Internet Security

Post notices here which are relevant to IPRA nationally.
Member Read/Write

Moderator: Moderators

User avatar
rdmdog
forum freak
Posts: 1060
Joined: Mon Mar 31, 2003 5:59 pm
Location:
Location: Melbourne, for a little while, Australia

Post by rdmdog » Sat Dec 08, 2007 8:47 pm

Yeah I can see the advantage, but you wouldn't believe how many of my mates couldn't use their Commbank/NAB/Wespac etc web banking while we were at the big beach for various reasons (eg, no mobile phone allowed there!!). You wouldn't believe how many tough Army guys on Operations want to send their wife flowers. SOFT!!

I did let them use mine with a trade for some greenbacks at the time though!!

Oh yeah, they do deserve a wrap, as they called me within an hour of the withdrawal, and had it sorted soon after (blocked net banking, new password issued). They could have left it for me to find and then chase automated service operators to have it looked at when I did get through!

User avatar
AnotherDatto
forum freak
Posts: 1613
Joined: Thu Nov 11, 2004 9:01 pm
Location:
Location: Shepparton, Victoria

Post by AnotherDatto » Sun Dec 09, 2007 8:48 am

I have a suspicion the Adelaide Bank/Bendigo Bank merger got bounced, but dont quote me.

I can definitely speak positively for the Bendigo Bank, though. They've given a couple of smaller towns around my way no end of help in setting up Community bank branches when the big guys decided they were more focused on the almighty dollar and shut the local branches...
Pistons and Carbies forever. Go Old School!

Shane001
forum freak
Posts: 1344
Joined: Mon Jul 09, 2007 1:52 am
Location:
Location: Sydney

Post by Shane001 » Sun Dec 09, 2007 10:29 am

rdmdog wrote: Oh yeah, they do deserve a wrap, as they called me within an hour of the withdrawal, and had it sorted soon after (blocked net banking, new password issued). They could have left it for me to find and then chase automated service operators to have it looked at when I did get through!
Yeah, that's pretty awesome service, I'd reckon half the big banks would wait till you notified them :evil:

smitha
one foot in the grave
Posts: 524
Joined: Tue Apr 08, 2003 6:58 pm
Location:
Location: Sydney

Re: Internet Security

Post by smitha » Thu Jan 24, 2008 12:15 pm

We were pretty happy with Westpac when they contacted us within ours of our Visa being used in Europe. Which was automatically flagged in their system....which is a good idea. Not big bad scary internet related...but still.
Al Smith IPRANSW

User avatar
madazmotorsport
old timer
Posts: 391
Joined: Thu Aug 07, 2003 7:13 pm
Location:
Location: Perth, WA
Contact:

Re:

Post by madazmotorsport » Fri Jan 25, 2008 10:55 am

Shane001 wrote: Better to look for a bank that has better security in the first place. IMO the sms system of the NAB and several others is pretty hard to beat. You cannot transfer money out of your account without your mobile phone.
Sounds like the NAB and some other banks have taken out shares in telstra :lol:
Still plenty of ppl around (myself included) that don't have mobile phones (nor want them!). So this idea won't work for everyone.
Personally I find this more along the lines of a commercial company using its customers to overcome its own poorly designed internal infrastructure.
Madaz Motorsport - 2007 IPRAWA Outright Club Champ
2007 WASCC IPRA Over 2000cc Club Champ
Image
Website: http://madazmotorsport.bravehost.com
IPRAWA : http://www.iprawa.com

Shane001
forum freak
Posts: 1344
Joined: Mon Jul 09, 2007 1:52 am
Location:
Location: Sydney

Re: Internet Security

Post by Shane001 » Fri Jan 25, 2008 1:30 pm

Actually, this is an optional service, and you only use this when transferring funds out of your accounts to someone elses, which is also an optional service, which you can only enable by going into a branch and providing identification.

And as far as their infrastructure goes, Internet security is not about stopping people accessing your computers, it's about making it as difficult as possible. Banks spend millions on their internet security, NASA & the likes of the US DOD spend lots more, and they still get hacked. Anything that is built can be unbuilt, just depends how many resources you can throw at it.

What this mobile phone sms option gives you is what's called 2 factor authentication. To transfer funds out of your bank account requires something you know (password) and something you have (mobile phone). It's pretty easy to steal your password over the net if your computer isn't secure, but much more difficult to also steal your mobile phone. Other forms include biometrics (but how many people are going to want to pay for a fingerprint reader or eyeball scanner), tokens (again who's going to pay for them). For most people a mobile phone is the simplest and most convenient form of 2 factor authentication available, since most people have one (what century did you say u lived in, hehe), and provides a very secure method of authenticating a funds transfer to an external account. And you don't pay for the SMS (well, it's probably built into the fees somewhere I guess...)

Anyone who is using Internet banking to transfer funds to external accounts without some form of 2 factor authentication like this is seriously risking financial loss. The "attack surface" is simply too high, ie too many points that your security could be compromised when using passwords alone.

User avatar
AnotherDatto
forum freak
Posts: 1613
Joined: Thu Nov 11, 2004 9:01 pm
Location:
Location: Shepparton, Victoria

Re: Internet Security

Post by AnotherDatto » Fri Jan 25, 2008 1:34 pm

I only have a mobile phone cause work made me have one and gave it to me. I hate the bloody things with a passion.
Pistons and Carbies forever. Go Old School!

gman
one foot in the grave
Posts: 903
Joined: Thu Jul 24, 2008 1:20 pm
Location: NSW Central Coast & Hong Kong
Location: NSW Central Coast & Hong Kong

Re: Internet Security

Post by gman » Mon Sep 29, 2008 6:23 pm

Try living with a work Blackberry (I now know why they are called ("Crack"- Berry's) AND a 2nd work provided mobile phone!!!

HSBC in HK provided me with a token for my bank account which you need to use to log in and send funds to any account other than those that are your own HSBC accounts that you nominate at the bank when you open the account.

You can also opt into a token / sms verification / scrambled screen password system where you need all of the above for a transfer. This is what I use for all the reasons noted previously. So its a password and token to log in. Then a screen password, SMS verification and token password to send funds. Can be a pain but worth while in the end...
Never approach a Bull from the front, a Horse from the back, or an Idiot from any direction

Post Reply