NZ Post thinks open-terminal security
New Zealand Post issues RFP for potential suppliers to measure secure access to brand terminals
By Stephen Bell, Wellington | Tuesday, 23 October, 2012
With coincidental but uncanny timing, New Zealand Post has issued a Request for Information for potential suppliers of measures to secure access to branch terminals in the more open counter environment to which NZ Post and Kiwibank branches are moving.
The document is dated October 4, so its creation clearly came well ahead of the recent demonstration by freelance journalist Keith Ng that terminals in the open environment of Ministry of Social Development offices were insecure and could be used to access sensitive information.
As part of a major exercise called the Retail Transformation Programme (RTP), government-owned NZ Post is replacing some of its “closed” counters – shut off from public access by a physical barrier – with “open” counters where both staff members and customers can see and potentially operate the terminal.
Some open terminals will be in public areas, others in rooms designed for one-on-one meetings between a staffer and customer.
The precautions – which may include electronic and physical measures — should prevent anyone from obtaining unauthorised access to information. At the same time, they should be unobtrusive, Post says.
The measures should “provide a method of securing terminals that is not reliant on a direct manual instruction from the user; provide a quick and easy way for staff to access (log into/unlock) a terminal [and] provide a solution that is practical and discreet in a professional retail banking environment. If there are physical elements to a solution, they must be discreet and practical for placing on a counter or attaching to a uniform,” says the RFI.
A staffer who moves away from the screen briefly, for example to retrieve a dropped pen, should be able quickly to secure the terminal and resume work without undue delay once the interruption is over, says the RFI.
Point-of-sale terminals on Post and Kiwibank counters work with an Oracle-based environment known as PostLink, while Kiwibank terminals in back offices and banking rooms run through Citrix and .NET.