Transcript Privacy and Online Banking
Privacy and Online Banking
Stu Woollett
Head of E-business, Westpac 30 March 2006
What happened?
• A ‘man in the middle’ exploit • Categorised as ‘Spyware’ • No
intention
to commit fraud • Customers unaware
Privacy and Online Banking 2
How did it work?
• User installs software they believe to be useful • The software steps in between bank and user • It then records the session details • Interloper describes it as ‘researchware’
Privacy and Online Banking 3
We had to intervene
• The software hid from users and was difficult to uninstall • Customer details could have been compromised • The company had no intent to defraud • But customers not willing participants
Privacy and Online Banking 4
What did we do?
• Block sign in • Letters to all affected customers • Expire passwords • Warning into Online Banking • Instruct how to clean your PC • And more…
Privacy and Online Banking 5
What was the result?
• A strong message from the New Zealand banking industry • A positive response from customers • Three months later the company changed its method of operation • A safer online environment worldwide
Privacy and Online Banking 6