Card Security Breaches Storm Australian Banks

Jay Decenella, IT audit expert
May 28, 2011 /

SYDNEY, Australia – Major banks have been in red alert after discovering a potential card security breach following a compromise that struck an external merchant.

Commonwealth Bank and Westpac-owned St George Bank began sending alerts to customers notifying them that their transactional cards would be cancelled as part of precautionary measures.

The banks have also reissued more than 10,000 cards to customers who experienced a malfunction in their credit cards.

Last month, IBRS analyst Jorn Bettin said Australia’s banking industry could suffer chronic failures in its IT systems for up to 15 years amid upgrades to move to newer platforms. He attributed the disruptions to the “complexity of the systems that these banks are running.”

Although initial reports pointed to an external incident of data breach, the Commonwealth Bank said in a statement that it has moved to stem further compromise that may threaten its customers.

The bank promptly contacted around 8,000 customers through SMS alert, emails and letters informing them of the situation and warning them that the data breach may have already affected their transactional cards.

The Commonwealth Bank said it became aware of the potential credit card security compromise after an undisclosed Australian merchant acquired by another bank reported a potential data breach.

The bank reissued credit cards while monitoring all credit card transactions of its customers to fend off fraud that may subsequently arise.

Meanwhile, Westpac, which has been aware of the data breach for more than two days now, said it had also contacted its customers for heads up. National Australia Bank (NAB) had also posted the same advisory.

Unlike the other banks, Westpac and NAB added that only a “small” number of customers had their cards possibly exposed to third parties.

In monitoring transactional cards that are considered at risk, NAB will use its real-time fraud detection technology instead of cancelling these cards which would cause inconvenience to customers, the bank said.

ANZ, on the other hand, will closely monitor the accounts of its customers using the Falcon fraud detection software, though it said it has not notified its customers about the incident.

Banking industry personnel believed the external merchant who experienced the card security breach was one of St George Bank’s clients.

Poor card security has become rampant in almost all major banks in the world. Earlier this week, consumer watchdog Which? released a report showing that UK banks have been violating data privacy laws amid increasing rates of confidential financial details being exposed to third parties.

Which? said the Information Commissioner’s Office (ICO), the agency tasked to ensure data protection, has been soft in its treatment with violators.

In just a year, the ICO received more than 1,000 complaints against banks and building societies involved in different cases of data breaches, but did little to take these banks to task.

Which? ranked Barclays that raked 116 complaints as the worst violator, followed by Lloyds Banking Group with 114 complaints.

Still earlier this month, the Chicago-area stores of home decoration retailer Michaels Stores Inc. admitted to a compromise with their card security measures as some PIN pads in selected stores all over USA have been tampered with.

 

Share your opinion