NCBJ says its RSA SecurID tokens 'remain fully secure'

National Commercial Bank Jamaica Limited (NCBJ) says its RSA SecurID tokens are not among those which Jamaica's National Security Operations Centre recently said had been compromised.

"The reported vulnerability concerns only RSA encryption keys, which are used in some systems to secure data on websites and smart devices. These encryption keys are entirely different from the RSA SecurID tokens used by NCB customers for authentication," NCBJ said in a statement on Monday.

It added that its tokens generate random six-digit codes, operate independently of encryption keys and "remain fully secure".

"NCBJ remains committed to the highest security standards and urges customers to continue banking with confidence," it continued.

The National Security Operations Centre, in a public advisory post on X on March 19, said a recent investigation has revealed that “millions of RSA keys” have been “inadvertently exposed”.

It said among the risks involved is that a exposed keys can be used by attackers to issue fraudulent digital certificates, allowing them to impersonate trusted organisations, conduct phishing campaigns and perpetuate fraud.

“This incident threatens the very foundation of public key infrastructure, potentially enabling threats actors to forge digital identities and intercept or decrypt confidential communications,” it warned.

Follow The Gleaner on X and Instagram @JamaicaGleaner and on Facebook @GleanerJamaica. Send us a message on WhatsApp at 1-876-499-0169 or email us at onlinefeedback@gleanerjm.com or editors@gleanerjm.com.