We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

AusPost Click and Send security glitch could affect consumer trust: IDC

While Australia Post has moved to reassure customers that their financial details were not compromised due to a security glitch with its online service Click and Send, a security expert said the incident could affect consumer confidence in the merchant.

According to media reports, the glitch allowed users to see other customers' details by altering a shipping identification number that appeared in the URL of a transaction. Click and Send was designed for online postal documentation -- such as preparing items sold on auction site eBay for delivery.

Learn how smart CIOs are protecting customers from security breaches

IDC Australia senior market analyst Vern-Harn Hue told Computerworld Australia that the glitch could potentially be a "big blow" for Australia Post as it seeks to position itself as an enabler in the digital economy.

"As increasingly more Australians transact, trade and consume online, digital trust and security is paramount," he said.

"Consumers need to know that they are backed by a trusted source to handle their personal and financial information and AusPost will have to work hard in order to win over consumers trust."

Hue added that Australia Post needs to use better data encryption tools as encryption allows the merchant to mask critical and identifiable information while the data is in use and in transit.

"While I do not believe any financial or personal information is at risk, some of these details can be engineered in a spear phishing attack," he said.

Hue pointed out that customer invoices also contain a significant amount of useful information which can be mined, again, to launch targeted attacks.

In a statement, an AusPost spokesperson said the Click and Send site had been temporarily deactivated and it hoped to have the service back up and running "as soon as possible".

"Australia Post would like to reassure Click and Send customers that at no stage were their financial details compromised," an AusPost spokesperson said.

"Customers who wish to send parcels should visit their local Australia Post outlet who will assist them."

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

LED vs Halogen: Why now could be the right time to invest in LED bulbs

IDG UK Sites

Christmas' best ads: See great festive spots studios have created to promote themselves and clients

IDG UK Sites

Why Apple shouldn't be blamed for exploitation in China and Indonesia