Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


2 posts

Wannabe Geek


Topic # 119744 12-Jun-2013 02:23
Send private message

I have lived overseas for 4 years now and am heading back to the good old NZ. I am looking for a good bank. Especially one with good online service.

I was surprised when arriving in Norway to have to use a security device that generated a number i had to key in each time I logged into my bank (DnB) online or paid bills, transferred money etc. At first I found it an inconvenience but then I loved the extra layer of security it provided. I even began to feel "naked" when doing transactions in my NZ account.

More recently the bank has provided a verification app on smart phones as an option instead of the code generator. This is even more handy as My phone is always nearby and it saves me having to key in a number and occasionally mistype it. I get a phrase in my computer screen and a phrase on my phone, if they match I say accept (if they ever didn't I could cancel). I then key my pin code.

I notice ANZ offers a code texted to you to now (I was a National bank client, so now been made an ANZ one). The code texted to you must be keyed into the online banking screen.

What other security systems are around in other banks?

Are they much the same or are there any more elegant systems?

Any other tips on bank offerings also accepted as I am thinking of changing bank once I arrive back home.

Cheers

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
BDFL - Memuneh
61515 posts

Uber Geek
+1 received by user: 12235

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 834567 12-Jun-2013 07:48
Send private message

BNZ uses a card with a 7x7 grid and asks for three coordinates before any transaction involving one off, creating new payees. You can make an option to ask for the three coordinates at login.





19282 posts

Uber Geek
+1 received by user: 2600
Inactive user


  Reply # 834568 12-Jun-2013 08:01
Send private message

ASB banking App is awesome

660 posts

Ultimate Geek
+1 received by user: 36
Inactive user


  Reply # 834569 12-Jun-2013 08:03
Send private message

In ASB u can request for a elec device which will generate random no.s to login to ur account. 

ASB has also a great app, which lets you pay Phone, facebook friends, 

I wouldnt recommend any other bank

2054 posts

Uber Geek
+1 received by user: 357

Trusted

  Reply # 834572 12-Jun-2013 08:14
Send private message

RaboDirect offers a login token, looks like a small calculator. Very secure, but unfortunately they only operate as a savings bank (to retail customers at least) so you can only transfer money out from your savings account into one nominated transaction account with another bank. Which really negates the need for such security

597 posts

Ultimate Geek
+1 received by user: 98


  Reply # 834580 12-Jun-2013 08:43
Send private message

Of the banks I have experience with currently:

Kiwibank's is terrible. Simply asks a random security question on login, eg. Where were you born?

I like ANZ's as I always have my phone with me (sends a txt with a random code if you try to make a payment).

Rabodirect's Digipass is very secure however I find it a bit cumbersome.

BDFL - Memuneh
61515 posts

Uber Geek
+1 received by user: 12235

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 834583 12-Jun-2013 08:46
2 people support this post
Send private message

Kraven: Kiwibank's is terrible. Simply asks a random security question on login, eg. Where were you born?


You know, for these kind of security I simply don't use the real answers. If one of the questions is "Where were you born" I answer with something like "New York" even though I was born in Rio de Janeiro. 

Answers to those questions are very easy to find if you go mining deep into some social networks, company profiles, etc. So just use misdirection there.






14223 posts

Uber Geek
+1 received by user: 2572

Trusted
Subscriber

  Reply # 834584 12-Jun-2013 08:48
Send private message

ASB sends you a confirmation code by txt before you make a payment, and you can have it send a confirmation code for each login too. I don't do the latter, just the former. I find ASB pretty good overall.




AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer


2054 posts

Uber Geek
+1 received by user: 357

Trusted

  Reply # 834593 12-Jun-2013 08:55
Send private message

The Kiwibank system is pretty effective at dealing with the threat of keyloggers, as you click the letters onscreen to answer the question rather than type them, but there are of course many bigger threats than keyloggers.

Agree the questions/answers are very poor security, if you answer them accurately.


For the OP: worth remembering that most banks offer some form of security guarantee, generally that they will cover any fraud losses through their system (sometimes subject to a small excess), so while having your account compromised can be an inconvenience, it doesn't tend to result in a personal loss, which reduces (but doesn't eliminate) the incentive to worry about how secure the bank's login method is

Webhead
2125 posts

Uber Geek
+1 received by user: 691

Moderator
Trusted
Lifetime subscriber

  Reply # 834633 12-Jun-2013 10:07
Send private message

While security guarantees are nice, poor security could lead to higher prices for the services you get (because they have to cover losses from fraud) and its a huge pain in the back if something happens and your account is taken over.

