We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

AusPost Click and Send security glitch could affect consumer trust: IDC

While Australia Post has moved to reassure customers that their financial details were not compromised due to a security glitch with its online service Click and Send, a security expert said the incident could affect consumer confidence in the merchant.

According to media reports, the glitch allowed users to see other customers' details by altering a shipping identification number that appeared in the URL of a transaction. Click and Send was designed for online postal documentation -- such as preparing items sold on auction site eBay for delivery.

Learn how smart CIOs are protecting customers from security breaches

IDC Australia senior market analyst Vern-Harn Hue told Computerworld Australia that the glitch could potentially be a "big blow" for Australia Post as it seeks to position itself as an enabler in the digital economy.

"As increasingly more Australians transact, trade and consume online, digital trust and security is paramount," he said.

"Consumers need to know that they are backed by a trusted source to handle their personal and financial information and AusPost will have to work hard in order to win over consumers trust."

Hue added that Australia Post needs to use better data encryption tools as encryption allows the merchant to mask critical and identifiable information while the data is in use and in transit.

"While I do not believe any financial or personal information is at risk, some of these details can be engineered in a spear phishing attack," he said.

Hue pointed out that customer invoices also contain a significant amount of useful information which can be mined, again, to launch targeted attacks.

In a statement, an AusPost spokesperson said the Click and Send site had been temporarily deactivated and it hoped to have the service back up and running "as soon as possible".

"Australia Post would like to reassure Click and Send customers that at no stage were their financial details compromised," an AusPost spokesperson said.

"Customers who wish to send parcels should visit their local Australia Post outlet who will assist them."

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia

IDG UK Sites

Android M Developer Preview announced at Google I/O: Android M UK release date and new features. Wh?......

IDG UK Sites

Why I think the Apple Watch sucks and you'd be mad to buy it

IDG UK Sites

Ben & Holly's Game of Thrones titles spoof is delightfully silly

IDG UK Sites

Mac OS X 10.11 release date rumours: all the new features expected in Yosemite successor