Commbank makes SMS NetCode mandatory

Mobile two-factor authentication pushed out to all personal banking customers this week

The Commonwealth Bank is expected to push out a two-factor authentication NetCode SMS service to all of its personal banking customers this week.

Until this week, the service — which sends a randomised six digit number to customers’ mobile phones to authenticate certain online transactions — had been running under an opt-in model since its launch five years ago.

According to a Commonwealth Bank spokesperson, the decision to make the NetCode service mandatory for all personal banking customers followed a period of customer consultation.

“NetCode has been developed and enhanced with direct involvement and feedback from CBA customer focus groups,” the spokesperson said.

“CBA takes online customer safety and security seriously, and provides NetCode as an additional layer of security free to all NetBank customers.”

The authentication service is currently used by more than 80 per cent of customers who use the bank’s online service portal, NetBank, with the remainder “encouraged to register” for NetCode.

While the service will become mandatory for “higher risk” transactions, customers who do not possess a mobile phone will not be excluded from activities such as international money transfers and internet shopping.

“CBA customers are able to make alternate arrangements with us if the mobile phone option is not suitable,” the spokesperson said.

In addition to the NetCode measure, the bank has also recently offered a free six-month subscription to McAfee antivirus package to all of its NetBank customers.

The bank is also looking at integrating high assurance digital identities via its October 2009 IdenTrust deal.

“Digital certificate technologies, such as IdenTrust, are being evaluated by CBA as a security mechanism for customers,” the spokesperson said.

The five-year deal was originally signed as means of providing the bank’s business customers with additional security while accessing selected online applications.

Security has not been the only focus of the bank’s IT department in recent weeks. In mid December 2010, a technical glitch prevented Commonwealth Bank customers from accessing their CommBiz and NetBank portals. The bank later attributed the problem to a late running file.

Follow Tim Lohman on Twitter: @tlohman

Follow Computerworld Australia on Twitter: @ComputerworldAU

Tags smssecurityCommonwealth Bank of AustraliaNetCodemobile

More about Commonwealth Bank of AustraliaCommonwealth Bank of AustraliaMcAfeeNetBank

1 Comment

Louis Leahy

1

If CBA are really serious about security they would not be using out of date technologies that have been compromised on numerous occasions. Tokens and certificates will only work if the authentication interface is designed correctly to prevent access to the login credentials. On their own with current authentication they either indentify the customer device or a spoofed version of it is being used but they do not correctly indentify that the actual authorised person is accessing the network.

Comments are now closed

Tails 1.0: A bootable Linux distro that protects your privacy

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]