• Home
  • Consulting
  • Contact Us
    • About this site
    • Contact Wayne
    • Media Room
    • Wayne’s Bio

SBSFAQ.COM

Supporting IT Pro's & MSP's since 2000

  • Blog
  • FAQs
  • Reviews
  • Downloads

ANZ Bank – The story behind the security flaw?

December 16, 2011 by Wayne Small 1 Comment

We’ve seen this week a lot in the news about the ANZ Bank and the security issue they’ve had with their online banking.  ANZ have now taken their online statements offline until such time as they resolve the issue.

The IT Professional that discovered the issue is a colleague of mine. We’ll call him Mr Y for now.  Here’s the side to the story that has not yet been published… and it’s certainly a real issue and a concern that it’s not yet been resolved.

  • In July this year Mr Y discovered the flaw as he himself is a user of the ANZ Banks online facilities.  Mr Y is not a security research at all, but an IT Professional focused on serving his customers business needs with IT Solutions.
  • He contacted the bank at that time and after spending considerable amount of time talking to different people, finally was able to get his message across so they understood what he was saying.
  • The ANZ Bank has one of their security team contact Mr Y and they advised him that he was indeed correct and it was an issue.  They advised that they were investigating it as a serious concern.
  • The ANZ Banks online statements are part of a facility provided by by a third party company called Salmat who also provides the same services to other banking institutions.  Mr Y contacted about the problem but never got a response from them.  One can only conclude that they didn’t think it was a problem for if they have, I’m sure they would have contacted Mr Y back.
  • Despite trying to contact the ANZ about the issue over the next few months, Mr Y got ZERO response from them. 
  • Earlier this week SC Magazine broke the story making it public knowledge after giving the ANZ at least a weeks notice that they intended to release this to the public.
  • ANZ Bank have chosen not to do anything until AFTER the story was published.  Seriously – ANZ, you’ve got to be kidding that you decide to STILL not do anything UNTIL the press come out with it?
  • Despite all of this, the ANZ Bank still has not contacted Mr Y even after it’s gone to press. 

So I have to wonder, if the ANZ Bank have known about this security flaw for many months now, then why the heck did it take pressure from the press for them to do anything about it?  Why also have they now inconvenienced all of their online customers by removing access to the online statements when they could have resolved this earlier without the negative press that has ensued?

What about other banks that are using the same system – they themselves are vulnerable and yet we’ve not seen anything to suggest that they have taken action to resolve the issue. 

As an IT Professional, I have to wonder what their security response policy must look like.  For them to have failed to acknowledge the issue initially, and then once the press alerted them to it, further fail to acknowledge they knew about it is just not acceptable.

As an ANZ customer, I’ve got to consider also the security of the information that they have on me.  How do I know it’s still secure with such lax policies as they have in place to allow this to go on?

Share this:

  • Click to share on Facebook (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to print (Opens in new window)

Filed Under: Blog Tagged With: Security

About The Author

Wayne has been working with Microsoft Server products in the SMB market for over 20 years. He has a passion for technology and been a Microsoft MVP for over 15 years. Read More…

Comments

  1. Steve Howard says

    December 16, 2011 at 6:11 pm

    Wayne, try thinking of yourself not as an ANZ customer but as an ANZ product consumer.
    ANZ’s customers are their shareholders. They love their customers and will do many nice things for them (dividends) but think very little about the consumers of their product. A bit like Telstra.
    Remember we are not customers any more, just consumers of product.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Search

Connect Online With Us

  • Facebook
  • Twitter

Reviews

Splashtop – Cost Effective Remote Control Software

September 22, 2017 By Wayne Small 2 Comments

Western Digital DL4100 NAS

March 3, 2015 By Wayne Small Leave a Comment

SBS 2011 Configuring Certification Guide (70-169)

August 7, 2012 By Wayne Small 4 Comments

Site News

Exchange Bug Stops Mail Delivery in 2022

January 2, 2022

Huge bug found in Intel CPU that could permit hackers to steal your data

January 4, 2018

Recent Posts

  • MS Exchange Zero Day and RemotePowerShell Disabling on Admin accounts
  • Setup changes for Exchange 2016 and Exchange 2019
  • Bluetooth Mouse and Keyboard Randomly Stop Responding
  • Exchange Bug Stops Mail Delivery in 2022
  • How to open and search extremely large text log files

Tags

Antivirus Backup Business Focus Cloud Computing Community Conferences Disaster Recovery Exchange 2010 Exchange Server Future Products Hyper-V Installation Microsoft Migration Patches Personal Rants SBS 4.5 SBS 2000 SBS 2000 SP1 SBS 2003 SBS 2003 Premium SBS 2003 R2 SBS 2003 R2 Premium SBS 2003 R2 Standard SBS 2003 SP1 Premium SBS 2003 SP1 Standard SBS 2003 Standard SBS 2008 SBS 2008 R2 SBS 2011 SBS 2011 Essentials SBS 2011 Standard Security Service Packs ShadowProtect SMB Community Software Software I use StorageCraft Training TrendMicro Troubleshooting Virtualisation Windows Server 2012 Essentials

Terms of Use

Privacy Policy

Copyright © 2023 · Magazine Pro Theme on Genesis Framework · WordPress · Log in