Westpac, BankWest dump hacked RSA tokens

By on
Westpac, BankWest dump hacked RSA tokens

RSA claims two-factor 'is not dead yet'.

Westpac has become the third bank to dump compromised RSA SecurID tokens used by staff and corporate customers.

It follows confirmation from RSA that its two-factor authentication tokens were compromised in a complex attack on its network in March.

Westpac's announcement comes hours after ANZ Bank said it would replace its fleet of SecurID tokens.

SC Magazine Australia understands Perth-based Bank West has also begun replacing its compromised SecurID tokens.

In a statement sent to SC Magazine today Westpac said "although the security of customers’ online banking has not been compromised, Westpac will replace tokens over the coming months to ease any customer concerns."

Those concerns would have intensified after three major US defence contractors were hacked in attacks linked to the compromised SecurID tokens.

Westpac online and customer service head, Harry Wendt, said the bank does not consider the tokens a risk.

"Although we do not believe that our customers are at risk from this event, we have initiated a token replacement program to alleviate any residual concern that our customers may have."

St. George and BankSA customers do not use RSA Secure ID tokens.

Not dead yet?

RSA continues to defend its two-factor authentication system despite the growing number of banks and government agencies turning away from it.

“Lets be clear, two-factor authentication is not dead,” said Andy Solterbeck, general manager at RSA, Australia and New Zealand at the EMC Inform conference today.

“It just has to be part of a multi-layered defence.”

Solterbeck said banks should consider investing further into the RSA stack, with technologies he describes as “risk-based automation”.

RSA said it would partner closely with banks and other organisations with critical infrastructure to glean intelligence about typical use of their networks and applications, such that the security vendor can accurately assess the risks of any given transaction.

Calculating this risk would depend on such factors as the IP address the transaction originates from, IP and MAC addresses and other user credentials.

Copyright © SC Magazine, Australia

Tags:

Most Read Articles

You must be a registered member of iTnews to post a comment.
| Register

Poll

New Windows 10 users, are you upgrading from...
Windows 8
Windows 7
Windows XP
Another operating system
Windows Vista
How should the costs of Australia's piracy scheme be split?
Rights holders should foot the whole bill
50/50
ISPs should foot the whole bill
Government should chip in a bit
Other
View poll archive

Whitepapers from our sponsors

What will the stadium of the future look like?
What will the stadium of the future look like?
New technology adoption is pushing enterprise networks to breaking point
New technology adoption is pushing enterprise networks to breaking point
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
The next era of business continuity: Are you ready for an always-on world?
The next era of business continuity: Are you ready for an always-on world?

Log In

Username:
Password:
|  Forgot your password?