Any CBA Customer Find It Strange There Is No 2FA on The Banking Apps? from Comsec to Commbank App

I find it rather strange, that till this day, they do not offer 2FA / MFA on the commbank platform. Does any other bank offer this? Anyone know why they have not implemented such a secure service? I mentioned this once to the CBA rep, and they said, we've got SMS passcode to auth a transfer. But seriously ..

Related Stores

Commonwealth Bank
Commonwealth Bank

Comments

  •  

    I guess if money can't be taken out of the account without a 2FA code (SMS), it would be less desirable to hackers.

    •  

      I suppose they could see your account balances.

  • +4 votes

    Face id not enough?

    •  

      What about the web app version of both Comsec and Commbank? For example, if I need to trade internationally, I can only use the web app.

      • +1 vote

        They already have 2FA, if someone gets in they won’t be able to take your money as it requires 2FA to send money out of the account.

    • -3 votes

      Isn't face id easily cracked with a photo?

      • -1 vote

        Nope, you cannot trick Face ID with a photo.

      • +2 votes

        I can honestly say that if someone has both my device and a photo of my face than the last thing that I would be worried about is the money.

  •  

    From Comsec to Commbank App.

    You have to do the 2FA when adding the account in the first place. Plus its also assumed 'safe' to transfer money between your OWN accounts. I mnea you should trust yourself right?

    •  

      My credit card bill says I SHOULDN'T trust myself. Now I'm off to cook some brisket on my new smoker, while watching some shows on my new TV.

      •  

        Hmmm you should ask your bank to put 2FA on your credit card purchases then… Product yourself as you clearly need protecting :)

        I hope that was a nice automatic pellet feed smoker so you don't have to watch the temp while watching TV!?

        • +1 vote

          Yes it is. The Pit Boss from Bunnings. Been a solid unit.

  •  

    I relate to this topic. None of the big banks implement TOTP specifically which annoys me greatly. Some of them have their own security measures which may include installing an app some of which come with mobile trackers.

    Something else that bothers me is how lax some of the banks are with passwords. ANZ, for example, doesn't let you use special characters. If I recall correctly, one or more of the banks even limits how many characters you can have in your password.

    I read somewhere that one of the reasons for poor security practices is due to headaches for when people forget their passwords or lose access to their MFA so they would rather step up their anti-fraud mechanisms than force users to be more responsible. I could be wrong.

    • +1 vote

      Westpac seems to even REQUIRE the password to be 6 characters!! (only six, not more). I’d say it’s all about legacy systems that would cost lots and lots to upgrade, and cause access problems to everyone’s money if not done right.

      • +1 vote

        Westpac is six characters (no more, no less). They're also alphanumeric only (not even fullstops or underscores). And they're case insensitive (SIX666 is the same as six666!)

  •  

    Exactly!

    Don’t get me wrong some of the security features for the credit card is great, stopping int online payments etc, locking card etc.

    Some things I’d like to see.
    1. Ability to turn MFA on or Off
    2. Ability to turn on or off Geo blocking
    3. Audit history on when the account was accessed (there has been on several occasions where unauthorised CBA staff have accessed someone’s account just to have a peek) I know this gets audited manually but it would be a nice feature to have.

    •  

      That will never happen when legacy banks use a network where they hold the private keys.

    •  

      1 & 2 are related to fraud and legal requirements, which is why they aren't customisable.
      Your audit history can be accessed in NetBank through Settings > Online activity. It shows a complete log of your logins and at what time.

  •  

    dont most things require the code from the app now?