Yes that’s a good suggestion. However Most banks in NZ use SMS for various authentication.

alasta:

 

I would prefer the industry standard rolling code system that you can use to log into things like Google. 

 

Some banks will provide a proper two-factor key if you request one but it costs $25 or so. I've had RSA SecurID (6 digit TOTP) fobs from both TSB and ASB.

Beware that TSB don't use it properly (security theatre) and it doesn't help security with them (they don't use the fob during login, and you can choose whether to use the fob timecode or SMS when doing a transaction).

Business accounts often have better security options - so business banks can sometimes allow customers to use other security measures.

alasta:

 

Whilst app based 2FA is much better than SMS, it's still not ideal because it's dependant on you having access to a specific device (i.e. your iPhone). This becomes a problem if, for example, the device is damaged or the battery is flat. I would prefer the industry standard rolling code system that you can use to log into things like Google. 

 

Apps can be installed on multiple devices, for ASB it seems it is limited to 3 however which has not been an issue for me for a while.

I can see it from their perspective that the app allows them to know when you are getting the code and where it is being delivered to. It does mean that you need connectivity on the device as well.

Had ANZ call me recently and ask me point blank for my name and DOB, then wanted to do voice verification also. They're the ones calling me - why am I verifying myself to them? They could be anybody.

I recently emailed our power supplier regarding an issue with their app.

A few days later a lady rang me saying she was following up my email and wanted me to verify my details.

She was quite taken aback when I asked her what my issue was so that I could verify who she was before I gave my personal details. She knew what my issue was, so I answered her verification questions, and we went from there. 

My issue was resolved and life carries on.

boosacnoodle:

 

Had ANZ call me recently and ask me point blank for my name and DOB, then wanted to do voice verification also. They're the ones calling me - why am I verifying myself to them? They could be anybody.

 

If you are in doubt; ask for a reference number or name, and then ring back on the contact number off the website, quoting the previously supplied details.

jamesrt:

 

If you are in doubt; ask for a reference number or name, and then ring back on the contact number off the website, quoting the previously supplied details.

 

Completely failed when I tried this with Westpac. They have multiple departments and there are no extensions and no way to call into an individual. I was told to go into branch and they would verify me there but that doesn't work.

You can no longer call into a person at most large businesses.

robocat:

 

jamesrt:

 

If you are in doubt; ask for a reference number or name, and then ring back on the contact number off the website, quoting the previously supplied details.

 

 

Completely failed when I tried this with Westpac. They have multiple departments and there are no extensions and no way to call into an individual. I was told to go into branch and they would verify me there but that doesn't work.

 

You can no longer call into a person at most large businesses.

 

This

Outbound call centres are typically not part of the regular PBX of an organisation and are not connected to the inbound call channels... 

jamesrt:

 

If you are in doubt; ask for a reference number or name, and then ring back on the contact number off the website, quoting the previously supplied details.

 

Was no issue. I was expecting the call. But it's still bad security posture.

robocat:

 

you’re entitled to ask the Banking Ombudsman Scheme to formally consider your complaint.

 

IMHO: The Banking Ombudsman Scheme is basically a fig leaf the banks created a few years ago to dissuade the government from imposing more regulations on them....

The Board is heavily influenced by the Banker's Association ( aka "The Banks")

While they will argue the banks inly appoint 2 of the 5 members ,  the Government only appoints one,

BUT then those 3 appoint another - and then all 4 appoint an independent chair.... 

The 2 banks reps can block a chair they don't like...

The board has five members: two bank representatives, two customer representatives and an independent chair. The New Zealand Bankers’ Association chooses the bank representatives. The Minister of Commerce and Consumer Affairs chooses one consumer representative, and the board chooses the other. The board also selects the independent chair. Each director is appointed for a term of up to three years.

wellygary:

 

This

 

Outbound call centres are typically not part of the regular PBX of an organisation and are not connected to the inbound call channels... 

 

That is once again, not my problem. These companies are the ones setting themselves up to fail with systems like this.

I will not interact with randoms on an incoming call. I dont give a crap if you say you are ASB or a hospital or the IRD, you are nobody to me on an incoming call.

richms:

 

That is once again, not my problem. These companies are the ones setting themselves up to fail with systems like this.

 

I will not interact with randoms on an incoming call. I dont give a crap if you say you are ASB or a hospital or the IRD, you are nobody to me on an incoming call.

 

And vice-versa in the other direction. Why we don't have some form of certification for phone numbers is beyond me - the technology to do so already exists.

boosacnoodle:

 

And vice-versa in the other direction. Why we don't have some form of certification for phone numbers is beyond me - the technology to do so already exists.

 

Dangerously close to using them as a defacto ID which I am strongly against. It's just a billing identifier, should be used as nothing more.

The PSTN network is 30+ years behind where it needs to be and they keep trying to stitch on things that other chat apps have had working for years and failing and getting nowhere.