‘Convenience is at odds with security’: Why it’s going to be slower – and safer – to access your money

1 day ago 3

Australians are set for slower but more secure online banking as the country’s biggest banks roll out multifactor authentication to prevent customers falling victim to scams and fraud.

It’s estimated Australian banks spend hundreds of millions of dollars on cybersecurity, employing everything from facial or voice recognition to fingerprints, SMS codes and authenticator apps to verify users’ identity.

But payments expert Mike Ebstein said the banks had been “slow out of the blocks on digital security”.

Commonwealth Bank is introducing two-factor authentication for desktop banking.

“Australia is way behind in all this stuff,” banking and payments consultant Grant Halverson agreed.

Halverson said two-factor authentication, which has been used overseas for between five and 10 years, was like having a fire extinguisher at home. “Does it stop the fire? No. Does it put it out? Possibly,” he said.

In the coming months, Australia’s biggest bank, Commonwealth, will force customers using a computer and who have the bank’s app to confirm their identity every time via the app. This means thieves would need more than a username and password to access an account. However, customers without the app will not have two-factor authentication.

Westpac, National Australia Bank and ANZ also require multifactor authentication, although not for every logon. According to the Australian Community Attitudes to Privacy Survey 2023, some 43 per cent of people use multifactor authentication when it’s available.

The Australian Banking Association said the country’s banks were world leaders in security.

It said multifactor authentication was “just one of the many tools used to verify identity and safety accounts”, alongside shared scam intelligence, limits on high-risk payment channels, payment delays and security questions.

The growth in multifactor authentication is set to pressure other financial institutions, such as superannuation funds, to beef up their security.

“I’m staggered that super funds don’t have it,” said Halverson.

Lance Blockley, managing director of payments consulting firm the Initiatives Group, said the growth would force others to follow.

“The problem you’ve got is consumers over the past 10 years have all wanted convenience, and convenience is at odds with security in most instances,” he said.

“There’s a need to insert friction into some transactions just so there’s time to check who’s who in the zoo.”

Blockley said the rise of multifactor authentication would also benefit elderly customers who had shared their banking details with someone they trust. “This will alert them to someone accessing that account,” he said.

Australians lost $119 million to scams – where the victim approves the transaction – in the first four months of this year. That is up 28 per cent year on year, said the National Anti-Scam Centre, which is run by the competition regular. In 2024, Australians lost $2 billion to scams, down 26 per cent on the previous year.

Meanwhile, card-related fraud losses – when someone steals a person’s credentials and makes payments without their authorisation — rose to $868 million last financial year, from $677.5 million the year before.

One in five Australians have fallen victim to banking fraud, while one in four know someone affected by it, according to a study by financial services market research firm RFI Global.

NAB intends to phase out passwords for internet banking within five years, replacing them with passkeys and fingerprint or facial recognition technology.

This year, ANZ customers will be able to access their web banking through two authentication methods: either by using a passkey, which could be their fingerprint, face or mobile device PIN, or by entering their mobile number and approving a login request sent to their ANZ app.

Halverson said cybersecurity was an essential part of bank business. “You’re actually saving money – if you can reduce fraud, you’re actually reducing people contacting you. But you’ve got to be pre-emptive in your outlook.

“The growth of AI agents and AI in general is going to open up a whole new area for financial fraud and privacy fraud and also individual loss of identity.”