ANZ takes down online statements

By on
ANZ takes down online statements

ANZ has disabled customers' online banking statements after an SC Magazine investigation found a significant security flaw in the service.

The bank has temporarily taken down customers' ability to download statements from the online banking service.

A spokesman for the bank said the fix, first reported by The Age, would take a "few weeks".

The ability was taken down after an SC Magazine investigation discovered statements viewed online by the bank's customers remained permanently stored in browser histories.

Because the statements are not tied to specific browser sessions and do not expire, identity thieves could potentially plunder troves of statements stored in browser histories if using public terminals.

Customers can reduce exposure to the flaw by wiping browser histories on computers after use, particularly when using shared or public computers.

SC informed the bank of the vulnerability more than a week in advance of the publication of the story to allow it time to act on the flaw.

At the time, it was understood the bank's outsourcer, Salmat, was considering fixing the issue.

Salmat designed the technology that supported the online statements but referred the matter to ANZ when asked about the flaw.

A spokesman for the bank acknowledged the issue at the time and said it was "looking at ways to further improve security".

He claimed that the issue was "not specific to ANZ". 

However, checks on the other big banks, Westpac subsidiary St George and a number of credit unions and smaller banks found they were not vulnerable to the same flaw.

This method of identity theft would be an order of magnitude more efficient than swiping statements from mail boxes.

Bank statements, when in the wrong hands, provide the account details, name, address and offer an indication of a victim's financial status.

Thieves use this information to con and steal money from individuals and institutions. SC recently detailed how scammers stole $45,000 from one man by leveraging similar information to launch social engineering attacks.

Identity theft is also used to conduct tax return and superannuation fraud.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:
anz banks crime fraud id theft salmat security

Partner Content

Secure, integrated platforms enable MSPs to focus bringing powerful solutions to customers
Secure, integrated platforms enable MSPs to focus bringing powerful solutions to customers
Build cybersecurity capability with award winning Fortinet training from Ingram Micro
Build cybersecurity capability with award winning Fortinet training from Ingram Micro
How NinjaOne Is Supporting The Channel As It Builds An Innovative Global Partner Program
How NinjaOne Is Supporting The Channel As It Builds An Innovative Global Partner Program
Tech For Good program gives purpose and strong business outcomes
Tech For Good program gives purpose and strong business outcomes
Kaseya Dattocon APAC 2024 is Back
Kaseya Dattocon APAC 2024 is Back

Sponsored Whitepapers

Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
Pulseway Essential Eight Framework
Pulseway Essential Eight Framework
7 Best Practices For Implementing Human Risk Management
7 Best Practices For Implementing Human Risk Management
2025 State of Machine Identity Security Report
2025 State of Machine Identity Security Report

Events

techpartner.news MSP index - Brisbane
techpartner.news MSP index - Brisbane
techpartner.news Channel Leader List / Golf day
techpartner.news Channel Leader List / Golf day
techpartner.news Pipeline Conference 2025
techpartner.news Pipeline Conference 2025
Integrate Expo 2025
Integrate Expo 2025
Security Exhibition & Conference 2025
Security Exhibition & Conference 2025

Most read articles

AI ambition: Nick Beaugeard looks to harness AI agents to provide tech services

AI ambition: Nick Beaugeard looks to harness AI agents to provide tech services
Vic gov to spend $100m on cyber security

Vic gov to spend $100m on cyber security
MSPs pressed to review ransomware response as new reporting rules commence

MSPs pressed to review ransomware response as new reporting rules commence
Tech Research Asia to present Australian IT M&A report

Tech Research Asia to present Australian IT M&A report

Log in

Email:
Password:
  |  Forgot your password?