iTnews
  • Home
  • News
  • Business
  • Financial Services

ANZ takes down online statements

By Darren Pauli
Dec 15 2011 2:43PM
Follow google news

Update: SC investigation finds security flaw.

ANZ has disabled customers' online banking statements after an SC Magazine investigation found a significant security flaw in the service.

ANZ takes down online statements

The bank has temporarily taken down customers' ability to download statements from the online banking service.

A spokesman for the bank said the fix, first reported by The Age, would take a "few weeks".

The ability was taken down after an SC Magazine investigation discovered statements viewed online by the bank's customers remained permanently stored in browser histories.

Because the statements are not tied to specific browser sessions and do not expire, identity thieves could potentially plunder troves of statements stored in browser histories if using public terminals.

Customers can reduce exposure to the flaw by wiping browser histories on computers after use, particularly when using shared or public computers.

SC informed the bank of the vulnerability more than a week in advance of the publication of the story to allow it time to act on the flaw.

At the time, it was understood the bank's outsourcer, Salmat, was considering fixing the issue.

Salmat designed the technology that supported the online statements but referred the matter to ANZ when asked about the flaw.

A spokesman for the bank acknowledged the issue at the time and said it was "looking at ways to further improve security".

He claimed that the issue was "not specific to ANZ". 

However, checks on the other big banks, Westpac subsidiary St George and a number of credit unions and smaller banks found they were not vulnerable to the same flaw.

This method of identity theft would be an order of magnitude more efficient than swiping statements from mail boxes.

Bank statements, when in the wrong hands, provide the account details, name, address and offer an indication of a victim's financial status.

Thieves use this information to con and steal money from individuals and institutions. SC recently detailed how scammers stole $45,000 from one man by leveraging similar information to launch social engineering attacks.

Identity theft is also used to conduct tax return and superannuation fraud.

Add iTnews as your trusted source

Add iTnews As Your Trusted Source Add iTnews As Your Trusted Source
Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:
anzbankscrimefinancial servicesfraudid theftsalmatsecurity

Related Articles

  • AudiA6 crypto launderers arrested, network taken down by police AudiA6 crypto launderers arrested, network taken down by police
  • US charges suspected Russian hacker with facilitating cyber campaign US charges suspected Russian hacker with facilitating cyber campaign
  • Gov looks for upstream threat blocking by telcos, cloud operators Gov looks for upstream threat blocking by telcos, cloud operators
  • Federal Parliamentary Computer Network set for its "most significant" upgrade Federal Parliamentary Computer Network set for its "most significant" upgrade
Join our WhatsApp Channel

Partner Content

Scalable AI solutions: secure delivery
Scalable AI solutions: secure delivery
Thomas Peer Solutions unveils data cloud platform and executive leadership forum for 2026
Partner Content Thomas Peer Solutions unveils data cloud platform and executive leadership forum for 2026
From test case to control tower: How DXC and ServiceNow are governing enterprise AI at scale
Promoted Content From test case to control tower: How DXC and ServiceNow are governing enterprise AI at scale
CommBank creates opportunities for technologists to upskill with frontier AI companies
Partner Content CommBank creates opportunities for technologists to upskill with frontier AI companies

Sponsored Whitepapers

Are Australian organisations as cyber-ready as they think?
Are Australian organisations as cyber-ready as they think?
Are New Zealand organisations as cyber-ready as they think?
Are New Zealand organisations as cyber-ready as they think?
From visibility to execution: Fixing the SaaS management gap
From visibility to execution: Fixing the SaaS management gap
When cyber risk has no clear owner: A practical guide for senior Australian business leaders
When cyber risk has no clear owner: A practical guide for senior Australian business leaders
Agile in the AI Era: why projects still fail
Agile in the AI Era: why projects still fail

Events

  • iTnews State of Security Breakfast iTnews State of Security Breakfast
  • iTnews State of Data & AI Breakfast iTnews State of Data & AI Breakfast
  • Forrester's AI Forum Sydney Forrester's AI Forum Sydney
  • The 2026 iAwards The 2026 iAwards
  • Integrate 2026 Integrate 2026
Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Westpac Intelligence Layer breaks cover

Westpac Intelligence Layer breaks cover
Westpac is embedding AI across its core "flows"

Westpac is embedding AI across its core "flows"
Suncorp creates a "clear execution roadmap" for agentic AI

Suncorp creates a "clear execution roadmap" for agentic AI
CBA finds its first chief AI officer

CBA finds its first chief AI officer
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.