in March.

Westpac's announcement comes hours after ANZ Bank said it would replace its fleet of SecurID tokens.

SC Magazine Australia understands Perth-based Bank West has also begun replacing its compromised SecurID tokens.

In a statement sent to SC Magazine today Westpac said "although the security of customers’ online banking has not been compromised, Westpac will replace tokens over the coming months to ease any customer concerns."

Those concerns would have intensified after three major US defence contractors were hacked in attacks linked to the compromised SecurID tokens.

Westpac online and customer service head, Harry Wendt, said the bank does not consider the tokens a risk.

"Although we do not believe that our customers are at risk from this event, we have initiated a token replacement program to alleviate any residual concern that our customers may have."

St. George and BankSA customers do not use RSA Secure ID tokens.

Not dead yet?

RSA continues to defend its two-factor authentication system despite the growing number of banks and government agencies turning away from it.

“Lets be clear, two-factor authentication is not dead,” said Andy Solterbeck, general manager at RSA, Australia and New Zealand at the EMC Inform conference today.

“It just has to be part of a multi-layered defence.”

Solterbeck said banks should consider investing further into the RSA stack, with technologies he describes as “risk-based automation”.

RSA said it would partner closely with banks and other organisations with critical infrastructure to glean intelligence about typical use of their networks and applications, such that the security vendor can accurately assess the risks of any given transaction.

Calculating this risk would depend on such factors as the IP address the transaction originates from, IP and MAC addresses and other user credentials.

Copyright © SC Magazine, Australia


Westpac, BankWest dump hacked RSA tokens
 
 
 
Top Stories
Turnbull introduces data retention legislation
Still no definition of metadata to be stored.
 
Images: the next frontier in data analytics?
Barclay’s global data chief says we’re still at the starting line.
 
Crime Commission prepares core systems overhaul
Will replace 30 year-old national criminal database.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  27%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  21%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  25%
TOTAL VOTES: 417

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  55%
 
No
  45%
TOTAL VOTES: 196

Vote