CommBank discovers security issues with NBN-connected ATMs

By on
CommBank discovers security issues with NBN-connected ATMs

New CIO responds to migration inquiry.

The Commonwealth Bank’s new CIO David Whiteing has offered up his thoughts on how the process of migrating users to the NBN could be improved, revealing security issues resulting from the connection of ATMs to the NBN.

Communications Minister Malcolm Turnbull last month asked industry how the migration of users from copper services to the NBN could be fixed following difficulties with the first round of transfers.

Customers in the first 15 fibre-serving area modules (FSAMs) were disconnected in May this year, but the migrations were less than smooth due to contractors missing appointments and premises being unserviceable, as well as a lack of customer awareness and cooperation between the parties involved.

In their submission [pdf] to the proposed policy, Whiteing and CBA CEO Ian Narev outlined a number of specific barriers to CommBank’s current migration to the NBN, specifically related to off-premise ATMs, EFTPOS terminals and bank branches.

CBA discovered security issues when testing non-branch ATMs on the NBN, Whiteing revealed, finding connections to the NBN network terminating device (NTD) data port allowed access to the internal CBA network without authentication.

“As the NTDS are commissioned in common areas for complex sites (eg shopping centre MDF and communication rooms) and are shared by multiple [retail service providers] and customers, there is a potential security threat to anyone using the CBA services passing through this junction,” Whiteing wrote.

He said Telstra had developed an interim solution for the problem but a long-term fix was needed. Whiteing also said it needed to be made clear who held the responsibility for maintaining shared NTDs once NBN Co’s two-year warranty expires.

Whiteing also revealed the bank had experienced a 10 percent failure rate with EFTPOS transactions using the NBN service due to an incompatibility of existing EFTPOS dial terminals with NBN fibre.

Additionally, a 90 percent failure rate occurred when terminals needed to stay connected for a longer period of time than usual - such as when a software upgrade or download was needed.

“We understand that the NBN Co emulated voice service is based on a communications standard that only supports slow transmission speeds. This prevents reliable connections by our EFTPOS terminal fleet and consequently EFTPOS transactions fail,” Narev wrote in an accompanying letter to Turnbull.

“It should be noted that whilst the CBA is looking to move our customer’s dial terminals to fixed line (Internet Protocol) or mobile services, it is not guaranteed that our customers will want to change terminals and as such we are obligated to maintain their existing service,” Whiteing wrote.

“CBA could be impacted by customer dissatisfaction with the disruption caused to their business resulting in churn away from our services.”

Narev requested the NBN Co supplied voice service be either tuned to increase the reliability of the EFTPOS terminals or an alternative solution be provided.

He also asked that NBN Co introduce a low cost data service to replace the dial up services merchant EFTPOS terminals use currently, to minimise commercial impact from service failure.

CBA’s migration to the NBN has been made more difficult given the lack of installation guidelines for corporate and business customers, Whiteing said, which was especially necessary for complex sites.

Guidelines were needed to address the potentially high physical and operational risks associated with NBN Co activities on premises, especially in relation to drilling through security and fireproof walls.

Such problems are compounded by CBA’s stringent access and changes policies, Whiteing said, which include requiring NBN contractors not to contact branches directly.

More generally, Whiteing wrote, the actual cost to migrate a service was unclear, as was who carries the cost burden for work required to migrate services - specifically as many of the existing copper services used by the bank are below the lowest bandwidth offered by the NBN.

He also highlighted issues with inconsistencies with the disconnected address database provided by NBN Co.

Whiteing was promoted to his current role in June this year following the departure of former CIO Michael Harte in May.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

Log In

Username / Email:
  |  Forgot your password?