Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3
dafman
3377 posts

Uber Geek

Trusted
Subscriber

  #2497295 3-Jun-2020 11:16
Send private message

I use Kiwibank and I am totally comfortable with their security. I change my password and security questions every few months and, as someone else noted, my questions and answers do not make logical sense (so can't be guessed).

 

And as long as you don't share your logon details and password, you will be ok.

 

Golden rule: NEVER, EVER, EVER input your logon details from a text or email request to do so. No matter how convincing it looks, your bank will NEVER email you and ask you to update from an email.

 

antonknee:

 

So Kiwibank's annoying text message verification is (one reason) why I left them, I often did not receive these text messages... unfortunately I went to Westpac and I did not realise their security was so horrendous. Might be looking for a new bank now...

 

 

I really like this added security feature. From what I can gather, Kiwibank only txt me if I log in from a new device or are making a significant payment to a new payee - otherwise, they don't text. I'm totally ok with this.


antonknee
489 posts

Ultimate Geek


  #2497304 3-Jun-2020 11:38
Send private message

dafman:

 

antonknee:

 

So Kiwibank's annoying text message verification is (one reason) why I left them, I often did not receive these text messages... unfortunately I went to Westpac and I did not realise their security was so horrendous. Might be looking for a new bank now...

 

 

I really like this added security feature. From what I can gather, Kiwibank only txt me if I log in from a new device or are making a significant payment to a new payee - otherwise, they don't text. I'm totally ok with this.

 

 

Oh I think it's a fine idea and I believe ANZ (and others) do the same. My issue with it was just I often didn't receive those text codes and no amount of troubleshooting could fix it. In fairness to Kiwibank they were more than happy to do the verification over the phone.





Ant  Reformed geek | Referral links: Electric Kiwi  Sharesies  Stake


 
 
 
 


OldGeek
510 posts

Ultimate Geek

Lifetime subscriber

  #2497333 3-Jun-2020 13:08
Send private message

When I first looked into Internet Banking (TSB, ANZ and Kiwibank at various times) many years ago I did so for 2 main reasons:

 

     

  1. Indemnity.
  2. Unsurpassed access to account data.

 

By Indemnity I mean that at long as I do not surrender logon data to any unrelated 3rd party, the use of Internet Banking is at the banks risk.  Internet banking allows me to view account status and latest transactions whenever I choose to.  Transactions appear within minutes these days for all transaction account types.  The key here is convenience and risk-free when long-practiced security of userids and passwords is maintained.

 

I monitor accounts daily and report questionable transactions (all on credit card account these days) through the Internet Banking securemail facility.

 

The days of waiting for account statements through the post and reconciling cheque account balances with paper and cheque-book are long gone and I don't regret their passing. 

 

Edit: typos fixed





--

OldGeek.


kiwiace
41 posts

Geek


  #2497336 3-Jun-2020 13:12
Send private message

regarding SMS 2FA:

 

It seems useful when you are logging on from a PC

 

[although even then, the kurte.nz site links to a 4 year old warning it can be compromised (and there have been high profile simjackings leading to bitcoin theft overseas).]

 

 

 

But it seems risky to me to have SMS 2FA and a mobile banking app - if the phone was compromised you could rapidly be in trouble surely?

 

 


antonknee
489 posts

Ultimate Geek


  #2497345 3-Jun-2020 13:17
Send private message

kiwiace:

 

regarding SMS 2FA:

 

It seems useful when you are logging on from a PC

 

[although even then, the kurte.nz site links to a 4 year old warning it can be compromised (and there have been high profile simjackings leading to bitcoin theft overseas).]

 

 

 

But it seems risky to me to have SMS 2FA and a mobile banking app - if the phone was compromised you could rapidly be in trouble surely?

 

 

 

 

If your phone was compromised you'd be in trouble anyway right?

 

I suppose that's the whole point, adding another factor to make compromising any one thing less likely to be a showstopper.





Ant  Reformed geek | Referral links: Electric Kiwi  Sharesies  Stake


zespri
345 posts

Ultimate Geek

Lifetime subscriber

  #2497346 3-Jun-2020 13:22
Send private message

michaelmurfy:

 

It is also vitally important you don't use systems like POLi as this goes against your internet banking terms of use (as systems like POLi "man in the middle you" and login to your internet banking to make a payment) - banks can detect when such systems are used and whilst they allow them, they may use this against you if you get compromised in the future.

