Security with CommSec - Aussie Stock Forums

Results 1 to 8 of 8
  1. #1

    Default Security with CommSec

    How secure are transactions with CommSec?

    The Login Page is secure:
    https://www.comsec... and it shows the padlock in the status bar.

    After Login it changes to:
    http://www.comsec... and the padlock is gone.

    Does this mean that all buy/sell transaction are traveling around unencrypted from my browser to CommSec from then on?

    Not very secure from a computer cafe or a public open WiFi Hotspot.
    Is this o.k? Are other online brokers similar?

    With ANZ and AMP online banking the whole session from login to log off is encrypted - https:// and the padlock is in the status bar.


  2. #2
    The Contrarian Averager So_Cynical's Avatar
    Join Date
    Aug 2007
    Sydney - Muntinlupa

    Default Re: Security with CommSec

    Are u using Firefox or Explorer?

    Do u have a firewall other than the MS one?
    Statistics: 172 Closed Trades since July 07, Trades: Winners 135 - Losers 37, Expectancy/$1 Risked: $0.78

  3. #3

    Default Re: Security with CommSec

    I noticed the same thing, only the login page appeared to be secure.

    After a bit more investigation, I realised they are using a series of frames for each page and that the inner frames where buying/selling/viewing portfolio/cash management/etc were all secure (using EV).

    I contacted them about this quite a while ago, sent screenshots, but they didn't seem too interested in improving things.

    So in short, nothing to worry about

  4. #4

    Default Re: Security with CommSec

    If you were to open the buy/sell page at commsec into a new window (with firefox, (somewhere in the buy form itself) just right click to get to the popup menu, click This Frame, and then click Open in New Window) and you will see that it uses https.

    Don't think that you have much to worry about?!?


  5. #5

    Default Re: Security with CommSec

    Thank you for your replies.

    Right clicking the order form and checking "This Frame/View Page Info":


    Refering URL: [url]http://prices.comsec.com.au/

    Changing the Password Page is also https://

    So you are right nothing to worry about only confusing.
    Everything I've ever read about secure online transactions is to watch for the Padlock on the status bar and the https:// . The Banks and online shops I deal with seem to be able to do it. With Comsec Securities you have to click around the page to find out that it secure.

    Thanks again


  6. #6

    Default Online share trader CommSec vulnerable to hackers

    Online share trader CommSec vulnerable to hackers
    By Nick Higginbottom and Stephen McMahon
    Herald Sun
    April 28, 2009 12:01am

    CommSec online trader vulnerable to hackers
    Customers urged to change passwords
    Hackers could trade but not withdraw money

    SECURITY at the nation's biggest online trader has been exposed as wide open to attack by computer hackers.

    Security flaws at CommSec potentially endangered accounts containing billions of dollars of mum-and-dad investors' money.

    After a Herald Sun investigation, CommSec's 1.7 million customers have been strongly urged to change their passwords.

    Had any hackers entered the system they would have been able to access the personal details of CommSec's customer accounts and trade in other people's share portfolios.

    This would potentially have allowed them to manipulate the share market to their advantage.

    But hackers would not have been able to withdraw money.

    The glitch was discovered by a Melbourne computer programmer, who said even a teenage computer buff with basic cyber skills could break into customers' accounts.

    "John" stumbled upon and highlighted the weak link in CommSec's online accounts when he became a customer.

    Westpac online uses Letters and Numbers- but only takes a 5-digit code. Not what I'd call secure !

    (Read More)

    SA_Penguin of Adelaide He said the online accounts used only a basic numeric password, rather than the secure and more common combination of alphabet and numeric characters.

    John said he was amazed the nation's biggest online trader was so vulnerable to cyber attacks and had called CommSec to notify them.

    After he made two attempts to explain the dire situation, the Sydney-based company dismissed his calls.

    John then contacted the Herald Sun in an attempt to have the issue addressed and online security upgraded.

    "They should follow up on anything related to a security complaint from anyone - customer or not - they should aggressively pursue that and management should be notified. It's obvious this (story) is the first management knew about any complaint."

    After a month-long investigation by the Herald Sun, in which two independent computer programmers have confirmed the alarming security flaw, CommSec has been forced to upgrade its online security.

    The Herald Sun withheld publication until the breach had been fixed.

    Commonwealth Bank's executive general manager of business and private banking Matt Comyn said the nation's biggest online trader took every credible threat it was notified of seriously.

    CommSec notified other banks and financial institutions of the potential threat.

    "When CommSec became aware of the threat you reported, it implemented a range of measures to further protect and strengthen its clients," he told the Herald Sun yesterday.

    He said CommSec would reinstate clients to their original position at no cost to them should they be the victim of fraud or crime.

  7. #7

    Default Re: Security with CommSec

    so thats why they've been putting up all those new ads about increased security...

  8. #8

    Default Re: Security with CommSec

    Apparently they've also placed a maximum on the number of failed logins to 3 now... which is incredibly annoying for my mum who keeps making mistakes when trying to log in has had to call up for a password reset 3 times in the last week!! they shouldve put a time delay after a number of set attempts rather than having to call up every time!

Similar Threads

  1. Commsec vs. Macquarie Prime
    By somebodyhere in forum Brokers
    Replies: 4
    Last Post: 2nd-July-2012, 10:52 AM
  2. CommSec Bank Accounts
    By lcl999 in forum Brokers
    Replies: 21
    Last Post: 4th-August-2008, 10:05 PM
  3. IRAN will BE Referred to The UN Security Council!!
    By Epsilon in forum General Chat
    Replies: 44
    Last Post: 1st-August-2008, 02:51 PM
  4. Etrade or Commsec?
    By halfwheel in forum Brokers
    Replies: 9
    Last Post: 27th-November-2007, 11:32 PM
  5. Commsec & Etrade - Trading tools
    By motion in forum Brokers
    Replies: 7
    Last Post: 15th-April-2007, 06:48 PM


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
Aussie Stock Forums