CommBank Strengthens Online Security

CommBank today announced it is adding an extra layer of security to online banking to help protect customers from fraud and scams.

Customers who use the CommBank app will soon be prompted with a request for confirmation, via the app, each time an attempt is made to log on to their account via NetBank.¹

Meg Bonighton, Executive General Manager Customer Engagement and Digital, said: "Keeping our customers' money safe is a top priority. Thankfully we've seen customer losses from scams drop by 70 per cent over two years at Commonwealth Bank, but criminals are highly sophisticated, so we can't stand still. Having multiple layers of defence makes it harder for these types of crimes to occur."

Having a second authentication on top of the log on password is recognised as one of the most effective defences against common types of cybercrime, including online banking fraud.²

CommBank's new layer of security can help stop unauthorised access to a customer's NetBank, even if a would-be intruder has obtained the customer's password. It also can help to block further unauthorised attempts to access NetBank, as the customer will be prompted to change their NetBank password if they confirm, via the app, a NetBank log on attempt wasn't them.

As one example, scammers will sometimes send a link to customers, pretending to be from a bank and urging them to click and confirm some suspicious transactions on their card. The link leads to a fake banking website where the customer is asked for their password - information the scammer will try to use to access the customer's account. Multi-factor authentication will help to prevent this, by sending a notification in the app when any attempt is made to log on to a customer's NetBank. If the log on attempt wasn't the customer, they can decline the prompt. If the prompt in the app is unanswered then access to NetBank will not be granted.

CommBank will never send customers links in text messages directing them to sites that ask for passwords, and customers should never click on any of these they receive.

Ms Bonighton said: "Customers who are already using the CommBank app will receive a notification, via the app, to confirm whenever an attempt is made to log on to their account via NetBank. The customer can then confirm in the app whether they are indeed trying to log on to NetBank. This serves as an additional layer of protection on top of existing fraud detection techniques we have in NetBank."

As part CommBank's $450 million investment in the first half of the 2025 financial year to protect customers against fraud, scams, and financial and cyber crime, the Bank will begin rolling this out to NetBank customers who use the CommBank app from next month.

Ms Bonighton said: "Sophisticated cybercriminals will continue to adapt their techniques and CommBank has over 4,000 people dedicated to fighting financial crime. Multi-factor authentication is another defence we've integrated into our arsenal to help protect customers from fraud, scams, cyber and financial crime.

"We're always trying to get the balance right between providing a seamless experience for our customers while keeping them safe and secure. While some customers are already choosing to use multi-factor authentication, we know it will be a new experience for others, so we will be listening to customer feedback during the phased rollout, and supporting customers who need help."

Read about the latest scams, fraud and security alerts.

Other CommBank security measures

• CommBank has advanced security and fraud detection systems in place and monitors customer accounts 24/7 and offers a range of security features to help keep customers in control.
• CBA has announced a suite of anti-scam technology aimed at helping protect customers from scams, including:
  • Fraud Indicator technology - to help protect Australians from identity theft
  • Digital Wallet review feature - to view digital wallets payment details and remove any not recognised
  • Interactive and intelligent warnings - for certain first-time payments
  • Integrating and sharing anti-scam information - via a national, cross-industry anti-scam intelligence loop
  • Scam Indicator technology with Quantium Telstra - to help protect customers from phone scams
  • SMS scams intelligence sharing with Vodafone - to combat SMS scams
  • Extending industry-leading NameCheck technology - to help customers check first-time payments
  • Introducing holds, declines and limits - on certain payments to cryptocurrency exchanges
  • In-app caller verification CallerCheck technology - to give customers peace of mind CBA is genuinely calling them.

How multi-factor authentication works

• Customers that already use the CommBank app will be required to complete a two-step verification every time they want to log on to NetBank:
  • Step 1: Provide their NetBank ID and password
  • Step 2: Open the CommBank app (via a notification received in the app, or by opening the app directly) and verify the NetBank log on attempt (to grant access to NetBank).
• Each attempt to log on to NetBank will trigger an in-app notification for a customer to approve or decline.
  • If a customer approves the notification, they will be logged on to NetBank.
  • If they don't, we'll prevent the attempted NetBank log on and ask the customer to reset their NetBank password.
• Our teams are here to help, and customers can call us on 13 2221 (option 4 > then option 1 > then option 2) or visit us in branch if they need any support.

¹ NetBank is CommBank's secure online banking service that allows customers to manage their finances.

² The Annual Cyber Threat Report 2023-2024 confirms multi-factor authentication as a mitigant for the top 3 self-reported cyber-crimes for individuals - identity fraud (26%), online shopping fraud (15%) and online banking fraud (12%). The Australian Government also uses additional authentication on MyGov.

Go to CBA Newsroom for the latest news and announcements from Commonwealth Bank.