Banks Opt for Cheap EFTPOS Alternative

The upgrading of Australia's EFTPOS (Electronic Funds Transfer at Point of Sale) network to triple DES (data encryption standard) has been labelled a cheap alternative to securing online transactions because IT executives are afraid to ask for the cash required to address real threats that are set to emerge in the next five years, according to Key2IT Chief Technology Officer, Lyal Collins.

By 2005 when Australia's 400,000 EFTPOS terminals are upgraded to the new encryption standards — from a single-length key to a double-length key — Collins said the terminals will be 10 years old.

"It is a minimum of $200 million to replace these terminals, but IT professionals in the banking industry are afraid to approach the board for money on these sorts of projects so they just go for the easy option; that is they will simply do a cheaper upgrade," he said.

"The board is not going to invest hundreds of millions of dollars if it doesn't guarantee increased revenue so they will just upgrade encryption without replacing the terminals."

As a former Commonwealth Bank IT employee and communications specialist with the Department of Foreign Affairs and Trade, Collins said Australia is out of step with the rest of the world despite a mandate from MasterCard for Australian financial and retail institutions to have secure links in place as part of the network upgrade by March 31, 2003.

As reported last week, the EFTPOS network is upgrading to triple DES because the current single-length key encryption can be cracked by brute force in 14 hours. A real-time attack is likely within four years.

"Payments and business support by banks is in the 1980s mindset, so profitability and hence the economy suffer a greater burden than it otherwise would due to the higher cost of back office support and cash flow management in retailers and their supply chain," Collins said.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.
Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Sandra Rossi

Latest Videos

More videos

Blog Posts