CHOICE membership

Discrimination against non mobile users


#41

Or … don’t use a mobile except to make telephone calls! :grinning:

People have become so reliant upon having instant gratification at their fingertips and to a large extent have forgotten that a telephone (mobile or fixed) was designed to talk to people. I don’t feel at all deprived having a mobile that I use for just that. No data, no need for complex precautions - vasectomy vs condom!! The rest I access via computer. Old fashioned? Of course. Secure? Most certainly.


#42

That’s not completely right. Let’s say that you have a proper NBN service (fibre) and so your landline goes away and your phone service will now be provided over the NBN service. However that is not architecturally identical to a traditional VoIP service over the internet. You can even have both at the same time.

Nevertheless your question is correct: How secure is the replacement phone service? Has that been evaluated? Is the information publicly available or are they relying on security by obscurity?

How do the security properties of the replacement phone service compare with those of a traditional phone service (PSTN)? With a VoIP service?


#43

That is somewhat true, but as far as security? VOIP is VOIP at the end of the day regardless of how deployed.


#44

I should have made clear that I was referring only to fibre, where you can use a UNI-V port on the NTD for a phone service i.e. it’s vanilla VoIP as far as I can tell but not necessarily on the internet as such. Exactly how the NTD is designed I don’t know (for example, exactly what kind of traffic isolation occurs and what kind of management security exists I don’t know) - hence the question as to whether any evaluation had been done.

In a classic case of your PC being pwned so your internet banking is pwned, it is reasonable to contemplate that your entire LAN might be pwned, so your VoIP box / router might be pwned, so a second factor that arrives via a phone service implemented via VoIP might not be safe. It could be more secure in the FTTP scenario above.

So, dragging us back to the original issue :slight_smile: , there is some logic to ANZ’s deciding to restrict the second factor to arriving via a mobile service (providing that you are not using their banking app on the same mobile device, in which case the second factor might be a bit pointless).


#45

I have a Rabo account too but only use it for savings. In this case the need for the device is a safeguard against raiding the savings at will. :slight_smile: It is a bit of a pain when you legitimately need to access the funds because as you say, unless you carry it with you all the time (I don’t) you can only do your transfers from one place, in my case at home.


#46

Which is all it is good for, being its only feature unless you are a person of the land with a loan.

unless of course you have the Rabo app on your mobile, but then the discussion becomes recursive :wink:


#47

Not at all. There are certain security features that mobile phones can implement that your home phone cannot. A ‘smart’ bank would require you to use an app or device that generates a pseudo-random key every 30 seconds, which you then provide to the bank to authorise the transfer.

Okay, so let’s step into the time machine. When I was a child my family would go interstate to visit family on holiday. Before leaving, my parents would have to make arrangements with the bank branch to recognise their account with a specific branch in the destination. We would get to the destination, and when they went to the bank to get money out the bank staff would ring the ‘home’ bank to make sure everything was okay and approved.

Did they have to pay a fee? Don’t know, don’t care - I would prefer to pay a small fraction of the transaction cost than have to go through that, but I can even avoid that while making payments all over the world!

Online banking carries certain risks that banking in person does not. Those risks involve the 5 billion other people who also use the Internet - and the tiny fraction of them that might want to get their hands on your money. These risks are not mitigated by phone banking - because it’s easy to hack the phone network now as well, and calls are incredibly inexpensive or my wife would not have reported receiving THIRTEEN pre-recorded calls today telling her our phone was going to be disconnected because NBN.

Mobile phones are not disenfranchising people, they are allowing new ways of transacting that you couldn’t have used twenty years ago. You can still go into the branch.

If it’s a text they’re doing it wrong. SMS can be easily intercepted.


#48

I take your word for it that the system you propose works and is as secure as you say. Is that system in use anywhere? Does the bank in question actually use it? If they don’t it still looks to me like they took the easy way out to the cost of the customer in inconvenience.

Which is less secure single level authentication or two level using a landline?


#49

Yes, it works. Yes, it is extremely secure (as discussed by people who use RSA tokens - there are apps that generate such tokens on your phone). Yes, it is used by many banks but not all - and that is something that needs to be improved.

Single factor authentication is not yet secure - although there is one potential solution coming soon to a computing device near you. What is being discussed is 2FA, with one factor being your password and the other being your phone app. Importantly, that app can only generate the numbers that are needed on that particular phone - if/when you change phones, you need to go through a ‘handover’ process.

Your proposed two factors involve a phone line that can easily be imitated - as shown by the multiple numbers used to ring you about your computer problems, Telstra or the NBN… and as more dramatically shown in the US by the practice of swatting!


