Galexia
             home
       about us
        services
        projects
       research
          contact
» home » research » assets » eft review  

Subscribe to Galexia news and announcements.
More information »

Galexia's specialist management consulting services: Galexia has expert consultants in privacy, authentication, electronic commerce and new technology. We leverage our legal, business and technical knowledge to deliver successful business strategies to a diverse range of clients. Find out more »

[Data protection regulations and international data flows: Implications for trade and development (April 2016)]

Data protection regulations and international data flows: Implications for trade and development (2016)
Find out more »

Submission - Joint submission to the 2007 Review of the Electronic Funds Transfer (EFT) Code of Conduct to ASIC (May 2007)

[« previous] [next »] [up] [title page] [full contents]

Q31 – To what extent has the restriction on using a user’s name or birth date under cl 5.6(d), been relied on?

It does not appear that any data is available on the self selection of name or birth date as user codes. Prior to the last review of the EFT Code there were some incidents where financial institutions used birth dates as the default telephone access code. This practice no longer occurs.

Some anecdotal evidence is available on current practices:

  • Self selection screens for changing access codes tend to carry suitable warning messages about the selection of weak access codes.
  • A limited number of self selection processes will automatically reject weak access codes (eg sequential numbers), but these are not (yet) designed to reject name or date of birth.
  • Clause 5.6 (d) has not been relied on in practice to the extent that it has come to the attention of consumer stakeholders.
  • Criminal activity based on ‘guessing’ common passwords is likely to represent a smaller proportion of criminal activity now that most attacks rely on social engineering or deception to entice the consumer to reveal their password.

Overall, the usefulness of Clause 5.6 (d) is questionable. It never had the support of consumer stakeholders and this Clause is a candidate for removal in the interests of simplifying and shortening the Code.

[« previous] [next »] [up] [title page] [full contents]

[view all] [download PDF version]

[up to research]

 

Search for:

HERE

PrintVersionprint this page

Sitemapsitemap

Subcribe to RSS newsrss news feed

Manage email subscriptionsmanage email subscriptions

Latest News

September 2019
Register of Public Galexia PIAs. Read more »

September 2019
Updates to Galexia Website. Read more »

September 2019
PM&C / Office of the National Data Commissioner (ONDC) releases Discussion Paper and accepts recommendations from Galexia’s PIA on the proposed Data Sharing and Release legislative framework. Read more »

August 2019
Galexia providing privacy advice and an independent public Privacy Impact Assessment (PIA) on 2021 Census for ABS. Read more »

June 2019
Galexia completes privacy advice and an independent Privacy Impact Assessment (PIA) on the Naval Shipbuilding College Workforce Register. Read more »

view all news items »

[Home] [Sitemap] [Print this page] [Privacy statement]

© Galexia Pty Ltd
Telephone: +61 (02) 9660 1111
Email: [email protected]