Customers of Macquarie Bank are increasingly using more secure modes of two-factor authentication (2FA) to better protect their finances, with more than one million enrolments for the Macquarie Authenticator app.
Macquarie Authenticator is Macquarie Bank's market-leading digital security app. It was launched in 2019 as a more secure alternative to traditional SMS-based 2FA (SMS 2FA) and is now used by Macquarie Bank customers, brokers, advisers and their clients to verify actions requested on their accounts.
Macquarie Authenticator users receive a notification from the secure app when an attempt is made to log in to their account, make a payment online or change their sensitive account details. These notifications give customers full visibility over what action has been requested - such as the amount, origin and destination account of an attempted payment - alongside information such as the time and approximate location from where the request was made as well as the device and web browser involved. With all this information at their fingertips, customers can be more confident the request is genuine and approve or deny the action in real time.
More detail
Traditional SMS 2FA, which is widely used in Australian banking, relies on insecure technology and often provides limited information. The lack of detail in these messages means recipients may not know what they are approving and can't distinguish whether the action was initiated by them or someone else. Scammers have exploited these vulnerabilities in SMS 2FA, impersonating banks over the phone and SMS and tricking their victims into sharing codes that can be used to compromise their account.
Olivia McArdle, Head of Deposits and Payments at Macquarie Bank, said: "We think the days of Australian banks relying solely on SMS to verify customer account activity are numbered. The vulnerabilities are clear and customers, who are seeing the risks themselves, are voting with their feet. More than one million Macquarie customers are now using the Macquarie Authenticator app, and we are seeing a growing number opt-in to use our highest security settings."
More secure
In a market-first, Macquarie enabled customers to personalise their digital security settings using Macquarie Authenticator in 2020. Users can now choose between two modes - Enhanced Mode or Ultimate Mode. In Enhanced Mode, additional personal verification is required on all attempted account logins - except on trusted devices - as well as on changes to sensitive account details and certain financial transactions. In Ultimate Mode, additional personal verification is required on all attempted account logins, whether from trusted or unknown devices, as well as on changes to sensitive account details and all financial transactions.
"When 2FA was first adopted by Australian banks to provide an additional layer of security, SMS was considered the most convenient and secure way to check that customers were initiating activity on their account," McArdle said. "The landscape has changed considerably since then and the feedback we consistently hear from our customers is that they feel more secure when using Macquarie Authenticator than they did with other banks. The beautiful thing about Macquarie Authenticator is that the experience is so fast and seamless that customers love using it - it's a frictionless experience but still gives our customers complete control and enhanced security. We've been thrilled to see customers of all ages embrace Macquarie Authenticator, including many of our older customers who are concerned about being scammed and now have peace of mind when banking."
Other security measures
The Macquarie Authenticator app forms part of a series of protections Macquarie has rolled out in recent years to help customers protect themselves from a rise in scam and fraud attempts, including:
- Real-time protection: We hold and delay certain payments for transaction and savings accounts if we think they might be risky. This gives Macquarie customers the chance to cancel a payment if needed, including via 24/7 support with our live chat team.
- Macquarie Password Monitor: This security feature helps protect login credentials by monitoring the internet for signs of compromise. If a potential breach is detected, Macquarie will lock access to your online and mobile banking and notify you immediately. This allows you to take action, such as changing your password.
Is your method of multi-factor verification secure? Five things to watch out for when using SMS for 2FA
- Check the detail: The limitations of SMS mean you may not know exactly what you are approving when you receive a 2FA request. It's important that you do not take action unless you have full confidence the SMS is legitimate and connected to a request you have initiated on your account.
- Impersonation scams: Scammers may impersonate your bank, urgently requesting authorisation codes via SMS to stop alleged fraud while using these codes to compromise your account.
- Spoofing: Scammers may trick you into sharing personal or financial details via SMS. These fraudulent messages typically contain links to fake websites that prompt victims to share their sensitive banking data. In some instances, these SMS can appear in the same thread on your phone as legitimate messages.
- Pop-up SMS: Scammers can deliver a pop-up or flash SMS to your phone. These appear directly on your lock screen and are not saved to your inbox to prevent them from being reported or traced.
- Phone porting: Although this scam has reduced in prevalence, scammers can in some instances illegally transfer your phone number to another telecommunications provider without your consent. This enables them to receive all your messages and use this access to compromise your account.
