Skip to navigation Skip to content

Business Hub 101-19103125

This document outlines what to do when a person is using or attempts to log in with another user’s credentials to access services within Business Hub. This is a breach of PRODA Terms and Conditions.

Compromised PRODA credentials

Step	Action
1	User contacts needing assistance with a PRODA Registration Authority (RA) + Read more ... Staff must not share PRODA account details or make any updates until after completing the security check and confirming the person contacting is the rightful account holder. If staff suspect the person is not using their own credentials to log in to Business Hub or PRODA account, determine if: they are known to the original PRODA account holder, that is, a business is sharing their credentials between staff, or the credentials have been compromised or stolen If the person contacting is: attempting to log in with a stolen or compromised PRODA RA, go to Step 2 using a PRODA RA of another employee (that is, a business is sharing their credentials between staff), go to Step 3 asking to reactivate their account, go to Step 7
2	Business Hub personnel logging in to PRODA with another user’s RA and password + Read more ... If staff believe the person is attempting to log in with a stolen or compromised PRODA RA discuss with the person making contact if they: are known to the business or the original RA owner can provide key business details such as: CRN ABN other staff members names what Business Hub service the business is registered to use Can the person supply any of the above apply? Yes, the PRODA RA has been shared with someone else who is from the business, go to Step 3 No, the PRODA account must be suspended by the PRODA team: Escalate using the PRODA RA compromised email template on Resources Tell the person making contact their access will be suspended Procedure ends here
3	Suspected sharing of a PRODA RA + Read more ... If the person contacting has quoted the PRODA RA for another user to access Business Hub, the first step is to provide education and support to the user. Contact is received via: phone call, go to Step 4 email, go to Step 5
4	Contact received via phone call + Read more ... Tell the caller, to gain access to their services they must: register for PRODA as an individual contact their Access Manager or Authorised Officer for access in Business Hub See Resources for links to the Services Australia website on how to register and use Business Hub to access services. Is the original PRODA RA owner from the business is available to speak to? Yes, attempt to resolve the issue by reminding them of the requirements for using and managing passwords. Keep the following confidential and secure: Individual PRODA RA number Secret questions and answers Password Procedure ends here No, the original PRODA RA owner is not available to speak to, go to Step 6
5	Contact is received via email + Read more ... Reply to the sender. Tell them: to register for PRODA themselves to gain access to their services in Business Hub their Access Manager or Authorised Officer can manage access for them they can search ‘How to register for an individual PRODA account’ on the Services Australia website for more information See Resources for links to the Services Australia website on how to register and use Business Hub to access services. As this is a breach of the PRODA Terms and Conditions, the PRODA account must be suspended by the PRODA team: Use the PRODA user is suspected of sharing their PRODA RA email template on Resources to escalate Procedure ends here
6	Unable to speak with original PRODA RA owner at first point of contact + Read more ... Use the PRODA user is suspected of sharing their PRODA RA email template on Resources to escalate. Procedure ends here.
7	Confirm Proof of Identity (POI) + Read more ... When the owner of a suspended PRODA RA calls to request their account be reactivated, they must first satisfy the POI check and verify their association with the organisation. Confirm POI using information available in: Process Direct Business Hub Access Management PRODA staff search Organisation contact summary (OSCS) screen in Customer First The user must provide their: full name role within the business the Australian Business Number (ABN) work phone number, address, and email address PRODA Registration Authority (RA) number Has the user satisfied the POI check? Yes, go to Step 8 No, the issue could not be resolved or it is clear there is ongoing evidence of misuse or suspicious behaviour: escalate the matter to PRODA Operational Support. See the Examples of escalating PRODA incidents table in Escalating Provider Digital Access (PRODA) incidents, complaints and feedback
8	Reactivate PRODA account + Read more ... When POI is established: remind the user of the requirements for using and managing passwords. That is, keep the following confidential and secure: Individual PRODA RA number Secret questions and answers Password Use the PRODA user is requesting reactivation of their suspended PRODA RA email template on Resources to escalate to for reactivation