If you have been granted access by your company to an ANZ web-based platform it is very important that you understand your obligations in protecting your security credentials. The risk to your company from an online fraud attack is very real and the consequence of an attack can be significant. To help you understand your part in the chain of protection please read below for tips on protecting your identity, security credentials and computer.

Tips for protecting your identity

Identity theft is a crime whereby someone obtains some of your personal details (such as date of birth, personal security questions and answers) in order to impersonate you. This personal information might be used to reset your password/PIN or fraudulently gain access to online platforms that you have been given access to on behalf of your company.

  • Do not write down personal identity security information such as security questions and answers (i.e. What is the first school you went to?).
  • Do not provide personal information to anyone who has called or emailed you without your request.
  • ANZ will require you to answer some personal security information when you call us. We will need this to ensure we can verify your identity over the telephone. Make sure that no one can overhear your security answers when provided.
  • Be aware of how much personal information you are providing on social media sites as this information can be used to commit identity theft and commit fraud.
Tips for protecting your security credentials

To enable you to securely log on to your ANZ web-based platform you will have been provided with a security credential such as a User ID, Smartcard or a Token device.  The credential is used to verify your identity when you log on to the platform and to authorise transactions. Follow the advice below to ensure that your security credential cannot be stolen to commit a fraud.

Password and PIN tips

  • Your PIN or Password should not be based on information that is easily found such as your User ID, personal telephone number, birthday or other personal information.
  • Your PIN or Password must be kept confidential and must not be divulged to anyone.
  • Your PIN or Password must be memorised and not recorded anywhere.
  • Your PIN or Password should be changed regularly or immediately if you suspect that someone else might know it.
  • The same PIN or Password should not be used for different websites, applications or services, particularity when they relate to different entities.
  • Make sure your Password has a combination of upper and lower case letters, numbers and symbols as this will make it harder to guess.
  • Never reveal the One-time-password [OTP] generated by your security token to anyone.
  • Never select the browser option for storing or retaining your User ID and Password.

Smartcard and Token tips

  • Never share your Token or Smartcard with anyone.
  • Do not leave your Token or Smartcard unattended. Always store your device securely. You should treat the security device like you would treat your own credit card.
  • Immediately advise ANZ if either your Smartcard or Token is lost or stolen.
Tips for protecting your computer
  • Ensure anti-malware protection software has been downloaded on your computer.
  • Check your computer security on a regular basis and download the latest security upgrades.
  • Ensure you only access trusted sites on the internet and not opening emails you’re not sure about.
  • Use a firewall to prevent unauthorised intrusions.
  • Block spam emails.
  • Keep your computer browser (e.g. Internet Explorer, Firefox), and product software (Microsoft Office/Adobe flash, etc) up to date. Software providers frequently develop updates and patches to address new and developing security threats.
  • Make sure you are logged on to a secure web address with a Secure Socket Layer (SSL) Certificate. You should check that the bank’s website address changes from http:// to https:// and a security icon that looks like a lock or a key appear when authentication and encryption is expected. If you click on this icon you will find information about the organisation with whom you have the secure session with.

Contact your organisation’s system administrator if you are concerned that the above security controls are not in place on your computer.