So I would rather have a secure system.

Most systems online today are moving towards two step verifications. Passwords have failed as a good security measure and other means of authentication like SMS messages, applications such as Google Authenticator etc. are taking over.

You can already implement that with Paypal (well, maybe not in NZ; but the US have it), Facebook, Gmail, etc.

If you want to know why you should not trust just a password, check out what happened to Mat Honan at Wired: http://www.wired.com/gadgetlab/2012/11/ff-mat-honan-password-hacker/all/

So if your account is based on a password, and there is any chance of getting your bank to reset your password by email, and that email account is not properly secured.. well you know what will happen.




Awesome
4813 posts

Uber Geek
+1 received by user: 1062

Trusted
Subscriber

  Reply # 834646 12-Jun-2013 10:42
One person supports this post
Send private message

To me, having a code just to login is stupid (BNZ had this for a long time - now you can turn it off).

I only want to enter a code when I do anything that could risk me actually losing money. If someone logs into my account, they can't use the information on the screen for anything particularly useful.

Having a 2FA code to make a one off payment, set up a new bill payee, automatic payment, change details, apply for things etc is all that's needed.

ASB are a great bank, and probably offer (IMO) the best 2FA solution. You can either have them give you a physical RSA SecurID token that displays a constantly changing 6-digit code on it's screen, or they can send you a unique code by SMS each time it's needed. Both involve small fees, and if you make a lot of transactions it may be cheaper to go for the hardware device.

I have accounts with both BNZ and Kiwibank - and I find their 2FA systems annoying and overly cumbersome to use. Especially with Kiwibank as I HAVE to do it upon login, and can't turn it off.




Twitter: ajobbins


1332 posts

Uber Geek
+1 received by user: 152
Inactive user


  Reply # 835662 12-Jun-2013 11:43
Send private message

I think Kiwibank's system is the best. You can set it to ask you a question only you know the answer to and it will request a couple of letters from each answer every time you log in.

It really is an ingenious method of extra security without requiring you to carry a piece of plastic about or a dongle.

Obviously, if you answer their questions with information that others already know about you then it is not effective but that would be on you rather than Kiwibank.

Awesome
4813 posts

Uber Geek
+1 received by user: 1062

Trusted
Subscriber

  Reply # 835671 12-Jun-2013 11:58
One person supports this post
Send private message

1080p: I think Kiwibank's system is the best. You can set it to ask you a question only you know the answer to and it will request a couple of letters from each answer every time you log in.

It really is an ingenious method of extra security without requiring you to carry a piece of plastic about or a dongle.

Obviously, if you answer their questions with information that others already know about you then it is not effective but that would be on you rather than Kiwibank.


It's just a bit cumbersome, and isn't true 2FA. 2FA is supposed to be something you know (a password) and something you have (A token). Kiwibank's is a something you know and something you know - or possibly a something you know and something others might know too.

And the fact you need it even to log in and check a balance or move money between your own accounts is just painful.




Twitter: ajobbins




2 posts

Wannabe Geek


  Reply # 836220 13-Jun-2013 11:11
Send private message

Something you have and something you know is good security mantra.

I am liking the sound of ASB more and more, although ANZ is sounding less bad when I hear of some of the other systems out there.

It is great to hear all your input. Many thanks-

Awesome
4813 posts

Uber Geek
+1 received by user: 1062

Trusted
Subscriber

  Reply # 836225 13-Jun-2013 11:17
One person supports this post
Send private message

MichelleBerg: Something you have and something you know is good security mantra.

I am liking the sound of ASB more and more, although ANZ is sounding less bad when I hear of some of the other systems out there.

It is great to hear all your input. Many thanks-


In terms of Internet Banking, ANZ use a re branded version of what was the National Bank's IB platform. I believe a lot of the ANZ banking core now is based on National Bank platforms




Twitter: ajobbins


3040 posts

Uber Geek
+1 received by user: 466

Trusted
Subscriber

  Reply # 836260 13-Jun-2013 12:07
Send private message

Could be worse - Westpac's security is something you know (your password), something WE know (blackbox analysis of login to determine if trustworthy or not) and something everyone knows (your birthplace or one of 7 other stupid questions 5 seconds of searching on Google or Facebook can tell you - and even then only if Westpac determined that your login didn't match their pattern analysis).

Random factoid you probably didn't know - your password is case insensitive if you are with ASB, Westpac, and I believe Kiwibank and ANZ. TSB and BNZ your password is definitely case sensitive. Try it yourself sometime - enter the case of your password incorrectly and marvel as your bank happily logs you into your accounts!

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.