Commonwealth Bank of Australia has begun rolling out free two-factor authentication tokens to 30,000 "highly active" users of its Internet banking system, NetBank.
The token, which is small enough to fit on a key ring, produces a NetCode – a single-use password that is unique to each customer's token and automatically changes every 30 seconds. The customer inputs the code when logging into Web banking services.
The bank says the roll out of the tokens is the first phase of its two-factor authentication programme. The next wave will be to introduce SMS authentication codes for other NetBank customers. SMS authentication will allow customers with a mobile phone to receive a one-time code to finalise certain online transactions.
Says Michael Cameron, Commonwealth Bank Group executive, retail banking services: "With these solutions in place, customers can carry out their online banking activities with greater peace of mind,"
National Australia Bank introduced a SMS authentication service for Web banking customers in 2005. Last year St George Bank said it would introduce SMS text authentication as part of a major revamp of its online banking platform.
News of Commnwealth Bank's token roll out follows reports last week that The Australian Securities and Investment Commission (ASIC) is to review liability issues in online crime and phishing.
Banks in Australia currently reimburse customers who fall victim to online scams that steal data including passwords and personal details. But the Asic's consultation paper calls for industry feedback on whether account holders should be liable for unauthorised transaction losses when customers' equipment does not meet "minimum" security requirements.