Superbank trips on security

An apparent security glitch in the website of New Zealand's newest bank is harmless and reflects adminstrative timing problems, the bank says.

An apparent security glitch in the website of New Zealand's newest bank is harmless and reflects adminstrative timing problems, the bank says.

February 24 marked the first day of business for Superbank, the joint venture between supermarket company Foodstuffs and Australia’s St George Bank.

The bank’s website gives four ways for customers to open an account. The fastest of these, says Superbank, is a direct application online.

Clicking on the appropriate link on opening day, however, brought up a warning notice. While the site’s security certificate had been obtained from a trusted source, said the warning from Microsoft Internet Explorer, "the name on the security certificate does not match the name of the site".

The browser gave options to proceed, turn back or view the certificate. In Superbank's case, however, clicking the third option in Microsoft's Internet Explorer elicited no response.

Netscape's browser gave a similar warning, adding "it is possible, though unlikely, that someone may be trying to intercept your communication with the site". It gave basic details of the Superbank certificate and further information after another click. According to Netscape, the certificate belongs to wigweb02 at Leviathan Ltd.

Robert X Cringely this week reports a similar problem affecting part of Computer Associates' website.

"That [warning] is an incorrect message," said a Superbank spokeswoman on the Monday morning. "We’re clearing it up right now."

When the problem persisted for another day, Computerworld made further phone and email enquiries, suggesting that internet nervousness may be losing the bank potential customers. Superbank financial services operating chief James Munro said last Wednesday morning that the problem was "a very minor glitch" that had caused some confusion with customers. "It does not affect the integrity of the product or its security, our banking system, service points, etc. It will be eliminated urgently, within hours, I hope."

By Wednesday afternoon, the security certificate problem had been remedied, and the account opening function appeared to be working under MSIE, but using Netscape the second page of the sequence was coming up with a "not found" message.

Operations manager Chris Wood later offered an explanation for the certificate glitch.

"The error message ... stems from the timing of the Reserve Bank's confirmation of our application for banking registration within New Zealand. Prior to our banking registration being completed we were unable to incorporate a company name with the word "Bank" in it, so we had incorporated Leviathan NZ Ltd."

The company in Australia which issues the secure certificates would only issue them in the incorporated company name, he says, and so the certificates were issued in the name of Leviathan.

"A week before our launch we had our application for banking registration confirmed and effected the change of company name to St George Bank New Zealand Ltd."

The company has applied for new certificates. "We are expecting the certificates today and as soon as they are recieved they will be updated. The process of having the certificates issued is quite complex and has taken longer than expected."

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Superbank

More about CA TechnologiesMicrosoftSt George Bank

Show Comments