Westpac, BankWest dump hacked RSA tokens

By

RSA claims two-factor 'is not dead yet'.

Westpac has become the third bank to dump compromised RSA SecurID tokens used by staff and corporate customers.

Westpac, BankWest dump hacked RSA tokens

It follows confirmation from RSA that its two-factor authentication tokens were compromised in a complex attack on its network in March.

Westpac's announcement comes hours after ANZ Bank said it would replace its fleet of SecurID tokens.

SC Magazine Australia understands Perth-based Bank West has also begun replacing its compromised SecurID tokens.

In a statement sent to SC Magazine today Westpac said "although the security of customers’ online banking has not been compromised, Westpac will replace tokens over the coming months to ease any customer concerns."

Those concerns would have intensified after three major US defence contractors were hacked in attacks linked to the compromised SecurID tokens.

Westpac online and customer service head, Harry Wendt, said the bank does not consider the tokens a risk.

"Although we do not believe that our customers are at risk from this event, we have initiated a token replacement program to alleviate any residual concern that our customers may have."

St. George and BankSA customers do not use RSA Secure ID tokens.

Not dead yet?

RSA continues to defend its two-factor authentication system despite the growing number of banks and government agencies turning away from it.

“Lets be clear, two-factor authentication is not dead,” said Andy Solterbeck, general manager at RSA, Australia and New Zealand at the EMC Inform conference today.

“It just has to be part of a multi-layered defence.”

Solterbeck said banks should consider investing further into the RSA stack, with technologies he describes as “risk-based automation”.

RSA said it would partner closely with banks and other organisations with critical infrastructure to glean intelligence about typical use of their networks and applications, such that the security vendor can accurately assess the risks of any given transaction.

Calculating this risk would depend on such factors as the IP address the transaction originates from, IP and MAC addresses and other user credentials.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:
financeitfinancial servicesrsasecuridsecuritytokenswestpac

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

ANZ Institutional readies go-live for "multi-agent chatbot" amie

ANZ Institutional readies go-live for "multi-agent chatbot" amie
Westpac pilots AI to analyse inbound call content

Westpac pilots AI to analyse inbound call content
Westpac hires CBA's data chief to lead AI, data and digital

Westpac hires CBA's data chief to lead AI, data and digital
ANZ explores agentic AI opportunities

ANZ explores agentic AI opportunities
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?