NATIONAL Commercial Bank (NCB) has disabled the use of its Secure Sockets Layer (SSL) 3.0 connection platform to prevent security attacks on its online banking system.

On Tuesday, the bank released an advisory informing online banking users that it has shut down the platform, after receiving a security warning that the facility could contain some vulnerability. Recently, a number of online merchants, including Facebook and PayPal disabled their systems after being informed of the vulnerability.

The vulnerability, known as Padding Oracle on Downgraded Legacy Encryption (POODLE), allows information transmitted between parties using the SSL 3.0 protocol to be exposed by an attacker. The threat can allow an attacker to gain access to sensitive data, such as passwords, cookies and other authentication tokens that can be used to impersonate a client.

Earlier this year, US$47,000 ($5.3 million) was lost to business owners utilising online banking options at the western end of Jamaica. It was reported that the perpetrators targeted companies to which a line of credit had been extended by overseas suppliers, sending e-mails which claimed that the banks were experiencing difficulties and requested that deposits be made to a new account.

“At NCB, we take all potential vulnerabilities seriously and operate to ensure that our customers are well protected,” the bank stated in its release. “There is currently no fix for the vulnerability SSL 3.0 itself, as the issue is fundamental to the protocol. However, disabling SSL 3.0 support in system/application configurations is the most viable solution currently available.”

The bank is now requesting that online customers upgrade to Transport Layer Security (TLS), a recent standard of the SSL, that provides a more secure connection. However, the upgrade may result in compatibility issues for some clients.

“The latest version of TLS is 1.2, and it is recommended that you consult with your network or security team to discuss which TLS version best fits your needs,” NCB said.