No. 1 Story

ACCC clears Optus to scrap HFC network and use NBN instead

The ACCC has cleared, provisionally, the proposed deal between Optus and NBN Co under which Optus is to be paid around $800m to shut down its HFC network and transfer customers onto the NBN. read more

Related Articles

PINs, strongly, protected, Aussie, ATM, network
Cisco network management extended to VMware virtualised servers
Cisco and VMware have teamed up to embed Cisco networking software into VMware's server...
Read More
Freshtel gears up for VoIP resale with new network
VoIP service provider, Freshtel, has unveiled its new VoIP network, dubbed V2 Voicedot, claimed...
Read More
NTT DoCoMo achieves 5Gps over '4G' network
Japanese mobile operator, NTT DoCoMo, claims to have demonstrated communication at 5Gbps, to a...
Read More
US gong for Aussie bluetooth developer
BlueAnt Wireless has been recognised by the US Consumer Electronics Association (CEA) in its...
Read More
Apple releases Mac OS X 10.4.8, with a little Aussie help
Apple has released an upgrade to its operating system containing fixes for numerous functional...
Read More

More From

Popular Threads

PINs 'strongly protected' by Aussie ATM network

Stephen Withers
Tuesday, 21 April 2009 07:20

Business IT - Technology

View Comments
Page 1 of 2
Despite concerns emanating from the US about the security of ATM/EFTPOS networks, the relevant industry body claims best practices are applied in Australia. There have been no reports of such attacks in Australia, said a spokesperson.
Last week we looked at the allegation that criminal elements had found ways of getting inside the ATM network to steal account details and associated PINs.

One method is to trick a hardware security module (HSM) into revealing the encryption key used to protect data in transit.

HSMs are used around the world, so we wanted to find out whether customers of Australian banks and other financial institutions are at risk from this type of attack.

Here's what Chris Hamilton, CEO of the Australian Payments Clearing Association (APCA; the body that manages and co-ordinates the EFTPOS and ATM system) had to say:

"HSMs are secure cryptographic devices that are used worldwide, including in Australia, to protect cardholders' PINs.

"APCA sets additional rules around the evaluation, configuration and management of these devices which are critical in protecting Australia's ATM and EFTPOS system against PIN-based attacks.  

"APCA's best practice arrangements for device evaluations provide strong protection for PINs.

"Both the physical and logical security of HSMs must undergo evaluation by APCA accredited test laboratories against international security standards.

"Only HSMs that have been approved by APCA can be deployed for use in Australia. 

"APCA's rules also set out stringent operational security standards for participating in Australia's ATM and EFTPOS system and regular audits are performed to ensure participants comply.

"The rules for managing HSMs include specific requirements to protect against unauthorised software updates and to further protect PINs.

"For example, decrypted PINs are only available inside a highly secure tamper-responsive module within the HSM for the minimal time required to process the transaction and are then actively deleted from memory.

CONTINUED


Start 1 2 Next 

Our Services for Technology Professionals

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases