CHOICE membership

Discrimination against non mobile users


#21

That might explain why the ANZ has been keen to close many of it’s rural and regional branches in QLD. Customers going elsewhere?

At least when the CBA was in Government hands there was a high level of assurance you could access banking services in any town big enough to have a post office.

Teleportation can’t come soon enough so that no one ever needs to live outside a big city.
That assumes you only require to be delivered within range of a Telstra Rural teleportation tower. :laughing:


#22

I don’t know exactly how this ‘shield’ works but my guess is that at some time you will be sent a text to your mobile with a code to be entered into the banking app. Please correct me if I am wrong.

If this is the case it just confirms the laziness of the bank. Texting is cheap and easy, it provides a saved record so that you can’t forget the code and the fact that it is stored in a non secure place is neither here nor there because it only unlocks one transaction and has a limited lifespan so you need access to the transaction and the code together within a limited period.

The same facility can be provided for a landline via an automated phone call where a bot speaks the code to you. If you have the wit to write it down as it is spoken and then replay it to check your work it is the same as getting a text. Apparently this bank couldn’t be bothered implementing this option.


#23

This brings up another irritation that I hadn’t mentioned before. ANZ has one of those telephone systems that requires you to speak your problem rather than selecting from a menu. Unless you have clear diction you end up in this idiotic exchange with a machine which says “Did you say you wanted to write a cheque?” to which the answer is “No, I wanted to ring your neck!”. I loathe those systems as well - a menu system is precise and easy.


#24

Classic.

image


#25

Diction is fiction for those of us with ‘un-Australian’ accents! When I ring my US bank the automated operator system is tedious but quite brilliant in implementation, asks far too many questions but eventually gets one there. By experiment I discovered one can ask for a human early on and it will transfer after only a brief attempt to circumvent the ask.

I haven’t had a chance to try that one with an ‘un-American’ accent though. In these days of us citizens of the world and when 25% of Australians were born ‘not here’, being accent sensitive seems a basic condition prior to deploying voice anything, but it seems the concept is too hard.


#26

And in return many of the organisations we seek service from expect us to be capable and diligently cope with accents we may have little regular experience with. And all too often over a heavily compressed VOIP service!

Most accents common on our TV, or used locally, including mixed up phrasing and grammar I can reliably follow, and accept as part of being Australian.

Back in the early 90’s, that’s the 1990’s the Commonwealth Bank pre internet banking used a direct dial in services to one of the banks computers. It may have been a 300/75baud connection if that helps reactivate the memory cells.

The bank mailed out a prepackaged set of user security codes, one per transaction you crossed off as used. That was on top of using your unique non guessable user account ID and password. No https, but the connection was not shared over the internet. It was only shared with those who could physically tap the line with a suitable modem and PC to listen in!

Have we really made progress? That internet banking connections are not charged as a long distance phone call by 30 second increments, perhaps?


#27

I disagree about the Suncorp stick being easy to use.
We use suncorp as our business bank. Thy are now no longer in Western Australia and so all our banking is done via the post office. The security logger is an annoying addition. Because we work in remote areas, where we often have poor or no mobile reception, using an app on our phones is not possible. Additionally, if our phones are stolen (probability goes up in some areas we work) the responsibility is then ours.
A similar code generator is given to us by our New Zealand bank, but in this case, only required if amounts above a certain amount are transferred.
In the case of Suncorp, it is when I log in and then when I transfer money, in some cases. On a business account, this is soooo annoying, as I am trying to pay bills and often simply want to check if a client has transferred money so that their order can be processed. The extra layer of security is beyond annoying. We are going to be changing our bank soon.


#28

My bank has the option of code device or using app on my phone. I use the device because i go overseas. It is a bit of a hassle - but not as much as being robbed


#29

I should have mentioned that at this stage for personal banking, using the RSA token for online banking is voluntary and one can chose if they wish to have the second level of security.

If you don’t like the second level of security, have you approached Suncorp to see if it can be removed from your Business banking account. The Suncorp website indicated that one can request it be deactivated.

The same applies to credit cards. If one’s credit card is stolen, and one delays the time to report the card as being stolen, then one may be responsible for transactions until the cards are reported stolen and cancelled by the bank.

From looking that the Suncorp website. the same applies for a mobile used for internet banking…one is required to report the theif/loss as soon as it is identified.

I would find it annoying having to wait for a text message (if I had a mobile) with a code to use for online banking…to verify the transaction. This would be problematic especially if you do work or live in an area which has flaky mobile coverage as this may be far more restricting that using a RSA token.

The texting code process used by many other banks is similar to the RSA token…just that the code is received by the phone rather than that displayed on the token.

I also don’t do banking on a mobile device as I don’t want to be subject to added risks (e.g. being on a open network when travelling and hoping that the transaction/bank communication is 100% secure.


#30

We actually told Suncorp we did not want the token. We were given no choice. No payments above something like $100.00 were allowed to be processed, unless we took the token. I can’t remember the exact amount. We were stuck trying to pay suppliers and the bank had sent us letters advising that we had no choice. I spent 2 hours on the phone politely and then angrily and since we had to pay our suppliers, submitted.
It was not a choice I made and it cannot be rescinded. Suncorp refused to do so. I researched all of our options at the time. It was only at the beginning of February I was forced into this.
We are stuck with limited options, as we have to process medicare payments and medicare only accepts particular banks, with whom they have agreements. So I have to do the research all over again. Which means at least a full afternoon of not doing anything else, which actually pays the bills.


