Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3
3207 posts

Uber Geek

Trusted
Subscriber

  #2497295 3-Jun-2020 11:16
Send private message quote this post

I use Kiwibank and I am totally comfortable with their security. I change my password and security questions every few months and, as someone else noted, my questions and answers do not make logical sense (so can't be guessed).

 

And as long as you don't share your logon details and password, you will be ok.

 

Golden rule: NEVER, EVER, EVER input your logon details from a text or email request to do so. No matter how convincing it looks, your bank will NEVER email you and ask you to update from an email.

 

antonknee:

 

So Kiwibank's annoying text message verification is (one reason) why I left them, I often did not receive these text messages... unfortunately I went to Westpac and I did not realise their security was so horrendous. Might be looking for a new bank now...

 

 

I really like this added security feature. From what I can gather, Kiwibank only txt me if I log in from a new device or are making a significant payment to a new payee - otherwise, they don't text. I'm totally ok with this.


309 posts

Ultimate Geek


  #2497304 3-Jun-2020 11:38
Send private message quote this post

dafman:

 

antonknee:

 

So Kiwibank's annoying text message verification is (one reason) why I left them, I often did not receive these text messages... unfortunately I went to Westpac and I did not realise their security was so horrendous. Might be looking for a new bank now...

 

 

I really like this added security feature. From what I can gather, Kiwibank only txt me if I log in from a new device or are making a significant payment to a new payee - otherwise, they don't text. I'm totally ok with this.

 

 

Oh I think it's a fine idea and I believe ANZ (and others) do the same. My issue with it was just I often didn't receive those text codes and no amount of troubleshooting could fix it. In fairness to Kiwibank they were more than happy to do the verification over the phone.





Ant  Reformed geek | Referral links: Electric Kiwi  Sharesies  Stake


 
 
 
 


483 posts

Ultimate Geek

Lifetime subscriber

  #2497333 3-Jun-2020 13:08
Send private message quote this post

When I first looked into Internet Banking (TSB, ANZ and Kiwibank at various times) many years ago I did so for 2 main reasons:

 

     

  1. Indemnity.
  2. Unsurpassed access to account data.

 

By Indemnity I mean that at long as I do not surrender logon data to any unrelated 3rd party, the use of Internet Banking is at the banks risk.  Internet banking allows me to view account status and latest transactions whenever I choose to.  Transactions appear within minutes these days for all transaction account types.  The key here is convenience and risk-free when long-practiced security of userids and passwords is maintained.

 

I monitor accounts daily and report questionable transactions (all on credit card account these days) through the Internet Banking securemail facility.

 

The days of waiting for account statements through the post and reconciling cheque account balances with paper and cheque-book are long gone and I don't regret their passing. 

 

Edit: typos fixed





--

OldGeek.


38 posts

Geek


  #2497336 3-Jun-2020 13:12
Send private message quote this post

regarding SMS 2FA:

 

It seems useful when you are logging on from a PC

 

[although even then, the kurte.nz site links to a 4 year old warning it can be compromised (and there have been high profile simjackings leading to bitcoin theft overseas).]

 

 

 

But it seems risky to me to have SMS 2FA and a mobile banking app - if the phone was compromised you could rapidly be in trouble surely?

 

 


309 posts

Ultimate Geek


  #2497345 3-Jun-2020 13:17
Send private message quote this post

kiwiace:

 

regarding SMS 2FA:

 

It seems useful when you are logging on from a PC

 

[although even then, the kurte.nz site links to a 4 year old warning it can be compromised (and there have been high profile simjackings leading to bitcoin theft overseas).]

 

 

 

But it seems risky to me to have SMS 2FA and a mobile banking app - if the phone was compromised you could rapidly be in trouble surely?

 

 

 

 

If your phone was compromised you'd be in trouble anyway right?

 

I suppose that's the whole point, adding another factor to make compromising any one thing less likely to be a showstopper.





Ant  Reformed geek | Referral links: Electric Kiwi  Sharesies  Stake


331 posts

Ultimate Geek

Lifetime subscriber

  #2497346 3-Jun-2020 13:22
Send private message quote this post

michaelmurfy:

 

It is also vitally important you don't use systems like POLi as this goes against your internet banking terms of use (as systems like POLi "man in the middle you" and login to your internet banking to make a payment) - banks can detect when such systems are used and whilst they allow them, they may use this against you if you get compromised in the future.

 

 

This is something I find very puzzling. POLi should not exist the way it is and has been, yet, it's allowed. I'm a technical person, so I know how bad it is, but to convince a non-techie, that POLi is much worse than, say paying via a credit card, or internet banking is very difficult, because it's all the same to them. When POLi first appeared on my radar I was hoping that it would be closed down soon, so apparently it is insecure. Yet it keeps being around a year after year.


1191 posts

Uber Geek

Trusted

  #2497350 3-Jun-2020 13:28
Send private message quote this post

floydbloke:

 

It might be handy if it was current.  It doesn't mention 2FA using the app for BNZ.......makes you wonder what else is missing/out of date.

 

Would be more useful if it included a 'last updated on __/__/__' and a disclaimer that things may have changed since then.

 

 

It's hosted on Github and the last commit was on 2018/06/14.





Please keep this GZ community vibrant by contributing in a constructive & respectful manner.


 
 
 
 


332 posts

Ultimate Geek


  #2497356 3-Jun-2020 13:34
Send private message quote this post

ANglEAUT:

 

floydbloke:

 

It might be handy if it was current.  It doesn't mention 2FA using the app for BNZ.......makes you wonder what else is missing/out of date.

 

Would be more useful if it included a 'last updated on __/__/__' and a disclaimer that things may have changed since then.

 

 

It's hosted on Github and the last commit was on 2018/06/14.

 

 

 

 

Yes its outdated why bother.   Westpac has had 2FA "Other" for a number of years.   I get the 2FA SMS for transfers/payments.

 

https://www.westpac.co.nz/branch-mobile-online/safety-and-security-online/westpac-online-guardian/





My opinions and ideas expressed in posts are solely my own and do not reflect the views of my employer in any way..


/dev/null
9383 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  #2497364 3-Jun-2020 13:45
Send private message quote this post

zespri:

 

This is something I find very puzzling. POLi should not exist the way it is and has been, yet, it's allowed. I'm a technical person, so I know how bad it is, but to convince a non-techie, that POLi is much worse than, say paying via a credit card, or internet banking is very difficult, because it's all the same to them. When POLi first appeared on my radar I was hoping that it would be closed down soon, so apparently it is insecure. Yet it keeps being around a year after year.

 

The problem is, if a bank blocks it (and talking about this from a point of view of me looking after an internet banking platform for a large bank) then customers will be unhappy it is blocked, think the bank is trying to make money from Visa Debit / Credit Card transactions etc. It does inadvertently break sometimes when an Internet Banking release goes out and when this happens I see an influx of incidents logged to our queue from the contact centre telling us to fix it.

 

Despite it being insecure customers will still use it anyway since the likes of PB-Tech, AirNZ etc charge their customers extra for using credit cards. Personally, I'd rather pay this as I am then covered by the Visa zero-liability guarantee vs doing an internet banking payment that can't be reversed. I've never used POLi and never will.

 

I've seen customers attempting to get a refund from Jetstar for example after they've made a payment via POLi and their flights being cancelled. If they used their credit card then a dispute can be placed on the transaction and they normally get the money reversed where with POLi once it is done, it is done and you're at the complete mercy of the company for getting a refund. With Jetstar, you could imagine how difficult this is and trust me when I say when a customer goes through that particular refund flow they never use POLi again.





4542 posts

Uber Geek

Trusted

  #2497372 3-Jun-2020 13:53
Send private message quote this post

So why can't POLi just get vetted and certified for use with the banks? And until that point, the banks block it.

 

Because you are dead right, paying a surcharge just for the "privilege" of using a credit card is bollocks. 

 

Either that, or the banks/card companies pull their heads our of their asses in term of their transaction fees.


/dev/null
9383 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  #2497376 3-Jun-2020 14:02
Send private message quote this post

chevrolux:

 

So why can't POLi just get vetted and certified for use with the banks? And until that point, the banks block it.

 

Since they're using man in the middle to login to customers internet banking this won't be possible either. Also nearly impossible to block since they go via a well known cloud computing company that customers also use and attempt to emulate an actual customer.

 

But also, this is way off topic now. Back on topic folks!







Devastation by stupidity
12247 posts

Uber Geek

Lifetime subscriber

  #2497403 3-Jun-2020 14:26
Send private message quote this post

Great. I just tried to access my account and my login was blocked. I had to ring Kiwibank to get it unblocked again. I asked why this happened and was told it was a glitch(!) and others had been experiencing the same thing. It doesn't exactly fill me with confidence since I am already fairly leery of anything to do with money and automation, or maybe just automation in general.

 

 





I don't think there is ever a bad time to talk about how absurd war is, how old men make decisions and young people die. - George Clooney
 


495 posts

Ultimate Geek

Subscriber

  #2497416 3-Jun-2020 14:43
Send private message quote this post

Co-operative Bank received a serve from me regarding their account security. My initial complaint was that they limit passwords (stop right there!) to 10 characters, a stupidity which has not changed. The more concerning issue - one that was corrected - had the app refusing special character input when creating a password. It would allow specials as input when confirming an existing password but not when creating. This issue was addressed by the developer.

I told them that due to the nature of their business, banks should be at the forefront of IT security implementation, and have pride in their app as it represents their brand. I further told them that because of that artificial limit on password complexity (which is totally unnecessary), Co-operative shouldn't be proud of their app.

They're not alone in NZ business. I refused to setup a Spark account due to their frankly primitive password policy at the time (12 months ago) completely disallowing special characters. Their policy approves Pass0123 as a strong password (yeah, right) yet will not allow $;/86Sg$(. My efforts at getting this changed were ignored, & as I'd told them I wouldn't sign up for an account with any organization that imposed such a cavalier password policy, I guess they found it easier to bin my protest.




Megabyte - so geek it megahertz


2063 posts

Uber Geek


  #2497468 3-Jun-2020 16:27
Send private message quote this post

I haven't used it but see some places have EFT POS available as an online payment.

 

To use looks like need banking applic on phone, guessing it gives a code to type into website.

 

Places I've seen it is Skinny top up, and KFC ordering online.

 

With the Skinny one BNZ wasn't on list of banks that support it, but I use mobile top up in bank applic anyway, and the KFC used credit card.

 

Is EFTPOS one safe?


231 posts

Master Geek


  #2497536 3-Jun-2020 17:39
Send private message quote this post

Yes it is sanctioned by the banks (i.e. it is official).


1 | 2 | 3
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Menulog change colours as parent company merges with Dutch food delivery service
Posted 2-Jul-2020 07:53


Techweek2020 goes digital to make it easier for Kiwis to connect and learn
Posted 2-Jul-2020 07:48


Catalyst Cloud launches new Solutions Hub to support their kiwi Partners and Customers
Posted 2-Jul-2020 07:44


Microsoft to help New Zealand job seekers acquire new digital skills needed for the COVID-19 economy
Posted 2-Jul-2020 07:41


Hewlett Packard Enterprise introduces new HPE GreenLake cloud services
Posted 24-Jun-2020 08:07


New cloud data protection services from Hewlett Packard Enterprise
Posted 24-Jun-2020 07:58


Hewlett Packard Enterprise unveils HPE Ezmeral, new software portfolio and brand
Posted 24-Jun-2020 07:10


Apple reveals new developer technologies to foster the next generation of apps
Posted 23-Jun-2020 15:30


Poly introduces solutions for Microsoft Teams Rooms
Posted 23-Jun-2020 15:14


Lenovo launches new ThinkPad P Series mobile workstations
Posted 23-Jun-2020 09:17


Lenovo brings Linux certification to ThinkPad and ThinkStation Workstation portfolio
Posted 23-Jun-2020 08:56


Apple introduces new features for iPhone iOS14 and iPadOS 14
Posted 23-Jun-2020 08:28


Apple announces Mac transition to Apple silicon
Posted 23-Jun-2020 08:18


OPPO A72 a top mid-tier smartphone
Posted 19-Jun-2020 18:02


D-Link A/NZ launches new smart AX1500 Wi-Fi 6 Router
Posted 19-Jun-2020 15:03



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.