Australian Bank to offer internet banking security via SMS passwords
National Australia Bank to offer SMS password protection.
By Rachel Lebihan – Australian Financial Review – March 11 2005
The National Australia Bank will be the first Australian bank to offer an SMS-password security service to all its internet-banking customers as it winds up a trial of the technology.
The bank confirmed yesterday that the service will be introduced gradually to its entire net-banking customer base of about 250,000 over the next few months following a pilot that attracted 500 staff and customers.
The SMS service adds a second layer of security to internet banking by sending a random password to the customer’s mobile phone, which is used by the bank to authenticate bill payments and bank transfers.
Customers log on to internet banking with their normal password but, rather than re-entering that same password to make a payment, which is the current procedure, they enter the SMS-generated password.
NAB’s head of channel solutions, Ean Van Vuuren, said one of the main objectives of the trial was to ensure that the service did not slow down the internet banking process for customers.
He said the trial had shown that SMS passwords could be generated in “fractions of a second”.
“We’re very, very happy about the speed of response,” Mr Van Vuuren said. “We didn’t want to slow down speed of service; so far that’s looking very good.”
But one of the issues highlighted by the trial was the need to change the registration process, which originally required participants to download a form from the bank’s website, fill it in, and take it to a branch so that their identity could be verified before registration.
The process has been changed so that customers do not have to go to a branch at all.
They now fill out and submit an electronic form online, and are contacted by telephone to have their identity verified and their registration processed.
When asked if the bank had encountered problems such as mobile-phone coverage or slowness of SMS messages getting through to customers, Mr Van Vuuren said, “Not really, not yet.”
But he said the bank was trying to provide flexibility if a customer’s mobile-phone service was not available, or if the phone battery was flat.
In such circumstances, customers could use an automated call-centre service to have the authentication service temporarily switched off, he said.
“We’ve tried to make it as convenient and flexible as possible,” Mr Van Vuuren said. “We’ve got to trade that off against the minority of people who do not have a mobile phone.”
Mr Van Vuuren said it was difficult to forecast the level of take-up for the service, and he was unwilling to discuss how much it was costing the bank to send SMS messages to hundreds of customers.
“At the end of the day, we’re trading that off against the risk the bank is carrying,” Mr
Van Vuuren said.
“If there is fraud on a customer account, the bank is carrying that risk. It’s almost like self-insuring against that cost.”
The service will remain optional for customers who want an extra level of security, Mr Van Vuuren said