Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search

 

Banking Ombudsman: accessing unsecured public Wi-Fi risky

Banking Ombudsman: accessing unsecured public Wi-Fi risky

People who store personal information, including bank account details and documents with signatures, on their email accounts put themselves at risk if they access emails using unsecured public Wi-Fi, says Banking Ombudsman Deborah Battell.

“In a recent case, an overseas couple put a six-figure sum on term deposit with a New Zealand bank only to have it stolen from the account months later. Our investigation found the theft occurred due to an unfortunate combination of the couple’s use of public Wi-Fi and because their bank’s security practices regarding emailed instructions were not sufficiently robust.

“In this case, the couple accessed their emails via unsecured public Wi-Fi at an American airport. Unfortunately their account was hacked and the fraudster found separate emails – one that included bank account details, and another with a signed employment contract attached. This ultimately enabled the fraudster to pose as one of the customers and successfully email instructions to the bank transferring funds out of the couple’s account.

“The fraudster was able to make the email look as though it had come from the couple’s address and fooled the bank into thinking it was genuine.

However, scheme investigators found the signature copied from the employment agreement was not the same as the one held by the bank. And, after surveying other New Zealand banks on their processes for emailed instructions, also found the particular bank’s practice was out of step with the rest of the industry at the time.

Some banks simply do not accept email instructions, acknowledging the risk of email addresses being hacked. Other banks accept emailed instructions, but only after verifying the request has come from their customer by, for example, calling the customer back at a number held on file and asking a series of security questions.

“It is crucial banking best practice prevails to maintain customers’ confidence. Fortunately, our enquiries have shown this to be an unusual case, and we were pleased the bank concerned moved quickly to enhance its security procedures around emailed instructions,” Ms Battell said.

Customers need to know the risks of storing documents on email, and regularly clear out information that could be used to verify their identity. It’s also a useful reminder that security questions (including those due to the new anti-money laundering requirements) and banks’ restrictions on how they accept instructions help to protect customers from fraud.

”We found in favour of the couple in this case and the bank has now reimbursed the amount fraudulently withdrawn, paid the couple interest lost following the withdrawals, and placed their total funds back on term deposit,” Ms Battell said.

ENDS

© Scoop Media

 
 
 
 
 
Business Headlines | Sci-Tech Headlines

 

Testing And Decontamination: New Standard On Meth Residue

Standards New Zealand has today released NZS 8510:2017 Testing and decontamination of methamphetamine-contaminated properties ... More>>

ALSO:

Mince, Etc: US Food Poisoning Lawyer At Conference

As New Zealand chefs, food experts, and MPI debate what constitutes a cooked beef burger, leading US food safety litigator Bill Marler, who made his name prosecuting the burger company responsible for a major E. coli outbreak, is keynote speaker at the Food Integrity Conference. More>>

ALSO:

Petya: New Ransomware Campaign Hits Worldwide

A new ransomware campaign known as Petya is affecting computer networks using Microsoft Windows. It was first seen affecting systems in the Ukraine, but is quickly spreading across other computer networks in Europe. More>>

ALSO:

Skodafone Goneski: Sky TV, Vodafone Drop $3.44 Billion Merger Plan

Sky Network Television and Vodafone New Zealand have terminated their merger agreement which aimed to create the country's largest telecommunications and media group, and have withdrawn an appeal against the Commerce Commission's rejection of the plan. More>>

Quake Insurance: Reforms To EQC Act Announced

· Increasing the monetary cap from $100,000 (plus GST) to $150,000 (plus GST) for EQC building cover.
· Clarifying EQC land cover is for natural disaster damage that directly affects the insured residence or access to it... More>>

ALSO: