Westpac, ATO replacing SecurID tokens

Following the example of ANZ Bank, Westpac Banking Group is set to replace all of its RSA SecurID tokens.
Written by Renai LeMay, Contributor and  Luke Hopewell, Contributor

Following the example of ANZ Bank, Westpac Banking Group is set to replace all of its RSA SecurID tokens.

RSA tokens

(RSA SecurID Resurrection image by
Travis Goodspeed, CC2.0)

"Although the security of customers' online banking has not been compromised, Westpac will replace tokens over the coming months to ease any customer concerns," said Harry Wendt, general manager of Online and Customer Service Centres, in a statement today, adding that the tokens are used by business and corporate customers, as well as Westpac staff.

The bank had initially said that it would not replace the tokens, but has now changed its tune.

"Our customers' trust in the security of our systems is paramount. Although we do not believe that our customers are at risk from this event, we have initiated a token replacement program to alleviate any residual concern that our customers may have," Wendt said.

Westpac told ZDNet Australia today that the replacement of the tokens would take place "over the coming months". Westpac declined to comment on the number of tokens it had in circulation.

ZDNet Australia reported that ANZ Bank would be replacing its fleet of 50,000 SecurID tokens, while the Commonwealth Bank said yesterday it would keep them pending negotiations with RSA.

Westpac, like ANZ, won't be charging customers for token replacements.

The Australian Taxation Office and, according to SC Magazine, Bankwest will be issuing replacements.

The situation remains a little more unclear with Telstra, with the telco not confirming whether it would replace its tokens. The company said in a statement that it had been working with RSA on the issue since March and was confident that the issue would not impact its customers, its data or its records, due to its multi-layered security approach.

Executive chairman of RSA, Art Coviello, told The Wall Street Journal this week that the company will replace the SecurID tokens "for virtually every customer we have", amidst the news that breached SecurID tokens were involved in the thwarted attack on US-based defence contractor, Lockheed Martin.

Editorial standards