 

 

This is something I find very puzzling. POLi should not exist the way it is and has been, yet, it's allowed. I'm a technical person, so I know how bad it is, but to convince a non-techie, that POLi is much worse than, say paying via a credit card, or internet banking is very difficult, because it's all the same to them. When POLi first appeared on my radar I was hoping that it would be closed down soon, so apparently it is insecure. Yet it keeps being around a year after year.


ANglEAUT
1237 posts

Uber Geek

Trusted

  #2497350 3-Jun-2020 13:28
Send private message

floydbloke:

 

It might be handy if it was current.  It doesn't mention 2FA using the app for BNZ.......makes you wonder what else is missing/out of date.

 

Would be more useful if it included a 'last updated on __/__/__' and a disclaimer that things may have changed since then.

 

 

It's hosted on Github and the last commit was on 2018/06/14.





Please keep this GZ community vibrant by contributing in a constructive & respectful manner.


 
 
 
 


JaBZ
336 posts

Ultimate Geek


  #2497356 3-Jun-2020 13:34
Send private message

ANglEAUT:

 

floydbloke:

 

It might be handy if it was current.  It doesn't mention 2FA using the app for BNZ.......makes you wonder what else is missing/out of date.

 

Would be more useful if it included a 'last updated on __/__/__' and a disclaimer that things may have changed since then.

 

 

It's hosted on Github and the last commit was on 2018/06/14.

 

 

 

 

Yes its outdated why bother.   Westpac has had 2FA "Other" for a number of years.   I get the 2FA SMS for transfers/payments.

 

https://www.westpac.co.nz/branch-mobile-online/safety-and-security-online/westpac-online-guardian/





My opinions and ideas expressed in posts are solely my own and do not reflect the views of my employer in any way..


michaelmurfy
/dev/null
9634 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  #2497364 3-Jun-2020 13:45
Send private message

zespri:

 

This is something I find very puzzling. POLi should not exist the way it is and has been, yet, it's allowed. I'm a technical person, so I know how bad it is, but to convince a non-techie, that POLi is much worse than, say paying via a credit card, or internet banking is very difficult, because it's all the same to them. When POLi first appeared on my radar I was hoping that it would be closed down soon, so apparently it is insecure. Yet it keeps being around a year after year.

 

The problem is, if a bank blocks it (and talking about this from a point of view of me looking after an internet banking platform for a large bank) then customers will be unhappy it is blocked, think the bank is trying to make money from Visa Debit / Credit Card transactions etc. It does inadvertently break sometimes when an Internet Banking release goes out and when this happens I see an influx of incidents logged to our queue from the contact centre telling us to fix it.

 

Despite it being insecure customers will still use it anyway since the likes of PB-Tech, AirNZ etc charge their customers extra for using credit cards. Personally, I'd rather pay this as I am then covered by the Visa zero-liability guarantee vs doing an internet banking payment that can't be reversed. I've never used POLi and never will.

 

I've seen customers attempting to get a refund from Jetstar for example after they've made a payment via POLi and their flights being cancelled. If they used their credit card then a dispute can be placed on the transaction and they normally get the money reversed where with POLi once it is done, it is done and you're at the complete mercy of the company for getting a refund. With Jetstar, you could imagine how difficult this is and trust me when I say when a customer goes through that particular refund flow they never use POLi again.





chevrolux
4609 posts

Uber Geek

Trusted

  #2497372 3-Jun-2020 13:53
Send private message

So why can't POLi just get vetted and certified for use with the banks? And until that point, the banks block it.

 

Because you are dead right, paying a surcharge just for the "privilege" of using a credit card is bollocks. 

 

Either that, or the banks/card companies pull their heads our of their asses in term of their transaction fees.


michaelmurfy
/dev/null
9634 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  #2497376 3-Jun-2020 14:02
Send private message

chevrolux:

 

So why can't POLi just get vetted and certified for use with the banks? And until that point, the banks block it.