#31

The maximum without token is $3000 per day as one or multiple transactions.

There used to be a special ETP (External Transfer Password) which Suncorp provided to verify external transactions but this was removed earlier this year in favour of using the token for transactions.

You can also increase the $3000 per day limit online, but this needs token for verifying the change.

Do you have the RSA token that looks like this…

image

or are you using the Suncorp token app…

We use the hardware RSA token (photo above) and not the app. I can see the disadvantages of using the app especially in flaky mobile reception areas (and if one doesn’t have a mobile) and requires mobile internet connectivity when doing online banking.

If you are using the app, maybe contact Suncorp and say it does not suit you needs (give them the problems you are having) and ask if you can migrate to the hardware RSA token. You might find it easier to use. The Suncorp website states:

"If you wish to deregister from the Suncorp Secured App, please contact us on 13 11 55. Deleting the Suncorp Secured App from your device will not deregister you as a token user.

Note: If you no longer have a Security Token enabled, default daily limits will apply when Suncorp Secured App is deregistered."

so it should be possible.


#32

Or requires the transfer to be carried out over several days (which has already been acknowledged as a workaround).

A lot of the time, if taking a few days to do it is a problem then that will reflect lack of planning on the part of the customer. If this is something that is done once a year, every year, at the same time of year then it is possible to plan for the fact that it will take 3 days.

I too have been in the situation of having to carry out multiple transactions (business day after business day), and have had that situation with lots of different banks. However I accept that having a transaction limit is a good thing, that protects me, and I am happy to have the occasional hassle of doing multiple transactions.

In passing I note that the transaction limit is bypassed when paying your tax. :slight_smile:

Doing 2FA via mobile is not all it’s cracked up to be. There have been documented cases of successful fraud where the mobile number itself has been compromised.

Cryptotoken technology (such as you use) is potentially a more secure solution. Getting the infrastructure in place on the server side is not a 5 minute job though - so if complaining to the bank asking for support of that technology, it won’t yield instant results (if at all - and I predict most banks would ignore such a request by a customer). We wouldn’t want the implementation to be rushed and for them to stuff up and make it less secure rather than more secure.

At one time ANZ distributed USB-connected chip card readers for home use i.e. you can do the transaction at home but with the same level of security as if your card were being presented (to an ATM / in a branch / in an EFTPOS terminal). I suspect that that is no longer offered.??


#33

How does it work though? Is it secure?

In the age of internet banking, the whole point of 2FA is that the second factor must be independent of your computer - hence why many organisations (not just banks) are using your mobile phone as the second factor (assuming that you are not doing your transaction on the mobile phone itself in the first place).


#34

“Can be” and is (at other banks). In fact I prefer that because, unlike a mobile phone, my landline is unlikely to catch a virus. :slight_smile:


#35

This is a key factor in my thinking when evaluating anything requiring a mobile 'phone. It adds a new layer of vulnerability - another target for hacking and invasive attempts to separate me from my money.
Making a mobile part of the chain, whether it be for banking or shopping or whatever, just make me more exposed (in my view). Mobiles are easy to lose, easy to steal and making them an essential part of my defenses isn’t something I’m comfortable with.


#36

It is secure. It needs another device, not necessarily a phone. I use my iPad. It is an app that generates the code on you device and it is matched automatically by the bank. I can do my banking on the computer and if I need 2FA (just realised the pun!) I use my iPad.


#37

In the context of the original complaint, I don’t think any app is going to cut it. It works for you - which is fine.


#38

All very well if you have cover! CWB and Bendigo have gadgets that produce random numbers for logging in. I have intermittent cover (at last) so I still use that method. Other organisations use landlines so why can’t ANZ? Why is a mobile more secure than a landline?


#39

In the world of Apple and biometrics, very secure if the user reliably follows good practice. Don’t leave the phone unlocked, have a short inactive to auto lock time delay, only save passwords using a secure container app, always use a complex difficult to guess master password, etc etc. It is also possible for the bank to lock or verify access of a service to a single device as a final security measure.

The exception remains the unknown whether by govt action or others. Even landlines are now largely going to be handled via VOIP over the internet. How secure is a VOIP service? 100% until the first reveal of a hidden feature, or coding bug/error.

Loosing your mobile may be inconvenient, however it does not need to automatically lead to other losses.

I guess the choice here is about ANZ which is not going to change how it functions. And neither are many of the competitors. We have one local store where mobile reception (no internet available) is unreliable. It makes paying by card or electronically over the counter equally frustrating. The problem belongs to the store, not the bank is a fact if unacceptably poor resolution.


#40

It is increasingly going to be worse than having your wallet stolen or lost with credit cards, driver license and everything else. Those who have had the experience once and sometimes more than once know the time between the loss and replacements can be Very Trying. Try getting cash for an example, bank dependent.

Our banks will replace cards in 5-7 business days. I needed a replacement card from my US bank and reported it Friday AEST and had the replacement in Melbourne on Monday morning. If I had been in the US it would have come Saturday. I had to get a new card from Westpac a few years ago (because of their error) and it was 5 business days sans card. I and the partner keep multiple cards from multiple banks, just in case, but if it is all on a mobile?

Things can go swimmingly when everything is working right, but introduce an anomaly and you find out how good it really is, or is not.