BNZ has written to customers telling them that NetGuard cards, which are used as a method of two-step authentication for online banking, will be removed as a way to confirm identity. Photo: RNZ / Marika Khabazi
A Wairarapa woman is concerned that changes by BNZ to the way that people access internet banking could affect people who have older smartphones, or do not have one at all.
BNZ has written to customers telling them that NetGuard cards, which are used as a method of two-step authentication for online banking, will be removed as a way to confirm identity.
Instead, people would need to use the app.
But Judith, who did not want to be identified, said her husband's phone was from 2017 and the app would not work on it.
"This is entirely wrong in many ways. As a customer, you don't have any choice about this change, although we have done online banking for many years, we don't ever do banking on our phones, presumably they expect us all to buy a new phone."
Gayle Chambers, national president of Grey Power, said it was something her organisation needed to look into.
A BNZ spokesperson said the bank was always looking for ways to upgrade its security measures.
"We understand some customers' disappointment about the phasing out of NetGuard cards as an authentication method and our teams are available in branch, online or on the phone to help customers manage this change.
"NetGuard cards were first introduced in 2006. However, since then industry standards and two-step authentication methods have evolved, along with the functionality of our BNZ app. This means NetGuard cards are no longer the most secure method for authentication.
"Unfortunately, we have seen a number of customers who have been convinced to share the details of their NetGuard card with scammers. Once these details have been shared, it is almost impossible to protect a customer's money."
She said over time mobile phone manufacturers would discontinue support for hardware and not provide system updates for older devices.
"This poses a security risk as customers are less likely to be able to install security patches, leaving their devices more vulnerable. It also becomes increasingly difficult for us to maintain the functionality of older applications across an increasing number of older operating systems and devices."
She said customers without the BNZ app could still log in to internet banking with their access number and password. It would also not affect customers shopping with a credit or debit card.
"Additional authentication is only required for high-risk transactions, such as paying someone new, creating and editing payees, updating their contact information and international payments. In these situations, customers are able to contact our team either through phone banking or in branch, to help them complete two-factor authentication."
Paul Brislen, chief executive of the Telecommunications Forum, said the situation was inevitable.
"The authenticator apps are free and easy to use but do need a modern phone … but by modern I mean one that is still supported by the software vendor. "
He said while people might be happy with a phone from 2017, the software was not supported and the phone was exposed to security breaches.
He said such a device should not be used for banking.
"We're in the throes of shutting down the 3G networks too so this will encourage a number of customers to upgrade to more capable devices shortly and the number of affected parties will drop to around zero."
Sign up for Ngā Pitopito Kōrero, a daily newsletter curated by our editors and delivered straight to your inbox every weekday.
