Commbank makes SMS NetCode mandatory

Mobile two-factor authentication pushed out to all personal banking customers this week

The Commonwealth Bank is expected to push out a two-factor authentication NetCode SMS service to all of its personal banking customers this week.

Until this week, the service — which sends a randomised six digit number to customers’ mobile phones to authenticate certain online transactions — had been running under an opt-in model since its launch five years ago.

According to a Commonwealth Bank spokesperson, the decision to make the NetCode service mandatory for all personal banking customers followed a period of customer consultation.

“NetCode has been developed and enhanced with direct involvement and feedback from CBA customer focus groups,” the spokesperson said.

“CBA takes online customer safety and security seriously, and provides NetCode as an additional layer of security free to all NetBank customers.”

The authentication service is currently used by more than 80 per cent of customers who use the bank’s online service portal, NetBank, with the remainder “encouraged to register” for NetCode.

While the service will become mandatory for “higher risk” transactions, customers who do not possess a mobile phone will not be excluded from activities such as international money transfers and internet shopping.

“CBA customers are able to make alternate arrangements with us if the mobile phone option is not suitable,” the spokesperson said.

In addition to the NetCode measure, the bank has also recently offered a free six-month subscription to McAfee antivirus package to all of its NetBank customers.

The bank is also looking at integrating high assurance digital identities via its October 2009 IdenTrust deal.

“Digital certificate technologies, such as IdenTrust, are being evaluated by CBA as a security mechanism for customers,” the spokesperson said.

The five-year deal was originally signed as means of providing the bank’s business customers with additional security while accessing selected online applications.

Security has not been the only focus of the bank’s IT department in recent weeks. In mid December 2010, a technical glitch prevented Commonwealth Bank customers from accessing their CommBiz and NetBank portals. The bank later attributed the problem to a late running file.

Follow Tim Lohman on Twitter: @tlohman

Follow Computerworld Australia on Twitter: @ComputerworldAU

More about: CBA, Commonwealth Bank, McAfee, NetBank
References show all

Comments

1

Louis Leahy

Tue 11/01/2011 - 16:48

If CBA are really serious about security they would not be using out of date technologies that have been compromised on numerous occasions. Tokens and certificates will only work if the authentication interface is designed correctly to prevent access to the login credentials. On their own with current authentication they either indentify the customer device or a spoofed version of it is being used but they do not correctly indentify that the actual authorised person is accessing the network.

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the Computerworld comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Commonwealth Bank of Australia, mobile, NetCode, security, sms
Whitepapers
All whitepapers
Sign up now to get free exclusive access to reports, research and invitation only events.
Featured Download
/downloads/product/149/dropbox/

Dropbox

Dropbox is a sharing tool that allows you to synchronize your documents, as well share files with others. It automatically uploads the files to the ...

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia