Westpac WIBS (Qvalent) Cryptography Change – May 2019

Owned by Qvalent Quickstream
Last updated: Mar 27, 2019
3 min read

Important Change Information for WIBS (Qvalent) SFTP Customers

As part of our initiative to conform to the new requirements issued by Payment Card Industry Security Standard Council, you are required to make changes to your WIBS service as listed in this notice to ensure uninterrupted services.

This change is impacting you since you are using a WIBS Lite or Standard SFTP solution linked to the following environments:

The following cryptographic settings will be disabled on our SFTP server

  • Diffie Hellman (DH) 'Group1' Key Exchange
  • Triple-DES (3DES) Encryption Cipher

In order to continue connecting to the service, your SFTP client MUST:

  • Not rely exclusively on either of the following cryptography standards:
    • Diffie Hellman (DH) 'Group1' key exchange OR
    • Triple-DES (3DES) encryption
  • Offer encryption technologies compatible with our SFTP server solution currently in place in the Test/Support environment
    If you do not take this step, your connectivity to our SFTP server will fail leading to failure in file transfer that will require manual intervention by your IT and Finance staff.

What is SFTP?

SSH File Transfer Protocol (SFTP) is a secure file transfer protocol. Connections made using SFTP use SSH to provide secure transport for your files with Westpac.

Why is Westpac Changing It's SFTP Server Cryptography Standards?

The Payment Card Industry Security Standard Council has deemed that the above cryptography standards are no longer suitable for SFTP servers and hence Westpac is changing its offered cryptography in line with these standards.

When will this change take place?

The change is scheduled for the following dates:

We encourage you to perform UAT testing in the Test/Support environment as soon as possible to ensure your SFTP client is compatible with the cryptography options available in this environment.

What must I do?

Read this detailed change advice, for further information regarding this change read Further FAQs

Identify all SFTP client instances which interact with the SFTP server and take action to prepare for this change in advance.

Ensure all SFTP client(s) do not exclusively rely on either of the following by consulting with SFTP client vendor documentation and/or technical support:

  • Diffie Hellman (DH) Group 1 Key Exchange
  • Triple-DES (3DES) Encryption Cipher

Use the WIBS (Qvalent) Test/Support Environment to perform UAT testing to confirm no compatibility issues between your SFTP client and our hardened service offering

Resolve any issues by upgrading any required SFTP clients to support the latest industry-grade cryptography standards and perform UAT testing against our Test/Support environment

Promote any and all changes to your Production environment before the Production change deadline.

Understand and be prepared to instigate your iLink BCP solution in the event of any issues post change. This includes how to manually transfer files from your finance applications into/from iLink in the event of a SFTP client connection failure.


Further Information

Further Information regarding this change can be found at Further Information Regarding Westpac WIBS (Qvalent) Cryptography Change - May 2019

Contact Us

Email wibs_support@qvalent.com or phone the Helpdesk team on 1300 726 370 between 7:00am and 7:00pm (AEST), Monday to Friday.

Disclaimer

These guidelines are general in nature and have been prepared without knowledge of the specific environment in which your systems operate. These guidelines are current at the time of writing, but may require update over time. Except where contrary to law, Westpac intends by this notice, to exclude liability for these guidelines and the information contained in them. While Westpac has made every effort to ensure these guidelines are free from error, Westpac does not warrant their accuracy, adequacy or completeness.