Community home
Menu
  • PEXA Certified Expand

    PEXA Certified

    This program will give you an introduction to PEXA, how it works and how it can help you transform your business processes.

    Discover More
    • Getting Business Ready
    • System Set Up
    • Transacting in PEXA
  • Help Centre Expand

    Help Centre

    Here you’ll find more than 230 help articles and videos to assist you.

    Discover More
    • Help Articles
    • Help Videos/PEXA TV
    • PEXA Interactive Demos
    • FAQs
    • Ask a Question
    • PEXA Certified
  • Ask a Question
  • Share your Experience
  • Raise an Idea
  • Blogs Expand

    Read the latest in our blogs.

    Keep up to date with the latest PEXA product releases, and read up on the property blog.

    Discover more
    • Community Blog
    • The Property Blog
    • Security Updates
    • PEXA Product Releases
    • Announcements | Outages etc
    • The Bank Blog
    • Workspaces
      Community
      Register
      Log in
    Apps menu
  • Register / Login

Community Home
Register / Login

Security FAQs

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
  • Community
  • :
  • Using PEXA Day to Day
  • :
  • Frequently Asked Questions
  • :
  • Security FAQs
Security FAQs
Aoife
Moderator Aoife Moderator
Moderator
‎22-06-2018 05:38 PM
Topic Options
  • Subscribe to RSS Feed
  • Mark as New
  • Mark as Read
  • Bookmark
  • Subscribe
  • Email to a Friend
  • Printer Friendly Page
  • Report Inappropriate Content

Hi Community,

 

On Monday 18 June, at approximately 5pm, PEXA was made aware of a fraudulent situation where a practitioner’s email account was compromised.

 

In this instance, an unknown party intercepted a change-in-password email sent from the PEXA platform which in turn allowed this person to access the Subscriber’s PEXA account. As a result, the destination account details in the settlement schedule were fraudulently changed.

 

Below are some frequently asked questions we have received from our members on this matter. If you have any further questions, please don't hesitate to ask below.

 

Has the pexa system been hacked?

No, the PEXA system has not been hacked.

 

In this instance, an unknown party intercepted a change-in-password email sent from the PEXA platform which in turn allowed this person to access the Subscriber’s PEXA account. As a result, the destination account details in the settlement schedule were fraudulently changed.

what is pexa doing to make sure this doesn't happen again?

While the PEXA platform itself was not compromised, PEXA is working closely with all parties, including the relevant authorities to assist in every possible way.

 

The PEXA security team is currently undertaking detailed monitoring of all Workspace* activity, checking for similar scenarios where passwords have been re-set in close succession among other things which may be considered ‘unusual’ behaviour.

 

PEXA is also in the process of adding additional security measures. Click here to learn more.

 

Consumer Guarantee

 

PEXA will be introducing a new consumer guarantee for transactions conducted on the platform. We anticipate this guarantee will go above and beyond any guarantee available in the paper-based settlement process, and will provide greater safeguards to consumers whose conveyancer or lawyer uses PEXA. Further details will be made available shortly.

 

how can we be assured that the pexa system is secure?

To date, over 1.2 million transactions have been successfully completed on PEXA. Instances of fraud and attempts of fraud have been incredibly low, in fact much lower than the paper process.

 

The PEXA system’s security is aligned with international standards. PEXA continues to comply with with the Model Operating Requirements as set by the e-conveyancing regulator, ARNECC.

 

An independent expert review, currently conducted by Ernst & Young (EY), is completed annually to ensure alignment with these standards. PEXA has consistently complied with these standards.

 

Further to this, confidence in PEXA’s system security has been demonstrated by the Reserve Bank of Australia (RBA), Land Titles Office, State Revenue Offices and many software providers (among others) by the successful integration with these parties.

How does pexa protect its subscribers online?

PEXA protects its Subscribers in several ways. Firstly, the proper use of digital certificates mitigates the risk of fraud once the Signer has undertaken the appropriate checks and balances prior to signing to ensure accuracy of the information.

 

Digital Certificates allow the electronic signing of documents in PEXA on behalf of clients thereby eliminating the need to print and pen-sign physical documents.

 

A digital certificate is a PEXA Subscriber’s unique identity online. Anyone signing on the PEXA platform must use one for security purposes.

 

PEXA also uses encryption mechanisms and ensures all Subscribers agree to PEXA’s security policy to ensure their systems meet a certain standard of security when using the PEXA system.

 

Visit PEXA’s security webpage to learn more.

What advice does pexa have for its members to stay cyber-secure?

We urge all our members to take the necessary steps to reduce the risk of fraud. This includes, among others, verbally confirming bank account details with clients, not using free public Wi-Fi, keeping security patches up-to-date and importantly, checking payment directions immediately prior to signing.

 

Visit PEXA’s security webpage to learn more. 

 

Kind regards

Aoife

 

 

* A Workspace is a shared online area in PEXA where the participants can communicate and prepare documents for a property transaction.

Kind regards

0 Likes
  • Back to Blog
  • Newer Article
  • Older Article
4 Comments
linleyschultz
linleyschultz
‎25-06-2018 05:36 PM
3287 Views
4 Comments
  • Mark as Read
  • Mark as New
  • Bookmark
  • Highlight
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Hi Aoife

Why doesn't PEXA use multi-factor authentication for a password change? Can this be implemented?

https://www.asd.gov.au/publications/protect/Multi_Factor_Authentication.pdf

Thanks,

Linley

0 Likes
Courtenay
Courtenay
‎25-06-2018 05:40 PM
3287 Views
4 Comments
  • Mark as Read
  • Mark as New
  • Bookmark
  • Highlight
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Hi Aoife,

 

Have PEXA considered making the Community page log in to read only?

0 Likes
Aoife
Moderator Aoife Moderator
‎25-06-2018 06:00 PM
3287 Views
4 Comments
  • Mark as Read
  • Mark as New
  • Bookmark
  • Highlight
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Hi @linleyschultz,

 

Multi-factor verification is in the pipeline. See Lisa Dowie's recent post for an update.

 

@Courtenay, I'll let the Community team answer your question as I'm unaware of what's next for them.

 

Cheers

 

Aoife

0 Likes
lisadowie
lisadowie Gold Star Employee
‎25-06-2018 06:13 PM
3287 Views
4 Comments
  • Mark as Read
  • Mark as New
  • Bookmark
  • Highlight
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Hi @Courtenay,

The e-Conveyancing Community was designed to provide a space for the industry to come together to make the digital transformation easier. There are "closed" areas of the Community where you must log in to read posts but our main boards are public and there's no plan to change that at the moment.

1 Like

You must be a registered user to add a comment here. If you've already registered, please log in. If you haven't registered yet, please register and log in.

  • Post a Comment
PEXA

|

Facebook Twitter LinkedIn
  • Support
  • Privacy Policy
  • Terms of Service