One of Australia’s big four banks has revealed plans to completely remove passwords from internet banking by the end of the decade.
National Australia Bank chief security officer Sandro Bucchianeri said passwords have become “terrible” while scammers and cybersecurity breaches become more sophisticated.
NAB has already rolled out cryptographic keys designed to replace the passwords of its digital-only subsidiary Ubank.
The technology is expected to be deployed at NAB within three to five years to replace text passwords.
Technology experts have warned that passwords have become less secure because users often physically type and use the same weak passwords across numerous services.
This means that information from a cybersecurity breach on a separate website could be used to access and empty bank accounts.
To try to solve the problem, NAB cryptographic keys will allow users to authenticate who they are without the use of a username or password.
Users will be able to use a PIN or biometric signatures, such as a fingerprint or facial recognition technology, to access their account.
National Australia Bank has announced plans to completely remove customers using “terrible” passwords for internet banking and replace them with cryptographic keys (file image)
But Bucchianeri said NAB is trying to strike a “very fine balance between security and usability.”
“If I go too far into security, the end user will find an easier way (like post-it notes) to try to get in because it’s too difficult and if I make it too easy to use… then I’ll compromise security,” he told the Sydney Morning Herald.
Bucchianeri said the bank has substantially improved its ability to thwart the more than 50 million cyberattacks.
While hackers have not yet breached NAB’s security measures, they have been able to gain access to smaller companies used by the bank and access personal information such as phone numbers.
Instead of directly hacking into a customer’s account, scammers often use the information to impersonate a user or a bank to gain access and get away with large amounts of cash.
To address this, the bank partnered in November with cybersecurity firm BioCatch and banks ANZ, Commonwealth Bank, Suncorp Bank and Westpac to form the BioCatch Trust.
The company analyzes a user’s behavior and device to identify potentially fraudulent transactions in “mule accounts” where money is most likely to be laundered.
BioCatch Trust aims to help banks “share information in real time before a customer makes a payment” and identify and stop suspicious transactions.
The NAB said the security measure aims to prevent fraudsters from obtaining commonly reused passwords from cybersecurity breaches and using them to access their bank accounts (file image).
Chris Sheehan, a former Australian Federal Police and NAB Executive Group Investigations executive, said it is another tool for banks to stop criminals and protect customers.
“Scammers are worms who will do anything to scam Australians,” he said at the time.
‘While we are seeing customer scam losses decrease, we know there is more to do to make Australia the most difficult country in the world for criminals to steal our money.
“This is a world first and a great example of how Australia is embracing innovation and strategic partnerships to stop criminals in their tracks.”
NAB has been using BioCatch’s biometric and behavioral technology to detect attempts to impersonate customers or the bank since early 2020.
Other measures include removing links in unexpected text messages, helping telecommunications companies prevent banks’ phone numbers from being spoofed, and training contact centers to detect fraud.
The bank also suspended high-risk transactions, warned customers about payments to new beneficiaries, and blocked payments to some high-risk cryptocurrency platforms.