Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Please note this sub-forum does not provide professional finance advice. You should seek advice from a licensed financial advisor.

To post in this sub-forum you must have made 100 posts or have Trust status or have completed our ID Verification.

If investing please consider our affiliate link for new accounts: Sharesies.



ForumsFinance and wealth managementBNZ Mandatory Data Collection
Lias

5655 posts

Uber Geek
+1 received by user: 3978

ID Verified
Trusted
Lifetime subscriber

#323929 4-Feb-2026 10:08
Send private message quote this post

Went to login to BNZ this morning and noticed a new popup on the login page

 

"We've added a new security feature. When you use Internet Banking, we collect information about behaviour like how you type. This helps us to spot any activity that isn't yours, to detect and prevent fraud. Other ways to bank are available if you don't want to share this information."

 

With a link for more information.. and wow I was a bit shocked when I clicked on the more information page. 

 

  • typing - how fast you type, your rhythm, and common errors
  • mouse - how you move it, click, and scroll
  • device use - how you hold, tilt, or move it.
  • type and model
  • preferences, settings, and sensor information
  • network and connectivity data
  • IP address
  • installed apps

It's compulsory, and if you don't agree to all that data being collected, you can no longer bank electronically with BNZ. 

 

Am I overreacting in thinking it's time to find a new bank?




I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup. Opinions are my own and not the views of my employer.

Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4 | 5
geek3001
221 posts

Master Geek
+1 received by user: 331

ID Verified
Subscriber

  #3458607 4-Feb-2026 10:28
Send private message quote this post

 

  • installed apps

 

Surely the BNZ app should not be able to see what other apps are installed on a device?



Gordy7
gordy7
2001 posts

Uber Geek
+1 received by user: 505

ID Verified
Lifetime subscriber

  #3458613 4-Feb-2026 10:44
Send private message quote this post

No notification on my Android phone yet.

 

Seen on my desktop computer.

 

Collecting sensor information? Camera? Voice? Location?

 

Collecting info on installed apps? Other bank apps? Financial management apps? Voice and text messaging?

 

What else?

 

 




Gordy

 

My first ever AM radio network connection was with a 1MHz AM crystal(OA91) radio receiver.

michaelmurfy
meow
13581 posts

Uber Geek
+1 received by user: 10914

Moderator
ID Verified
Trusted
Lifetime subscriber

  #3458614 4-Feb-2026 10:47
Send private message quote this post

Lias: Am I overreacting in thinking it's time to find a new bank?

 

Yes.

 

This is a service most banks are implementing called Biocatch - https://www.biocatch.com/ 

 

What it does is learns from what you commonly do in the app and on Internet Banking and is able to determine if something isn't quite right. It also will request phone permissions on the mobile app to determine if you're on the phone (it doesn't know who to - but it can then challenge a transaction or simply tell you that you're not in a call with BNZ).

 

It's a part of a push to put a stop to scammers / fraud and also raise awareness around fraud. The "installed applications" part is to determine if your Android device is potentially running malicious apps.

 

You've got nothing at all to worry about. It isn't collecting stuff that things like Dynatrace isn't already collecting already in your internet banking session.




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.



alasta
6891 posts

Uber Geek
+1 received by user: 3365

Trusted
Subscriber

  #3458615 4-Feb-2026 10:49
Send private message quote this post

It probably depends on what their privacy policy states about their use of this information. I would be pretty confident that a company like BNZ would comply with their own privacy policy due to the legal and reputational risk if they don't. 

geek3001
221 posts

Master Geek
+1 received by user: 331

ID Verified
Subscriber

  #3458618 4-Feb-2026 10:54
Send private message quote this post

michaelmurfy:

 

The "installed applications" part is to determine if your Android device is potentially running malicious apps.

 

 

@michaelmurfy that makes sense on an infected device. Are you able to comment as to whether that level of info is able to be enumerated on an iPhone?

