Currently, 3.8 million customers are enrolled to use the Bank's NetCode token device or SMS service for existing on-line banking activities and all will be automatically enrolled to use the same token method to verify their eCommerce transactions.
In the case of the SMS service, a one-time code will be sent to the previously nominated mobile phone; that code must be provided as part of the transaction within 30 seconds. The token device, familiar to many millions of Australian online banking users will provide the authorization code whenever the button is pressed.
"Alongside greater peace of mind when shopping online and an additional layer of security in identifying a transaction is taking place by the genuine cardholder, the major advantages of NetCode is that it is not a static password and customers don't have to remember additional passwords," said John Geurts, Executive General Manager Group Security at Commonwealth Bank
Commonwealth bank customers may find further information here.
Out-of-band verification techniques are a good step towards stopping cyber criminals using your credit card, but they are not completely immune to attack. But as one wise sage noted when chased by a tiger, "I don't have to out-run the tiger, I only have to out-run other potential victims."
Thus it is with this level of security - it doesn't have to be perfect, just noticeably better than other methods.