Privacy and Online Banking

Stu Woollett

Head of E-business, Westpac 30 March 2006

What happened?

• A ‘man in the middle’ exploit • Categorised as ‘Spyware’ • No

intention

to commit fraud • Customers unaware

Privacy and Online Banking 2

How did it work?

• User installs software they believe to be useful • The software steps in between bank and user • It then records the session details • Interloper describes it as ‘researchware’

Privacy and Online Banking 3

We had to intervene

• The software hid from users and was difficult to uninstall • Customer details could have been compromised • The company had no intent to defraud • But customers not willing participants

Privacy and Online Banking 4

What did we do?

• Block sign in • Letters to all affected customers • Expire passwords • Warning into Online Banking • Instruct how to clean your PC • And more…

Privacy and Online Banking 5

What was the result?

• A strong message from the New Zealand banking industry • A positive response from customers • Three months later the company changed its method of operation • A safer online environment worldwide

Privacy and Online Banking 6