One of Australia’s Big Four banks has revealed plans to completely remove passwords for internet banking by the end of the decade.
National Australia Bank chief security officer Sandro Bucchianeri said passwords have grown ‘terrible’ while scammers and cybersecurity breaches become more sophisticated.
NAB has already implemented cryptographic keys designed to replace passwords for its digital-only subsidiary Ubank.
The technology is expected to be implemented at NAB within three to five years to replace text passwords.
Tech experts have warned passwords have become less secure because users often physically write down and use the same, weak passwords across numerous services.
This means information from a cybersecurity breach on a separate website could be used to access and drain bank accounts.
To try and get around the issue, NAB’s cryptographic keys will allow users to authenticate who they are without the use of a username or password.
Users will be able to use a PIN or biometric signatures, such as a fingerprint or facial recognition technology, to gain access to their account.
National Australia Bank has announced plans to completely remove customers using ‘terrible’ passwords for internet banking and replace them with cryptographic keys (stock image)
But Mr Bucchianeri said NAB is trying to strike a ‘very fine balance between security and usability’.
‘If I go too much on the security, the end user will find an easier way – such as post-it notes – to try and get in because it’s just too difficult and if I make it too user-friendly … then I will compromise the security,’ he told the Sydney Morning Herald.
Mr Bucchianeri said the bank has substantially improved its ability to thwart the more than 50million cyber attacks.
While hackers are yet to break NAB’s security measures, they have been able to gain access to smaller companies used by the bank and access personal information such as phone numbers.
Instead of directly hacking into a customer’s account, scammers often use the information to either impersonate a user or bank to gain access and get away with large amounts of cash.
To tackle this, the bank in November partnered with cybersecurity company BioCatch and banks ANZ, Commonwealth Bank, Suncorp Bank and Westpac to form the BioCatch Trust.
The company analyses a user’s behaviour and device to identify potentially fraudulent transactions to ‘mule accounts’ where the money is most likely laundered.
BioCatch Trust aims to help banks ‘share information in real-time before a payment is made by a customer’ and identify and stop suspicious transactions.
NAB said the security measure is aimed to stop commonly reused passwords being obtained by scammers from cybersecurity breaches and used to access their bank account (stock image)
NAB Executive Group Investigations and former Australian Federal Police executive Chris Sheehan said it is another tool for banks to stop criminals and protect customers.
‘Scammers are grubs who will do anything to rip Australians off,’ he said at the time.
‘While we are seeing customer scam losses decrease, we know there’s more to do to make Australia the hardest country in the world for criminals to steal our money.
‘This is a global first and a great example of how Australia is embracing innovation and strategic partnerships to stop criminals in their tracks.’
NAB has been using BioCatch’s behavioural and biometric technology to detect attempts to impersonate customers or the bank since early 2020.
Further measures include removing links in unexpected text messages, helping telcos to stop bank phone numbers being impersonated and training contact centres to decoct fraud.
The bank has also put holds on high-risk transactions, warned customers of payments to new payees and have blocked payments to some high-risk cryptocurrency platforms.