Last week, we informed our members of an incident whereby an unknown party gained unauthorised entry to a practitioner's compromised email account, accessed a change-in-password email sent from the PEXA platform and used it to gain access to the practitioner's account, creating a new user.
As an extra measure of assurance for your practice, you can check your PEXA account to ensure all users are authorised by following these steps:
Login to PEXA as normal
Select the Administrator Tools tab (the fifth tab on the grey ribbon)
Select Manage Users. You can organise them in alphabetical order by clicking the column header you would like to sort by
Look for any unusual or incorrect email addresses, additional users or change of permissions. You can view a user’s permissions by either:
Clicking on the user in the list and looking at the box called User Permissions
Clicking the action wheel, selecting Edit, and scrolling to the bottom to view the permissions
If you suspect there has been changes or new users have been added without your consent, please delete the suspicious user account and contact PEXA at firstname.lastname@example.org
Current activities underway to bolster the security of the network
As custodians of the network, it’s our responsibility to ensure all our members have confidence in the broader network. This means leaving no stone unturned in the management of security measures, and there are plans in place to deploy new features in the immediate future including:
Increased monitoring of PEXA Workspaces: PEXA has been monitoring all Workspaces to identify any unusual activity surrounding password resets, new user creations and changes to BSB and account numbers. PEXA has been actively contacting practitioners to confirm any such activity is legitimate. No new instances of this fraud have been found and these continue to be isolated incidents.
Creation of new users within existing accounts: As of this week, PEXA will only allow new users to be created to existing Subscriber accounts in an ‘inactive’ status, and PEXA will be required to activate them after verifying their authenticity.
Workspace time stamps: As of this week, PEXA will add a feature to the system which highlights the date, time and specific user that last updated the settlement schedule. This will provide an additional method to validate the details prior to signing and will be displayed on the signing screen.
Multi-factor verification: Over the next few weeks, PEXA will introduce additional two-factor authentication. All Subscribers will be required to confirm their identity through this additional verification layer when logging into PEXA.
Keeping the network safe, together
We encourage members to continue practising security measures such as verbally confirming bank account details with clients, not using public Wi-Fi for business, keeping security patches up-to-date and importantly, checking payment directions immediately prior to signing.
Thank you for your understanding. If you have any concerns, and need to speak to us, please contact the PEXA Support Centre on 1300 084 515, available 8.30am – 8.00pm AEST Monday to Friday.