NAB to bring in huge change that will completely transform the way millions of Aussies access their money
One of Australia’s Big Four banks has revealed plans to completely remove internet banking passwords by the end of this decade.
National Australia Bank chief security officer Sandro Bucchianeri said passwords have become “terrible” as scammers and cyber security breaches become more sophisticated.
NAB has already deployed cryptographic keys designed to replace passwords for its digital-only subsidiary Ubank.
The technology is expected to be implemented at NAB within three to five years to replace text passwords.
Tech experts have warned that passwords have become less secure as users often physically write down and use the same weak passwords for numerous services.
This means that information from a cybersecurity breach on an individual website could be used to access and drain bank accounts.
To work around this problem, NAB’s cryptographic keys allow users to authenticate who they are without using a username or password.
Users can use a PIN or biometric signatures, such as a fingerprint or facial recognition technology, to access their account.
National Australia Bank has announced plans to completely remove customers using ‘terrible’ online banking passwords and replace them with cryptographic keys (stock image)
But Mr Bucchianeri said NAB is trying to strike a “very fine balance between security and usability”.
‘If I spend too much on security, the end user will find an easier way – like post-it notes – to try to get in because it’s just too hard and if I make it too easy to use… then I’ll have a compromising security,” he told police Sydney Morning Herald.
Mr Bucchianeri said the bank had significantly improved its ability to thwart the more than 50 million cyber attacks.
While hackers have not yet breached NAB’s security measures, they have been able to gain access to smaller companies used by the bank and gain access to personal information such as phone numbers.
Rather than hacking into a customer’s account directly, scammers often use the information to impersonate a user or a bank to gain access and get away with large amounts of cash.
To address this, the bank teamed up with cyber security firm BioCatch and banks ANZ, Commonwealth Bank, Suncorp Bank and Westpac in November to form the BioCatch Trust.
The company analyzes a user’s behavior and device to identify potentially fraudulent transactions to “mule accounts” where the money is most likely to be laundered.
BioCatch Trust aims to help banks “share information in real time before a payment is made by a customer” and identify and stop suspicious transactions.
NAB said the security measure is aimed at preventing commonly reused passwords from being obtained by scammers through cybersecurity breaches and used to access their bank accounts (stock image)
NAB Executive Group Investigations and former Australian Federal Police Director Chris Sheehan said it is another tool for banks to stop criminals and protect customers.
“Scammers are grubs who will do anything to defraud Australians,” he said at the time.
“While we are seeing losses from customer scams declining, we know more needs to be done to make Australia the toughest country in the world for criminals to steal our money.
“This is a global first and a great example of how Australia is embracing innovation and strategic partnerships to stop criminals.”
NAB has been using BioCatch’s behavioral and biometric technology since early 2020 to detect attempts to impersonate customers or the bank.
Other measures include removing links in unexpected text messages, helping telecom companies prevent banking phone numbers from being impersonated and training contact centers to unravel fraud.
The bank has also halted high-risk transactions, warned customers against payments to new payees and blocked payments to some high-risk cryptocurrency platforms.