Commonwealth Bank moves to protect customers' (online) bacon

David Heath
Monday, 30 August 2010 15:06

Business IT - Security

The Commonwealth Bank has announced additional security measures to protect online purchases by its customers.  As well as extending the use of secure token support to approved eCommerce sites, the Bank has also instigated an out-of-band payment approval process.

Commonwealth Bank customers shopping at any eCommerce site displaying the MasterCard SecureCode or Verified by Visa logos will now be requested to offer an additional security code to verify the transaction.

Currently, 3.8 million customers are enrolled to use the Bank's NetCode token device or SMS service for existing on-line banking activities and all will be automatically enrolled to use the same token method to verify their eCommerce transactions. 

In the case of the SMS service, a one-time code will be sent to the previously nominated mobile phone; that code must be provided as part of the transaction within 30 seconds.  The token device, familiar to many millions of Australian online banking users will provide the authorization code whenever the button is pressed.

"Alongside greater peace of mind when shopping online and an additional layer of security in identifying a transaction is taking place by the genuine cardholder, the major advantages of NetCode is that it is not a static password and customers don't have to remember additional passwords," said John Geurts, Executive General Manager Group Security at Commonwealth Bank

Commonwealth bank customers may find further information here.

Out-of-band verification techniques are a good step towards stopping cyber criminals using your credit card, but they are not completely immune to attack.  But as one wise sage noted when chased by a tiger, "I don't have to out-run the tiger, I only have to out-run other potential victims."

Thus it is with this level of security - it doesn't have to be perfect, just noticeably better than other methods.