What Australian Banks Allow You to Login and Make Credit Card Purchases While Unable to Receive SMS

• 1
• 2

• • • 

      FareEvader on 08/08/2022 - 11:40

      +3

      What you don't see is the many months of user access testing across different customer segments to ensure the level of security is approrpriate and fit for purpose. Yes, controls can be designed to be bulletproof but it would impact the customer experience.

      • 

        Mr Random on 08/08/2022 - 11:50

        +1

        Correct, I don't. Which is why I mention they would likely weigh up the cost of paying back a customer breached funds, alongside the implementation costs of such security features. But like you mentioned, there is the addition of determining if their main user demographic can use the system.

        I have only worked on smaller systems which would not cost someone their entire life savings. I have worked with personal identifiable information, and being in a small company we tend to say, "We can't safely meet regulatory requirements to keep information safe without it. And we will definitely not be in a position to pay the hefty fines that can follow".
        So our end-users have to suck it up and be required to have 2FA, and it is up to us to make the onboarding experience as seamless as possible through lots of testing.

  • 

    joelmuzz on 09/08/2022 - 07:23

    +1

    SMS 2FA is officially declared a security fail by security experts though.
    They are supposed to be offering TOTP as the default, and SMS only as an option for the people who are too confused by an app or still have a Nokia.

• 

  mousie on 08/08/2022 - 09:45

  I just use pieces of eight.

• 

  belongsinforums on 08/08/2022 - 10:19

  Cbank has tokens

• 

  pkol on 08/08/2022 - 10:30

  There is no 2FA for card transactions as far as I know, there is however 2FA for card not present (aka CNP) transactions. A CNP transaction is when the merchant doesn't see your physical card - an online store for example. 2FA on CNP transactions uses a protocol called 3DS, the spec is listed here: https://www.emvco.com/emv-technologies/3d-secure/

  The thing with 3DS is that the method of 2FA is not specified - it can be SMS, push notification on app, a phone call from your bank etc etc. If your bank will only send you an SMS and refuses to do anything else - switch bank.

• 

  91rs on 08/08/2022 - 11:01

  "So let's talk about which banks in Australia aren't completely and utterly stupid and incompetent."

  Sounds more like a user problem than a bank issue.

  Unless you're on prepaid (with Telstra in this example) you can have int-roam active on your phone and receive SMS to your phone for authentication if required, you dont need to buy the day packs, data packs or any of that to receive SMS.

  The only instances I can think of where SMS was required were login to the Qantas website\app for flight changes etc where it wants a SMS code sent, and some online purchases with a credit card (mastercard or visa) and at the final payment screens had a popup or additional page step where it pushed a SMS and wanted to code to verify the card holder / user as it was an online purchase and out of home country over $X value.
  Never received a SMS verification for purchases in person while I was at the shop, restaurant, hotel etc.

  Any bank transactions are often done via the chosen banks app or website then you use their banking app that generates tokens etc anyway.
  If future payments then just cue them up before you leave for when you know funds will be available and let them be automated, even if a one off payment for something.

  Its very much a non-issue.

  • 

    Pigey on 09/08/2022 - 02:00

    +1

    Even then on Telstra Prepaid, you can use Wi-Fi calling and receive SMS over Wi-Fi.

• 

  zealmax on 08/08/2022 - 11:17

  +1

  If you know you will not have roaming and you have a spare phone you can install an SMS to email app that will forward your SMS to email.

  • 

    [Deactivated] on 08/08/2022 - 11:28

    +1

    What app is good? Which one have you tried?

    • 

      zealmax on 08/08/2022 - 12:06

      Been a long time, just try some.

• 

  Brianqpr on 08/08/2022 - 11:43

  This is one reason why having a dual SIM phone (Xiaomi etc) is a good idea. You can keep your existing SIM active and also add a local one so you can access calls and data without being fleeced by your Australian provider.

• 

  hhq on 08/08/2022 - 12:04

  Suggest you call your bank, explain the situation and request a hardware token. They will likely issue you with a 6 digital RSA style token. I know many banks used to offer this but haven't asked lately.

