Westpac has confirmed that the bank “detected mis-use” of the New Payments Platform’s PayID feature and “took additional preventative actions which did not include a system shutdown.” Via Computerworld.
Fairfax Media yesterday revealed details of the incident,
citing a confidential Westpac memo that said around 60,000 NPP PayID
lookups were made from seven compromised Westpac Live accounts. Around
98,000 “successfully resolved to a short name and this was displayed to
the fraudster,” the memo said, according to Fairfax.
“No customer bank account numbers were compromised as a result,” a spokesperson for the bank told Computerworld in a statement. “Westpac Group takes the protection of customer data and privacy extremely seriously.”
The NPP was launched in February 2018.
The platform enables real-time transfers between banks as well as a
number of other features including data-enriched transactions. As of
February this year, more than 75 financial institutions supported
system, with 52 million account holders able to make payments via the
NPP, according to NPP Australia, which maintains the platform.
PayID
is the platform’s addressing service. It allows payments to be directed
using an alternative identifier, such as an email address, ABN or phone
number, rather than using a BSB and account number.
“NPP Australia has firm regulations in place that require
participating financial institutions to monitor, detect and shut
down any attempts to harvest data from PayID,” an NPP Australia
spokesperson said. “NPP Australia is working closely with Westpac on
this matter.”
“No financial details or credentials are available
from the PayID database, and therefore none of these details have been
compromised,” the spokesperson said. “The only details obtained have
been the account name which was designed to be returned to a legitimate
enquiry.”
A PayID can’t be used to withdraw funds and “on its own cannot be used to create a false identity,” the spokesperson said.
“While
this incident was unacceptable, the information obtained would be
readily available in other public places,” the spokesperson said. “All
participating financial institutions are on notice and may apply
additional security controls if deemed necessary.”
“PayID was designed to provide more reassurance during the
payments process; it enables a payer to see the name associated with a
PayID to reduce the risk of a mistaken payments or scam,” the
spokesperson said.
Consistent with our thesis that the big tech players are well positioned to disrupt the finance sector, Apple has moved further into financial services with the launch of a new credit card for its iPhone users, at its event today. Users will be able this facility anywhere that Apple Pay is accepted.
The new credit card will give 2 per cent cash back rewards, which is
applied directly to the account for purchases made through Apple Pay but
only 1 per cent for purchases made using the physical card.
Goldman Sachs has partnered with Apple to produce the card, with Mastercard handling payment processing.
The initial launch in in the USA.
This via Fintech Business. Apple, at its ‘show time’ services event, announced the introduction of a new credit card that aims to have quicker applications, no fees, lower rates and better rewards.
Users will get a physical card but one which does not have any
information on it, instead all the authorisation information is stored
directly with the Apple Wallet app.
Apple announced that it planned to use machine learning and its Maps
app to label stores that you use and to track purchases across
categories.
Apple chief executive Tim Cook said that the card would be one of the biggest changes the credit card had seen in decades.
“Apple is uniquely positioned to make the most significant change in the credit card experience in 50 years,” he said.
Vice president of Apple Pay Jennifer Bailey said that the card builds
on the work of Apple Pay and uses the power of people’s mobile devices.
“Apple Card is designed to help customers lead a healthier financial
life, which starts with a better understanding of their spending so they
can make smarter choices with their money, transparency to help them
understand how much it will cost if they want to pay over time and ways
to help them pay down their balance,” she said.
Ms Bailey said that privacy was a big issue and all tracking information would be stored on users’ iPhones, not on Apple’s servers.
“Apple doesn’t know what you bought, where you bought it, and how much you paid for it,” she said.
Chairman and chief executive of Goldman Sachs David Solomon said he was thrilled to partner with Apple on this card.
“Simplicity, transparency and privacy are at the core of our consumer product development philosophy,” said Mr Solomon.
“We’re thrilled to partner with Apple on Apple Card, which helps customers take control of their financial lives.”
Mastercard president and chief executive Ajay Banga said the company was excited to bring global payments to Apple.
“We are excited to be the global payments network for Apple Card,
providing customers with fast and secure transactions around the world,”
he said.