#50

A great option yes, but perhaps it shouldn’t be the only technological option. It should be all about finding a balance between customer convenience and security, and that means providing options for those who do not use a smart 'phone. Going into a branch is also not as easy as it once was due to the reducing number of branches.

As an update on my experience with ANZ, they rang me today to discuss alternatives, and suggested that they might have waived their fee for the transfer if I had complained louder (that’s the basic interpretation). They also told me that the mobile option was the only other electronic avenue for my transfer. As I told them, if they could have waived the fee, then they shouldn’t have had it there in the first place; and the only reason they did not have other alternatives was because they choose not to have those alternatives - not because there are none available.

Their attitude was clearly one of total disinterest, and I suspect this is ANZ’s overall philosophy when it comes to priorities. Their recent refusal to pass on the recent interest rate reduction is symptomatic of this fundamental lack of interest in anything but their bottom line.


#51

If they introduced a cryptokey as an option, would you get one?


#52

Probably not. RABO has a random number generator that goes with their accounts and it is a thorough pain in the neck! That’s why I cancelled my account with them. I’m big on the KISS principle, and means not introducing extra appliances (for want of a better word) into the process. I have operated a number of accounts simultaneously in the past, and if each one required its own device I would have had a whole collection of differing gadgets, each with its own peculiarities and each needing to be stored somewhere. When I had a RABO account, my lever arch file always had this extra bulge due to the relatively bulky device that needed to be stored.

My main account operates very simply but with what I regard as good security. Whenever anything untoward happens they contact me to authorise the suspicious transaction. There are also automated processes which monitor transactions if they are in any way unusual.

If I want to transfer large sums of money, they do it over the 'phone and I have done that many times without any issue at all. I don’t need another device, and I don’t need to pay any extra. KISS reigns supreme! :grinning:


#53

It appears you have the solution you require!

I’ve been remote banking since 1990, and have done so with four different banks since.
These have included private and business banking services.
I’m happy my bank will not transfer money over the phone!
Hopefully we have all learned from this. I have. :smiley:


#54

How so? The ANZ does not allow 'phone authorised banking.


#55

I must be missing something then?

I don’t disagree with your point of view. The ANZ did not listen with any greater interest to me in the past. I have made alternate decisions to minimise the inconvenience. And given what can go wrong with larger transactions I prioritise certainty over convenience. That’s my preference.

Why continue to use the ANZ if it does not deliver what you need when you have another bank that does deliver. AFAIK there is no law that compels use of the ANZ in preference to any other?

Choice encourages consumers to exercise the right to walk and choose a different bank. Even the government encourages us to shop around for financial services, and if I could find the right sound bites from the recent history of our current Prime Minister, he has also encouraged the same.

Over the past decade having made numerous financial transactions, while being on the hop and often in the more remote parts of Australia and OS, I agree there are limitations depending on which bank.

As you have said about the ANZ,


#56

Agreed. Or why doesn’t the bank send you a SecurID if you don’t have a mobile option. Comm Bank did that for me previously when I was living in a mobile dead-spot. A former colleague of mine is still using the SecurID that Comm Bank sent to him at no charge.


#57

Sadly I am locked into the ANZ due to the fact that my account there is a part of my SMSF management structure. This doesn’t mean that I have to keep too much in the account, but it does require me to to use the ANZ as a central account for channeling funds in and out. Otherwise I’d be out of there like a shot!

As I say, it’s only an annual problem rather than an ongoing one - but it’s irritating nonetheless given that there are ways in which the bank could be more accommodating.


#58

Why indeed. Some banks are focused on customer care - some less so. ANZ falls into the latter category. :confused:


#59

Hi boblorel
I agree with your concern that the banks are imposing technological necessities they claim is to “increase security” but in reality it is to make it simpler for themselves. Into this you can add lots of other institutions relying on mobile phones and internet to complete transactions with them.
As an example, I receive a Centrelink Pension and need to log in each fortnight to report income. Each time I log in it is suggested I use my mobile to receive a code “to increase security”, I refuse to do this because a few years back I was in a location without mobile coverage, although I did have internet. I was unable to log in to the site because I could not access the code, I could even phone to make my report! So, I changed my access and only use the “less secure” method of answering “secret” questions!
Also, like yourself, there are still many people who do not have mobile phones. They are from a broad spectrum of people, including people who cannot afford them, people with disability, older people who are not interested and those who simply live in areas with NO mobile coverage!!

This is an example of technology being imposed without consideration of its impact on certain groups of people.
Time for the reintroduction of simple, person to person processes so we stop alienating and disenfranchising groups within our society!


#60

All banks are focused on shareholder return - the only way anything else comes into focus is if it supports the primary focus, shareholder return … that is not always a bad thing necessarily, but it is the care-factor chain of custody …