AusPost Click and Send security glitch could affect consumer trust: IDC
- 03 October, 2012 08:43
While Australia Post has moved to reassure customers that their financial details were not compromised due to a security glitch with its online service Click and Send, a security expert said the incident could affect consumer confidence in the merchant.
According to media reports, the glitch allowed users to see other customers’ details by altering a shipping identification number that appeared in the URL of a transaction. Click and Send was designed for online postal documentation -- such as preparing items sold on auction site eBay for delivery.
IDC Australia senior market analyst Vern-Harn Hue told Computerworld Australia that the glitch could potentially be a “big blow” for Australia Post as it seeks to position itself as an enabler in the digital economy.
“As increasingly more Australians transact, trade and consume online, digital trust and security is paramount,” he said.
“Consumers need to know that they are backed by a trusted source to handle their personal and financial information and AusPost will have to work hard in order to win over consumers trust.”
Hue added that Australia Post needs to use better data encryption tools as encryption allows the merchant to mask critical and identifiable information while the data is in use and in transit.
“While I do not believe any financial or personal information is at risk, some of these details can be engineered in a spear phishing attack,” he said.
Hue pointed out that customer invoices also contain a significant amount of useful information which can be mined, again, to launch targeted attacks.
In a statement, an AusPost spokesperson said the Click and Send site had been temporarily deactivated and it hoped to have the service back up and running “as soon as possible”.
“Australia Post would like to reassure Click and Send customers that at no stage were their financial details compromised,” an AusPost spokesperson said.
“Customers who wish to send parcels should visit their local Australia Post outlet who will assist them.”
Follow Hamish Barwick on Twitter: @HamishBarwick
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
Why change management doesn’t work
Larry Page wants to see your medical records
Dual-Persona Smartphones Not a BYOD Panacea
After two-year hiatus, EFF accepts bitcoin donations again
CIOs struggle to deliver timely mobile business apps: survey
Governance For All - Empowering IT and Business Content Owners
Governance for all is more than an IT initiative or a goal written in a plan document; it’s a strategy that unites IT and business content owners to achieve their SharePoint goals. At its best, governance means empowering self-governance, with tools like delegated access, effective reporting, and automated policy enforcement. This white paper explains how to create a “governance for all” strategy that will enhance SharePoint adoption and its benefits to the organization. Read now.
Accelerate Cloud and Composite Application Delivery
Are your requirements the need for faster release cycles, you have reduced budgets required to run and manage a complex test environment, and you want to decrease your third party expenses? HP Service Virtualisation, designed to enable your teams to create, develop and test against virtual services that simulate real service behaviour with no constraints, available anytime.
The SPARC Difference - Reduce Risks, Cut Costs, Power Innovation
Despite current economic factors, IT investment continues to be fueled by the need for better and more agile IT capabilities to support an enterprise’s business strategy, as well as to keep up with the rapidly changing demands of the ‘always-on’ user. However, budgets are squeezed and executives are under pressure to reduce capital expenditure and streamline administrative costs. A key strategy is to consolidate and refresh existing IT infrastructures. Download now to find out what technology can add value and enable you to change the shape of your IT budget and, to transform IT into a force for change and innovation.