QUESTION: Security of online payments on government websites
May 10th, 2018
On the 10th of May 2018, Mark asked the Treasurer a question about the security of government online payment websites.
The Hon. M.C. PARNELL: Recently, I received a query from a constituent who was concerned about the security of online payment gateways to state government agencies. In particular, we believe there is an issue with SA Pathology, although it may be that there are other government agencies or departments that face similar issues. The issue is that when you go to pay an invoice you see that the payment page, which is part of the sa.gov.au domain, is not secure, that is, it is a non-SSL website. I am sure the Treasurer knows that SSL stands for 'secure sockets layer' and that it is the standard security technology for establishing an encrypted link between a web server and a browser. The thing that we look for on web pages is the prefix 'https' rather than just 'http'.
The most significant risk of collecting payments through a non-secure website is that malicious third parties can potentially intercept and steal login information, passwords, credit card details and the like which are transmitted without encryption. My questions are:
1. How many government departments or agencies provide non-secure websites for the payment of invoices, accounts, fines or other payments?
2. What is the government doing to ensure that all online payments to government agencies are secure?
The Hon. R.I. LUCAS (Treasurer) : That sounds like a very sensible and reasonable question from the honourable member. I will certainly take advice and bring back a reply as soon as I can.
printer friendly version