It seems that the system failure was only a matter of time. The security mechanism, called Activ Card, needs to be synchronised with remote security key generators located at each customer site to retain its integrity. According to the bank, the server has been losing time gradually but failed suddenly last Tuesday for reasons that have not been made clear.
"We had slated the service for upgrade later in the year but we decided this is the time to upgrade," St.George corporate affairs manager Adam Cook told ZDNet Australia.
However, the bank's handling of the problem has left some customers feeling a little insecure.
Justin Peters, a system administrator at a Sydney fabric importer has criticised the manner in which the bank has responded to the security failure.
"After checking everything was functioning as it should, I contacted the helpline. There was a pre-recorded message advising all customers to use the same username and password in the recording," Peters said.
"My main concern is that every customer is using the same log-in and password. If this is secure then what was the reason for the Activ Card in the first place?" he questioned.
Cook insists that the bank's decision not to notify its customers of the fault collectively was logistical.
"We have many thousands of these customers so it may not be a straight forward as it seems," he explained, adding that it was more sensible to let each business's customer service representative handle the problem. "People get messages mixed up... we prefer to contact them individually."
Yet to hear from his customer service manager, Peters says the bank's helpdesk remains his main source of information and thus far he is uncomfortable with the bank's interim security measures.
Peters said the recent episode with the bank is one of a series that have left him feeling uncomfortable with e-banking.
"If a bank does not have the resources to guarantee adequate service levels who does?"
Cook laid the responsibility for the banks dilemma and lack of a back-up plan to deal with the situation at the feet of software developers.
"The company that sold us our synchronisation system doesn't seem to understand the system intricately enough to service the system," said Cook.
According to Cook the interim service is just as secure but "slightly more manual in process" than that implemented before Activ Card system failed.
"We have a system that's perfectly secure and we're maintaining a level of service that people expect."