 

Since they're using man in the middle to login to customers internet banking this won't be possible either. Also nearly impossible to block since they go via a well known cloud computing company that customers also use and attempt to emulate an actual customer.

 

But also, this is way off topic now. Back on topic folks!





Rikkitic

Awrrr
12940 posts

Uber Geek

Lifetime subscriber

  #2497403 3-Jun-2020 14:26
Send private message

Great. I just tried to access my account and my login was blocked. I had to ring Kiwibank to get it unblocked again. I asked why this happened and was told it was a glitch(!) and others had been experiencing the same thing. It doesn't exactly fill me with confidence since I am already fairly leery of anything to do with money and automation, or maybe just automation in general.

 

 





I don't think there is ever a bad time to talk about how absurd war is, how old men make decisions and young people die. - George Clooney
 


1024kb
583 posts

Ultimate Geek

Subscriber

  #2497416 3-Jun-2020 14:43
Send private message

Co-operative Bank received a serve from me regarding their account security. My initial complaint was that they limit passwords (stop right there!) to 10 characters, a stupidity which has not changed. The more concerning issue - one that was corrected - had the app refusing special character input when creating a password. It would allow specials as input when confirming an existing password but not when creating. This issue was addressed by the developer.

I told them that due to the nature of their business, banks should be at the forefront of IT security implementation, and have pride in their app as it represents their brand. I further told them that because of that artificial limit on password complexity (which is totally unnecessary), Co-operative shouldn't be proud of their app.

They're not alone in NZ business. I refused to setup a Spark account due to their frankly primitive password policy at the time (12 months ago) completely disallowing special characters. Their policy approves Pass0123 as a strong password (yeah, right) yet will not allow $;/86Sg$(. My efforts at getting this changed were ignored, & as I'd told them I wouldn't sign up for an account with any organization that imposed such a cavalier password policy, I guess they found it easier to bin my protest.




Megabyte - so geek it megahertz


rugrat
2197 posts

Uber Geek

Lifetime subscriber

  #2497468 3-Jun-2020 16:27
Send private message

I haven't used it but see some places have EFT POS available as an online payment.

 

To use looks like need banking applic on phone, guessing it gives a code to type into website.

 

Places I've seen it is Skinny top up, and KFC ordering online.

 

With the Skinny one BNZ wasn't on list of banks that support it, but I use mobile top up in bank applic anyway, and the KFC used credit card.

 

Is EFTPOS one safe?


boosacnoodle
237 posts

Master Geek


  #2497536 3-Jun-2020 17:39
Send private message

Yes it is sanctioned by the banks (i.e. it is official).


1 | 2 | 3
View this topic in a long page with up to 500 replies per page Create new topic





News »

NASA discovers water on sunlit surface of Moon
Posted 27-Oct-2020 08:30


Huawei introduces new features to Petal Search, Maps and Docs
Posted 26-Oct-2020 18:05


Nokia selected by NASA to build first ever cellular network on the Moon
Posted 21-Oct-2020 08:34


Nanoleaf enhances lighting line with launch of Triangles and Mini Triangles
Posted 17-Oct-2020 20:18


Synology unveils DS16211+
Posted 17-Oct-2020 20:12


Ingram Micro introduces FootfallCam to New Zealand channel
Posted 17-Oct-2020 20:06


Dropbox adopts Virtual First working policy
Posted 17-Oct-2020 19:47


OPPO announces Reno4 Series 5G line-up in NZ
Posted 16-Oct-2020 08:52


Microsoft Highway to a Hundred expands to Asia Pacific
Posted 14-Oct-2020 09:34


Spark turns on 5G in Auckland
Posted 14-Oct-2020 09:29


AMD Launches AMD Ryzen 5000 Series Desktop Processors
Posted 9-Oct-2020 10:13


Teletrac Navman launches integrated multi-camera solution for transport and logistics industry
Posted 8-Oct-2020 10:57


Farmside hits 10,000 RBI customers
Posted 7-Oct-2020 15:32


NordVPN starts deploying colocated servers
Posted 7-Oct-2020 09:00


Google introduces Nest Wifi routers in New Zealand
Posted 7-Oct-2020 05:00









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.