Australia's third-largest retail institution confirmed this week that, from the first half of 2008, it would substantially upgrade its internet banking system for business customers, including small to medium businesses. A key feature the bank is considering is so-called "two-factor" authentication, a system where customers are required to enter single-use passwords to log into their account or authorise transactions.
The passwords are typically generated by a hand-held device or sent in a text message to a customer's mobile phone, although ANZ has not given any indication of what system it is planning to use.
The technology is credited with blocking substantial amounts of internet banking fraud over the past few years, although security experts have warned it is not a completely fail-safe solution due to the potential for hackers to sit in the middle of a customer's internet connection with their bank.
"The two-factor security system will give business and small business customers the opportunity to make higher daily payments," said the spokeswoman. "We currently have 130 customers piloting the system and their level of satisfaction is very high."
If ANZ goes ahead with the two-factor authentication system it will likely be the last of the four-pillar institutions to offer the technology to customers; rivals such as Westpac Banking Corp, Commonwealth Bank of Australia and National Australia Bank have offered similar services for a number of years and hundreds of thousands of customers are already using the two-factor authentication.
The Australian Financial Review revealed earlier this week that St George Bank would in the next few months force its millions of customers to use a new two-factor authentication system for what the bank deems risky transactions.
ANZ has had the ability to deliver the two-factor authentication option for at least a year, and has conducted pilots of the technology. However it has not chosen to activate the technology, preferring instead to focus on less visible technologies such as background fraud detection systems.
The bank's E*Trade online stockbroker subsidiary uses a dual-password system to provide additional security. However it has stopped short of using two-factor authentication.
The bank was not immediately able to comment on whether it had any plans to extend the two-factor trial into the consumer segment of its customer base.
However it may come under pressure to do so in future, with even low-cost recent market entrants such as Raboplus, the online direct banking arm of Dutch institution Rabobank, offering its customers two-factor authentication.
© Fairfax Business Media
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.