Banks defend delay in notifying customers of security breach

Australian banks are today still checking the accounts of nearly 130,000 credit card holders hit by a security breach that occurred in the US late last year.

Australian customers were only officially advised of the breach by MasterCard this week even though the credit card information was stolen six months ago during a major US fraud case.

The banks involved claim they couldn't disclose details any earlier due to a Police investigation.

About 130,000 credit card holders in Australia are among the 40 million people worldwide who were exposed to a security breach at a US company that processes credit card transactions, CardSystems Solutions Inc.

MasterCard, which has been investigating the security breach since late last year, only told Australian banks a few days ago of the results of its probe and who may have been affected.

Australians potentially affected are those who made transactions either while travelling in the US, or by purchasing items from the US over the Internet since September last year.

MasterCard was alerted last year to the problem by financial institutions around the world - including Australian banks.

MasterCard said 50,000 of its Australian customers' accounts had been compromised, while 80,000 Australian Visa customers were involved. The banks are now checking those accounts for any unauthorized transactions.

MasterCard's vice president of securities and risk Tim Morris defended the length of time taken for the issue to be made public, saying MasterCard first wanted to get its detailed forensic investigation into CardSystems right.

"If you get it wrong, the results can be devastating," he said.

All four major Australian banks - National Australia Bank, the Commonwealth Bank, Westpac and the ANZ - said their security systems had detected a problem earlier in the year and were aware there was an issue.

The Australian Bankers Association said the security detections found 2000 customers who had fallen victim to fraudulent transactions linked to CardSystems and those customers had already been issued with replacement cards.

Westpac rejected suggestions it did not know about the problem until yesterday.

"Our processes worked very well," a Westpac spokesman said.

Communications Minister Helen Coonan said the security breach in the US emphasized the need for tough financial security measures in Australia. "The attack highlights the need for strong security and authentication procedures for companies involved in the processing and handling of sensitive financial and personal information," Senator Coonan told parliament yesterday.

"It reinforces the need for the Australian government and industry to remain vigilant on these security issues."

However, Senator Coonan refused to answer questions by Labor senator Ruth Webber as to when the government became aware of the security breach and why Australians weren't told about it earlier.

Senator Coonan said the government had various joint initiatives in place to protect credit card and online transactions.