APRA has reminded authorised deposit-taking institutions of the threats from “phishing” and key-logger and Trojan attacks.
APRA has strongly recommended ADI’s which offer internet banking take precautions such as:
• introduce procedures to ensure that under no circumstances would a customer be
asked to reveal their PIN/password;
• implement strong authentication and control mechanisms to provide reliable
safeguards against identity theft;
• actively seek out fake websites or other scams which target their institution;
• ensure appropriate limits are in place for online transactions; and
• ensure fully documented incident response procedures are in place which are
communicated to all relevant staff members.
APRA said ADI’s should also encourage their customers to protect themselves.