 

I am assuming not as my understanding, subject to correction of course :-) is that apps on iDevices are not "aware" of each other as iOS / iPadOS does not provide any ability to enumerate that info. Infecting an iDevice with malware is presumed to be much more difficult than an Android device.

duckDecoy
946 posts

Ultimate Geek
+1 received by user: 432

Subscriber

  #3458620 4-Feb-2026 10:57
Send private message quote this post

michaelmurfy:

 

You've got nothing at all to worry about. It isn't collecting stuff that things like Dynatrace isn't already collecting already in your internet banking session.

 

 

Are you saying that if the info they collected was hacked and made public, there could be no negative consequences?  If so then I guess that's OK.

 
 
 
 

Shop on-line at New World now for your groceries (affiliate link).
michaelmurfy
meow
13581 posts

Uber Geek
+1 received by user: 10914

Moderator
ID Verified
Trusted
Lifetime subscriber

  #3458625 4-Feb-2026 11:01
Send private message quote this post

geek3001: michaelmurfy that makes sense on an infected device. Are you able to comment as to whether that level of info is able to be enumerated on an iPhone?

 

There is just jailbreak detection already baked into the app on Apple devices. It isn't aware of the other apps on your phone. iPhones are quite a bit more secure than Android devices.

 

duckDecoy: Are you saying that if the info they collected was hacked and made public, there could be no negative consequences?  If so then I guess that's OK.

 

I think your banks security, who deal with huge amounts of money and have full on security teams are a bit better than another company who was recently spoken about...




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

Lias

5655 posts

Uber Geek
+1 received by user: 3978

ID Verified
Trusted
Lifetime subscriber

  #3458628 4-Feb-2026 11:07
Send private message quote this post

michaelmurfy:

 

Yes.

 

This is a service most banks are implementing called Biocatch - https://www.biocatch.com/ 

 

What it does is learns from what you commonly do in the app and on Internet Banking and is able to determine if something isn't quite right. It also will request phone permissions on the mobile app to determine if you're on the phone (it doesn't know who to - but it can then challenge a transaction or simply tell you that you're not in a call with BNZ).

 

It's a part of a push to put a stop to scammers / fraud and also raise awareness around fraud. The "installed applications" part is to determine if your Android device is potentially running malicious apps.

 

You've got nothing at all to worry about. It isn't collecting stuff that things like Dynatrace isn't already collecting already in your internet banking session.

 

 

To quote a news article. "For Westpac NZ and ANZ, deploying BioCatch Trust is not just a defensive move—it's a strategic play to reduce operational costs tied to scam-related claims and preserve customer trust, a cornerstone of long-term profitability.  "

 

This is not about customer security, it's about invading privacy to ensure bank profits remain high. This should be stomped on by the relevant regulatory bodies hard and fast. 




I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup. Opinions are my own and not the views of my employer.

geek3001
221 posts

Master Geek
+1 received by user: 331

ID Verified
Subscriber

  #3458629 4-Feb-2026 11:14
Send private message quote this post

Lias:

 

To quote a news article. "For Westpac NZ and ANZ, deploying BioCatch Trust is not just a defensive move—it's a strategic play to reduce operational costs tied to scam-related claims and preserve customer trust, a cornerstone of long-term profitability.  "

 

This is not about customer security, it's about invading privacy to ensure bank profits remain high. This should be stomped on by the relevant regulatory bodies hard and fast. 

 

 

Perhaps, however what other options do the banks have to accurately determine if it is really you accessing using your account?

 

This tech could deliver interesting results. One example comes to mind, detection of one household member using another household member's account without a valid reason to do so - potential fraud stopped.

michaelmurfy
meow
13581 posts

Uber Geek
+1 received by user: 10914

Moderator
ID Verified
Trusted
Lifetime subscriber

  #3458631 4-Feb-2026 11:17
Send private message quote this post

Lias:

 

To quote a news article. "For Westpac NZ and ANZ, deploying BioCatch Trust is not just a defensive move—it's a strategic play to reduce operational costs tied to scam-related claims and preserve customer trust, a cornerstone of long-term profitability.  "

 

This is not about customer security, it's about invading privacy to ensure bank profits remain high. This should be stomped on by the relevant regulatory bodies hard and fast.