  You may need to ask a few times as it's one of those things that is not requested frequently and the call centre may not know about it.

  Edit: Here is the link to the CBA process. I suspect other major banks are similar.
  https://www.commbank.com.au/support.digital-banking.explain-…

  Westpac link. Click what is a securid token twisty.
  https://www.westpac.com.au/security/how-we-protect-you/#2_se…

• 

  ColtNoir on 08/08/2022 - 12:19

  +1

  I’ve used my CBA credit card overseas no problems. Prior to leaving I think I set the dates I was going and the countries as well.
  I also activated the travel insurance, so not sure if that factored into it.

• 

  Hangryuman on 08/08/2022 - 12:43

  if I recall at a bank ATM in Salzburg Austria in 2018 I tried to withdraw from my UBank USaver account with a UBank debit card - it wouldn't allow until I had used my iPhone with roaming internet to first transfer funds to the other Ultra account - whereafter I could withdraw cash from the ATM as a 'credit card advance' or somesuch from that account - I don't remember whether there were advance fees associated with that.

• 

  yamahamoto on 08/08/2022 - 12:57

  If you are going overseas often best to stick with Vodafone. I used their roaming option numerous time with no issue. $5 a day for a piece of mind is a no brainer. The 6G internet you get in Europe using Vodafone is insanely fast. 6G was a joke but the internet speed felt faster than NBN.

  • 

    askbargain on 08/08/2022 - 13:06

    Is 6G faster than 5G?

    • 

      yamahamoto on 08/08/2022 - 13:56

      It is a joke I don’t know if 6G is available yet but it certainly felt faster than 5G we have here in Australia.

• 

  gk0r on 08/08/2022 - 15:38

  +1

  It's because Australian banks can't imagine a situation where Australians might gasp travel. Even if you tell them in advance. It's negligent. It's disrespectful. It's very typical of Australian banks to say "f*** you" to its customers. Their care factor is zero.

• 

  nigel deborah on 08/08/2022 - 16:34

  I have always had good experiences with citibank. They still have SMS verification for some things but it's easy to get it changed over the phone once you know your new number.

  They've also never blocked my card overseas, even after doing weird transactions. They have zero currency exchange or overseas transaction fees, AND use the official mastercard exchange rate (which is always extremely close to the real rate). Highly recommend as a 'travel card'.

  That said, they did just get acquired, so might change soon.

• 

  Lunarboogie on 08/08/2022 - 17:43

  +1

  If you adjust one of the settings on the UBank app (can't remember which), they'll send the code to your app rather than a phone number which means you just need wifi to receive.

• 

  knk on 08/08/2022 - 18:48

  A not so great, but usable workaround is using pulse sms or similar on android and leaving the sim in a spare phone when you go overseas.

  That way you can still get them.

• 

  serpserpserp on 08/08/2022 - 20:03

  +1

  When you called your Aussie bank OP what did they say?

• 

  quikchip on 08/08/2022 - 21:30

  +1

  CBA.
  They send a code to the app on your phone. I was stuck overseas for 3 yrs and used CBA the entire time without the use of my Australian SIM. Although you may need to set the app up in Australia before leaving.

• 

  BreezyPalms on 08/08/2022 - 21:34

  +1

  I use lattitude credit card (formerly known as 28 degrees) overseas and you don’t need sms

  They also offer fee free foreign currency purchases and have very good exchange rates (close to XE.com)

  The best travel credit card in my experience

  Edit - re read the OP, not sure about 2fa. Usually only need this from certain vendors in my experience. Another option could be to pay via PayPal using your credit card to avoid 2fa

• 

  matt-ozb on 09/08/2022 - 07:01

  +1

  If you have wifi, just use VoWiFi for free SMS with your Australian number.

  Aussie number = eSIM
  Overseas number = physical SIM

  • 

    packeteer on 16/08/2022 - 09:57

    I use the other way around, there's a bit of setup time, but it works great

• 

  bamzero on 09/08/2022 - 13:19

  In the past I've left my SIM in a phone at home with pushbullet, then as long as I've got internet on another phone while travelling I can send and receive txts from my SIM at home.

• 

  chillin222 on 09/08/2022 - 20:21

  +6

  There are some REALLY REALLY sh*t replies in this thread.

  It's completely unacceptable in 2022 for banks to use SMS for 3DS authentication. I can't believe people on here are defending this practice.

  Other rubbish info:
  - Get a token / disable 2FA —-> Irrelevant for 3DS
  - "It's worked for 15 years" —-> Irrelevant for 3DS, given the liability shift only happened in 2020
  - Get roaming —-> Useless info when 99.9% of travellers are using a local SIM for roaming

  So here's the actual answer to your question:
  - CBA doesn't use SMS for 3DS. Their Low Fee Gold credit card has 0 international fees and is available for free for any home loan package holders.
  - 28Degrees card used to have an SMS alternative for 3DS - not sure if they still do.

  I'm not sure about other issuers.

  If you are OK with a debit , not credit, card then you can add:
  - Revolut
  - Up (I think!)

  • 

    [Deactivated] on 09/08/2022 - 22:04

    I'm seriously thinking about the CBA Low Fee Gold credit card.

  • 

    jrad0 on 10/08/2022 - 08:45

    100% agree. Very poor responses from some salty people maybe missing travelling too much?

    Got stung a couple of times recently in Europe - for example buying premier pass tickets in Disneyland Paris (can only be bought online on the day) with my NAB platinum debit card required a OTP sms code. NABs answer was call us and tell us your euro phone number when you get a sim over there. I didn't have a phone number in France as I was using EE roaming from a sim in the UK.

    However, the wife used CBA and got a code sent through the app - she organised on the spot through online chat which saved us 2.5 hours lining up for Crush Coaster haha Buying any train tickets online while over there with and Aussie card will also catch you out too.

    Aussie banks need to get with the times and get some authenticator apps. Codes via SMS is so outdated!

• 

  darkwater on 09/08/2022 - 21:02

  Anz have their own 2FA App from PlayStore called "Anz shield", when you using this, you don't need the mobile OTP.
  https://www.anz.com.au/security/account-protection/anz-shiel…

• 

  archieduh on 24/08/2022 - 08:16

  Did you sort this out?
  Otherwise I have a workaround to share if you are using Android.
  * Have 2 phones
  * In 1, put your AU SIM. Leave this at your AU home and have it connected to power and Wi-Fi (or reliable data)
  * The 2nd, your phone that you take to travel, open messages.google.com/web which will show a QR code.
  * In the 1st phone, go to the "Messages" app by Google. From the menu of the app choose "Device pairing" and scan the QR on 2nd phone.
  * Now you can see sms of 1st phone on 2nd phone's browser. Now in this browser window menu options you will have "install app" or "add to home screen". Click that and you will have a shortcut to "web messages", the icon will also look slightly different to normal messages app.
  * Voila! On your 2nd phone you now have web messages to check your AU SMS and normal messages app to check your local Sim SMS. Just ensure that your AU phone will always be on power and has internet connectivity.

  • 

    archieduh on 24/08/2022 - 08:18

    Lol realised the OP has disabled account

• 

  optimus maximus on 07/03/2024 - 10:21

  My mobile phone service provider recently switched off their 3G network and so until I can afford to buy a 4G/5G phone I am unable to authorise online payments via SMS. I know I can pick up a cheap mobile phones anywhere but what irritates me is the fact that my bank refuses to provide another means of making payments online. The only thing I can do is to make a 30 km trip to the nearest and on;y branch office closest to me and present the usual 100 points of ID. I put in a complaint and have a guess what they said??? Yep, you guessed it - I had to call them up to chat to their (probably offshore) call centre! WTF. Obviously no one actually read my complaint because if they had, they would know I don't have a mobile phone or landline to do this. Idiots. My first ever bank was the Rural and Industries Bank of WA, which became Bankwest when they privatised. I am not sure if they would offer better service than my current bank, but judging by all the comments, maybe I'd be better off with the forrmer. IMO all banks are thieves so when choosing a bank it invariably comes down to choosing the lesser evil.

• 1
• 2