Bank scams security

[nztx]

Call the Hawk old school, but all banking & email stuff doesn't hit the mobile phone ..

[RTM]

Yes, I like the 2 Factor approach,
My primary bank is BNZ. While I can and do have two factor switched on on web based (PC) access,
on iPad and iPhone it is not available.

Or am I not correct ?

[justakiwi]

I don't bank with BNZ so can't answer that, but you can set up biometric login on your iPhone (and presumably your iPad);

Setting up Touch ID or Face ID on compatible devices

1. Log in to the BNZ app.
2. From the main screen, tap the Menu icon (three horizontal lines) in the top-left corner.
3. Tap Settings then under Security, select either Touch ID or Face ID.
4. Tap the (Touch ID or Face ID) button to turn on or off.

There really is nothing that provides greater security than biometric log in.

Yes, I like the 2 Factor approach,
My primary bank is BNZ. While I can and do have two factor switched on on web based (PC) access,
on iPad and iPhone it is not available.

Or am I not correct ?

[RTM]

Update
Yes…when logging in cancelling the biometric allows either Password or a PIN to be used.
So…not as secure as one would hope.
Didn’t see anywhere to turn that off…but may have missed it.
I recall I emailed BNZ about this a while ago. Got a response confirming I was correct….doesn’t seem anything has changed.

Again….more than happy to be corrected if there is a setting I have missed.


——————
Thanks…and yes…I have those set up already.
But my impression is that this would still allow normal username /password access as well.
Will check.

As an aside…it’s a bit worrying when one wakens in the morning and the iPhone won’t recognise you,
Oh dear !

[justakiwi]

Yeah, you are correct. Not sure if this will make you feel any better, but I found this info on the BNZ site;

Secure tokens

A secure token is created on your device when you first set up the BNZ app. This lets us know that it’s you using it and not someone else.

Update
Yes…when logging in cancelling the biometric allows either Password or a PIN to be used.
So…not as secure as one would hope.
Didn’t see anywhere to turn that off…but may have missed it.
I recall I emailed BNZ about this a while ago. Got a response confirming I was correct….doesn’t seem anything has changed.

Again….more than happy to be corrected if there is a setting I have missed.


——————
Thanks…and yes…I have those set up already.
But my impression is that this would still allow normal username /password access as well.
Will check.

As an aside…it’s a bit worrying when one wakens in the morning and the iPhone won’t recognise you,
Oh dear !

[clip]

Update
Yes…when logging in cancelling the biometric allows either Password or a PIN to be used.
So…not as secure as one would hope.
Didn’t see anywhere to turn that off…but may have missed it.
I recall I emailed BNZ about this a while ago. Got a response confirming I was correct….doesn’t seem anything has changed.

Again….more than happy to be corrected if there is a setting I have missed.


——————
Thanks…and yes…I have those set up already.
But my impression is that this would still allow normal username /password access as well.
Will check.

As an aside…it’s a bit worrying when one wakens in the morning and the iPhone won’t recognise you,
Oh dear !

I think you are right that the mobile app doesn't support 2fa - the assumption being, if somebody has your phone and opens the BNZ app, if it sends you a text message they will have that anyway as they have your phone

[RTM]

I think you are right that the mobile app doesn't support 2fa - the assumption being, if somebody has your phone and opens the BNZ app, if it sends you a text message they will have that anyway as they have your phone

Just back from Matauri Bay...awesome body boarding.

Yes...I agree. But they might have dreamed up other ways to give an element of 2FA.
Or allow you to turn off the normal password or Pin access and just use the Biometric.
This would be my preferred option.

[clip]

Just back from Matauri Bay...awesome body boarding.

Yes...I agree. But they might have dreamed up other ways to give an element of 2FA.
Or allow you to turn off the normal password or Pin access and just use the Biometric.
This would be my preferred option.

It would be more secure to turn off the pin option, and use a very good password. Better to use something long, and made of multiple words, at least 16 characters. Instead of a word followed by a couple of numbers and a special character

[warthog]

Approaching retirement I am concerned about recent media coverage of increasingly sophisticated scamming depriving people of their savings. Is online banking becoming too risky for large amounts of cash . If so what alternatives are there?Public Trust used to have on call and term deposit accounts which were government guaranteed and not able to be accessed online. However this facility was closed several years ago. Any ideas advice would be gratefully received

The hog hastens to add, never, ever click on a link in an email from anyone who represents themselves as a bank, broker, etc. Always navigate to the website yourself.

When I drew it to the attention of the security team of one of NZ's big banks that they regularly send emails to customers with links, thereby training their own customers to break their own suggestions about not clicking on links in email, they said "We've raised this with the marketing people at the bank but they are a law unto themselves, don't care, and have support from above…"

[676767]

Wife and I are retired.
My only worry is online merchants when using my Credit card and giving them the number on the back of my card.
I do a lot of shopping on line and never had any issues.
I have rates,and insurances direct debited,and pay other accounts online.Again never any issues..

I use WISE a lot for currency conversion, but another helpful feature I've started to use are their "Digital Credit Cards".
From within their application you can generate a new credit card, make your payment, then destroy the card.
Makes me much more comfortable when buying things online especially on international sites.

It would be great if NZ banks took note of this feature.