The effective disinclination of the telcos to do more than lip service (as it appears) is breathtaking.
We bank with Suncorp and use their RSA token as second level of security.
It is however optional for their customers with online/mobile access as there is a cost to customers ($20 every -4-5 years). We opted in as it provides some piece of mind.
There is a risk of tokens being stolen, but this risk is potentially low compared to the ease of illegal porting.
I wonder why other banks haven’t adopted similar security systems and rely on text messages for second level verification, when texts have proven not to be secure.
CBA do have a device but it is usually for business customers, but non business can access it. Why do they use text, mostly because customers want an “easy to use and respond to” type system that is not as secure as a separate device but is more secure than just a password/pin entry to access accounts.
The RSA tokens attach to a key ring (about the same size as a key but thicker like a electronic car key. If one has keys on ones pocket, it would be just as convenient as receiving a text but potentially a lot more secure.
5 We’ve used the Suncorp devices for nearly five years now. Worth the small cost and reliable.
There are plenty of other banks that offer similar devices. HSBC is one.
I first used one of these devices with Citibank in 2001! It’s not new.
Some banks eg ANZ? may offer a security code generating device but only to really important customers.