Any CBA Customer Find It Strange There Is No 2FA on The Banking Apps? from Comsec to Commbank App

I find it rather strange, that till this day, they do not offer 2FA / MFA on the commbank platform. Does any other bank offer this? Anyone know why they have not implemented such a secure service? I mentioned this once to the CBA rep, and they said, we've got SMS passcode to auth a transfer. But seriously ..

Related Stores

Commonwealth Bank
Commonwealth Bank

Comments

  • I guess if money can't be taken out of the account without a 2FA code (SMS), it would be less desirable to hackers.

    • I suppose they could see your account balances.

  • +4

    Face id not enough?

    • What about the web app version of both Comsec and Commbank? For example, if I need to trade internationally, I can only use the web app.

      • +1

        They already have 2FA, if someone gets in they won’t be able to take your money as it requires 2FA to send money out of the account.

    • -3

      Isn't face id easily cracked with a photo?

      • -1

        Nope, you cannot trick Face ID with a photo.

      • +2

        I can honestly say that if someone has both my device and a photo of my face than the last thing that I would be worried about is the money.

  • From Comsec to Commbank App.

    You have to do the 2FA when adding the account in the first place. Plus its also assumed 'safe' to transfer money between your OWN accounts. I mnea you should trust yourself right?

    • My credit card bill says I SHOULDN'T trust myself. Now I'm off to cook some brisket on my new smoker, while watching some shows on my new TV.

      • Hmmm you should ask your bank to put 2FA on your credit card purchases then… Product yourself as you clearly need protecting :)

        I hope that was a nice automatic pellet feed smoker so you don't have to watch the temp while watching TV!?

        • +1

          Yes it is. The Pit Boss from Bunnings. Been a solid unit.

  • I relate to this topic. None of the big banks implement TOTP specifically which annoys me greatly. Some of them have their own security measures which may include installing an app some of which come with mobile trackers.

    Something else that bothers me is how lax some of the banks are with passwords. ANZ, for example, doesn't let you use special characters. If I recall correctly, one or more of the banks even limits how many characters you can have in your password.

    I read somewhere that one of the reasons for poor security practices is due to headaches for when people forget their passwords or lose access to their MFA so they would rather step up their anti-fraud mechanisms than force users to be more responsible. I could be wrong.

    • +1

      Westpac seems to even REQUIRE the password to be 6 characters!! (only six, not more). I’d say it’s all about legacy systems that would cost lots and lots to upgrade, and cause access problems to everyone’s money if not done right.

      • +1

        Westpac is six characters (no more, no less). They're also alphanumeric only (not even fullstops or underscores). And they're case insensitive (SIX666 is the same as six666!)

  • Exactly!

    Don’t get me wrong some of the security features for the credit card is great, stopping int online payments etc, locking card etc.

    Some things I’d like to see.
    1. Ability to turn MFA on or Off
    2. Ability to turn on or off Geo blocking
    3. Audit history on when the account was accessed (there has been on several occasions where unauthorised CBA staff have accessed someone’s account just to have a peek) I know this gets audited manually but it would be a nice feature to have.

    • That will never happen when legacy banks use a network where they hold the private keys.

    • 1 & 2 are related to fraud and legal requirements, which is why they aren't customisable.
      Your audit history can be accessed in NetBank through Settings > Online activity. It shows a complete log of your logins and at what time.

  • dont most things require the code from the app now?

  • Any update on this ? Looking for 2FA on commbank and can't find anything.

    • @Billiam

      • +1

        Nope nothing. There is only SMS passcode which is used when transferring money out.

        I am assuming that they haven’t implemented it due to these. (Assumptions)

        1. They don’t know how to do it
        2. ATO also needs to access your records if they need it, perhaps if it’s on, maybe it’s harder for them? But I’m assuming there would just be API access so not sure.
        3. They have a real shit security team
  • Wow, 2023 and still no MFA. I'm astounded!

    I've just enabled the "netcode" which required me to disable my "netcode token" and I'm finding it hard to believe that they are so happy go lucky with my account and information. The security should not just be around financial transactions, but also all the other info that is available through what is now a simple UID and password with minimal complexity.

    The token (which I had to argue with their "experts" to get back in 2016) correctly prevented access to all logins with proper MFA, unfortunately the same functionality is not available from the Australia's leading bank when it comes to other forms of netcode.

    What's even worse is that the mobile app is only protected by a fingerprint or 4 digit pin. Ridiculous.

Login or Join to leave a comment