 

Very incorrect...

 

Yes, it assists with profits by combating fraud but it's not at all about invading privacy. You're reading into this wrong.

 

All banks operate some form of fraud analytics on their platforms and metrics like determining if you're in a call or determining if your device is running malware or remote access tools like Anydesk / Teamviewer etc is an incredibly effective way to detect and combat potential fraud.

 

But to be blunt. You're using a Smartphone, your privacy is already impacted...




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

yitz
2239 posts

Uber Geek
+1 received by user: 594


  #3458634 4-Feb-2026 11:19
Send private message quote this post

geek3001:

 

This tech could deliver interesting results. One example comes to mind, detection of one household member using another household member's account without a valid reason to do so - potential fraud stopped.

 

 

Hunt and peck typing is hard to master 😆

 
 
 
 

Shop now for Dyson appliances (affiliate link).
richms
29104 posts

Uber Geek
+1 received by user: 10222

Trusted
Lifetime subscriber

  #3458635 4-Feb-2026 11:20
Send private message quote this post

Already seeing people have other banking apps overseas refuse to open based on other apps being installed from non play store sources on their device. Its none of the banks business what else I use the device for.

 

If I have to get a dedicated device for banking with one bank but can use another bank freely on what I have without bother, That will influence what bank I choose. They are just an app that tells me how much money I have and banks seem to forget that they are easily replaceable.

 

Apps have no business looking at contacts, SMS or phone services just like they have no business being in my email or on my facebook. If they wont work without phone permissions or SMS etc then I guess I will not be using them on a device I use for those services.

 

 




Richard rich.ms

MikeB4
MikeB4
18776 posts

Uber Geek
+1 received by user: 12767

ID Verified
Trusted
Subscriber

  #3458638 4-Feb-2026 11:23
Send private message quote this post

"installed Apps" That is none of their business.

 

"device use - how you hold, tilt, or move it." due to my various disabilities I may use my right hand for a period of time then need to move to my left hand. I may have my device on a desk to use of on a platform on my wheelchair. I may swap to using a rubber tip pen to type.  will this show me as a bad actor?

 

 

 

 

 

 

 

 




Here is a crazy notion, lets give peace a chance.

Handsomedan
7770 posts

Uber Geek
+1 received by user: 7408

ID Verified
Trusted
Subscriber

  #3458639 4-Feb-2026 11:26
Send private message quote this post

MikeB4:

 

"installed Apps" That is none of their business.

 

"device use - how you hold, tilt, or move it." due to my various disabilities I may use my right hand for a period of time then need to move to my left hand. I may have my device on a desk to use of on a platform on my wheelchair. I may swap to using a rubber tip pen to type.  will this show me as a bad actor?

 


Depends on whether you're planning a cameo in Shortland Street  - TBF they're all bad actors, so you'll be in good company, Mike. 

 

 

 

But in all seriousness, that was also a question I asked myself - how much data needs to be gathered to determine "normal" use? different hands, different surfaces, even different times of day/night could affect the data. 

 

 




Handsome Dan Has Spoken.
Handsome Dan needs to stop adding three dots to every sentence...

 

Handsome Dan does not currently have a side hustle as the mascot for Yale 

 

 

 

*Gladly accepting donations...

MikeAqua
8031 posts

Uber Geek
+1 received by user: 3820


  #3458642 4-Feb-2026 11:31
Send private message quote this post

Yes.  They're basically trying to create a fingerprint of your device and how you use it.  If they detect interactions that diverge from that fingerprint, further security steps can be tiggered.  The Privacy Act requires them to only use that info for the stated purpose for which it was collected.




Mike

 1 | 2 | 3 | 4 | 5
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright