X
Tech

SMS security for NetBank users

Commonwealth Bank online banking customers can request SMS or token-based two-factor authentication to improve the security of their accounts, the bank has announced.The free service, open to the bank's 2.
Written by Steven Deare, Contributor

Commonwealth Bank online banking customers can request SMS or token-based two-factor authentication to improve the security of their accounts, the bank has announced.

The free service, open to the bank's 2.3 million online retail (NetBank) customers, launched last week after customer trials.

Under the SMS authentication model, customers logging in to their account receive a one-time code on their mobile phone which must be used for access.

Commonwealth Bank e-commerce general manager Marcus Judge told ZDNet Australia this morning most of the SMS security solution was built in-house. The bank uses Telstra's SMS gateway.

Customers can also opt for token-based authentication. The bank is using tokens from Vasco, which are also used by the regional Bendigo Bank. Around 30,000 customers trialled the technology last month. The tokens display a unique code every 30 seconds which must be entered for account access.

Judge said the SMS authentication was the easier of the two to use, as unlike the tokens, it was not required for all transactions. "With SMS we only apply the code on certain transactions," he said.

"For instance, it might be when you pay someone for the first time. "So some of our less active customers might only need to use it every few months," he said.

Despite the increase in security measures, Judge said fraudulent activity on online banking accounts at the bank had actually fallen recently.

This could be attributed to the rollout of its Hawkeye transaction monitoring system and selective payment delays put in place last year, according to Judge. Hawkeye is a back-end system that is designed to detect unusual behaviour and alert the customer that there might be a problem, he said at the time.

"They've been quite successful in helping keep [fraud] low," he said. "People are wanting more security. This is more about us saying to people, 'It's OK, we're giving you more security'."

Judge would not reveal the cost of the bank's two-factor authentication set-up.

Customers would be notified of the new service by mail and can register online, according to a bank spokesperson.

Editorial standards