Australian banks are warning their customers following a new data breach from PayID, a company which helps consumers use mobile or online banking without the need of account details.
The breach was reportedly made aware to payments platform NPP Australia on Friday, according to a report from IT News. NPP (New Payments Platform) is the result of a collaboration in the industry to offer new real-time payments.
The incident resulted in an undisclosed amount of PayID records and associated data in the Addressing Services were left exposed through a vulnerability in one of the financial institutions sponsored into the NPP through Cuscal, it said. Cuscal is a provider of payments solutions including NPP.
Cuscal has reportedly fixed the issue, but data including PayID names and account numbers were leaked. However, this information can not be used to withdraw funds from a customer’s account.
Financial institutions whose customer details have been affected have been informed and given steps to take to rectify the incident.
Commonwealth Bank was one of the banks reportedly involved. It has informed a number of customers with PayID details on the attack.
PayID is a payments platform which lets users’ complete payments by registering an ID and linking it to a bank account. This lets users receive payments without needing to share a BAB or account number.
Copyright © 2018 RegTech Analyst
