In October 2014 and March 2015, we informed our Banking customers of renewed security guidelines for the server version of Banking software (Maksuliikenne) in response to a discovered security risk of eavesdropping an organization’s internal network and provided customers with the Stunnel encryption as a temporary solution. Our estimate is that the risk is of low probability, but in order to minimize the risk, we recommended that the database connection between Banking clients and the shared database server is encrypted even in an organization’s internal network. We are not aware of any cases in which the database connection of the Banking software would have been eavesdropped or otherwise misused.
Version 9.10 of Banking, released in June 2015, includes native support for encrypted database connections. Encryption protects the connection between Banking clients and the shared database, and authenticates the database server.
We recommend that customers update multiple client installations of Banking software to version 9.10, and enable encryption of the database connection according to the instructions included in the installation package. Order the update to Banking from Basware Service Desk. You can also order the update with encryption from Basware Professional Services.
In addition to Banking, the data security risk affects Basware Finance and In-House Banking software. These software are available only in Finland. We recommend the risk to be minimized for Finance and In-House Banking by installing available updates similar to Banking. The risk does not concern customers using the single user version of Banking, Banking SaaS service or other Basware services or software.