ANZ takes security very seriously. Our online security solution encompasses both security software as well as best practice business process controls. We want to give you piece of mind when conducting your business in an online environment. Some of the security measures that ANZ employs are described below.

Network and session controls

Firewall

A firewall mechanism is used to protect the integrity of your connection to all ANZ websites.

Firewall

Data Encryption

  • 128-bit Secure Sockets Layer (SSL) encryption technology is used to protect your session when you connect to an ANZ online platform.
  • When authenticating to an ANZ online platform your token user credentials are protected using End-to-end encryption (E2EE) technology.

Session time-outs

After you have been successfully authenticated to an ANZ online platform you will have an active security session. If you forget to log off from the platform or after a period of inactivity our systems will automatically log you off.

Identity and access management controls

Identity and access management is the way we help you control access to your online account information. Individuals who require access on behalf of your organisation are issued security credentials with a Password or PIN. The security credential is used to uniquely identify an individual when they log on to an ANZ online platform.

The type of credential that you will be issued with will depend on the platform that you are using, the regulatory requirements of your country and the access level that you have been assigned within your online account (for example, view only access or transaction approver etc.).

ANZ has a number of different security credential types which are described below.

Common security features of ANZ credential types

  • Credentials are issued in an inactive state. You will not be able to use the credential until you have been successfully verified and provided with a temporary Password or PIN.
  • The credential will be automatically disabled after a number of incorrect log on attempts.
  • For security reasons credentials that have not been activated or have been inactive for a defined period of time will be automatically disabled.

User ID / Password

  • Password strength controls (such as rules about password length, special characters, case etc.) have been implemented to reduce the risk of someone guessing or stealing the Password.

Smartcards

ANZ uses cryptographic smartcard technology. 

  • Smartcards use a digital signature to verify the users identity and create a secure a log on session.
  • Information on the smartcard is protected by a user chosen PIN.
  • Smartcards are considered a ‘strong authentication method’ also known as two-factor authentication (something you have and something you know).
  • Come in two form factors: SIM card size used for USB readers and standard credit card size.
  • Smartcards are the preferred regulatory authentication technology for some countries.
  • ANZ’s smartcard solution can be used for Transaction signing.

Smartcards

Tokens

ANZ uses PIN-pad protected authentication token devices.

  • Tokens are considered a ‘strong authentication method’ also known as two-factor authentication (something you have and something you know).
  • Tokens are PIN protected by a user chosen PIN.
  • Uses One-time-passwords (OTP) for authentication. Tokens generate a OTP password which can be used once and are only valid for a limited period of time.
  • ANZ’s token solution can be used for Transaction signing.

Tokens