Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Please note this sub-forum does not provide professional finance advice. You should seek advice from a licensed financial advisor.

To post in this sub-forum you must have made 100 posts or have Trust status or have completed our ID Verification.

If investing please consider our affiliate link for new accounts: Sharesies.



ForumsFinance and wealth managementANZ Bank Internet Banking Security
kramgk

16 posts

Geek


#237796 18-Jun-2018 15:41
Send private message

My wife locked herself out of her Internet Banking account and used the "Forgot Password" facility to reset her account.  She gave her customer number, a new password, and then the system sent her a text message with an "online code" to validate the password change.  Too easy by far, and pretty typical behavior for lots of web sites.  The online code is about providing two-factor authentication, but in this case, you don't authenticate with the bank at all.  You are relying on having a PIN on your phone, and having set the phone to not show an incoming text messages.  This seems like another example of why it's a bad idea for people to have their phone and wallet together. 

 

Does anyone know of ways in which a customer can make this system better?  A CSR at ANZ Bank said there was a setting on the web site to stop the online code for password change, but this still allows password changes.

 

 

Create new topic

This is a filtered page: currently showing replies marked as answers. Click here to see full discussion.

michaelmurfy
meow
13579 posts

Uber Geek
+1 received by user: 10910

Moderator
ID Verified
Trusted
Lifetime subscriber

  #2039883 18-Jun-2018 16:18
Send private message

Doing what you suggest is a 2 edged sword.

 

You can disable Online Code under Your Settings --> Change Online Code settings however this stops a SMS when you're changing your online code from within ANZ's internet banking itself.

 

Now for the other part - you're protected from fraudulent activities if you're following ANZ's Electronic Banking Conditions. If your wife is following this and has her phone go missing with somebody deciding to reset her password for her internet banking then she is still covered as long as she didn't contribute to this. There is some somewhat complex fraud checking going on behind the scenes and (without going into too much detail) this kind of activity will more than likely alert on their end anyway. If the system suspects something phishy is going on it'll actually ask to give them a call with a code for manual verification...

 

Another way to mitigate this is to disable lock screen notification previews - on iPhones this is under Settings --> Notifications --> Show Previews. This doesn't prevent people from just removing the SIM though.

 

But, keep Online Code enabled - while it is not perfect it is still adds an additional layer of security. I totally get what you're saying around manual verification but quite frankly if they did this then every 2nd call that comes into the contact centre would be a password reset request.

 

 




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright