This followed confirmation by US based SecurID provider RSA earlier this week that it would reissue 40 million SecurID key fobs globally following a “very sophisticated” cyber attack in March.
However, Westpac whose business customers are one of the major users of the key fobs went on to deny it would issue replacements telling ChannelNews “we do have employees who use the tokens but their online account security was not compromised,” a spokesperson said.
It also insisted cyber attack compromsied vulnerabilities in certain types of systems only, which didn’t include the bank.
This was in spite of RSA, owned by EMC, moving to recall key fobs held worldwide, an estimated 40 million, following the discovery last week of an “attempted broader attack” on Lockheed Martin, a major U.S. government defence contractor.
The SecurID key fobs or tokens are used by several high profile US departments including Defence as well as in the Australian government including Defence, Prime Minister and Cabinet, Treasury, Tax Office as well as banks to protect e-mails, networks.
Fobs usually come as a USB assigned to a computer user that generates an authentication code at fixed intervals of between 30 – 60 seconds.
However, the bank still denies the security of customers’ online banking was compromised, despite admitting a recall, saying it was replacing tokens “to ease customer concerns.”
“The Westpac Group confirmed today that it was initiating a token replacement program, as a result of the recent RSA security issue,” it said in a statement yesterday.
“Our customers’ trust in the security of our systems is paramount. Although we do not believe that our customers are at risk from this event, we have initiated a token replacement program to alleviate any residual concern that our customers may have,” Harry Wendt, General Manager Online and Customer Service Centres.
There will be no expense for Westpac customers for any token replacements as part of this program.”
|“The Bank takes online security very seriously and protects customers through a multi-layered security approach, including strong authentication measures as well as fraud detection and analytics managed by a dedicated team of security and fraud experts,” he added.
Westpac confirmed St. George and BankSA customers do not use RSA Secure ID tokens and as such are unaffected.
Rival bank ANZ have also followed Westpac, confirming it will re-issue 50,000 new RSA tokens to all “corporate and institutional clients” as well as staff who using the tokens, 4000 of which were held internally.
“In Australia it’s predominantly ANZ’s corporate and institutional clients who use tokens as just one component of our multi-layered security measures,” a spokesperson confirmed.