The Government has offered Australia's three mobile operators, and vividwireless, renewal of their existing spectrum allocated on 15 year licences in the late 90s and early 2000s at set prices, while the Government expects to rake in $3 billion.
"Unused HSM functionality must be disabled to remove all unnecessary calls that could lead to the capture of decrypted PINs, and physical and logical access to HSMs must be managed in accordance with strict controls.
"There have been no reported instances of attacks against HSMs in Australia's payments system."
Well, that's encouraging - but there have been persistent stories over the years of banks not reporting or admitting to security breaches, so perhaps we should take that last assertion with a pinch of salt.
It's also good to hear that the local rules require the disabling of unused HSM features as that was reportedly one of the ways the devices were being exploited for nefarious purposes.
According to a source on the technical side of the industry, inside knowledge is almost certainly required due to the need to understand the proprietary code used in HSMs. Getting the stolen information from the devices would also be problematic.
Furthermore, there are a variety of measures in place including background checks on employees, change logs, auditing and regular reviews.
So while you'd have to be brave to say that attacks on HSMs can't succeed under Australian condition, it seems that those devices may not be the weak point that they reportedly represent in some other countries.
David Bass
| ComOps, a leading Australian provider of business software products and services, has won a competitive tender to deploy its Salvus safety, r…
How to Make Business Discovery Work for Your Business
Business Discovery takes its cues from consumer apps. Like Google, it encourages us- ers to hunt for and explore data without worrying about or even noticing the underly- ing technology. Their entire experience is working within an intuitive interface to get real-time, self-service results with only minimal training. ...more
Try an easy-to-use set of web-enabled
tools for business-class productivity services. Office 365 provides
anywhere-access to email, important documents, contacts, and calendars
on almost any device.
LATEST HEADLINES FROM YOUR IT
