skip to log on skip to main content
VoiceOver users please use the tab key when navigating expanded menus

Protecting your security credentials

If you have been granted access by your company to an ANZ web-based platform it is very important that you understand your obligations in protecting your security credentials. The risk to your company from an online fraud attack is very real and the consequence of an attack can be significant. To help you understand your part in the chain of protection please read below for tips on protecting your identity, security credentials and computer.

Identity theft is a crime whereby someone obtains some of your personal details (such as date of birth, personal security questions and answers) in order to impersonate you. This personal information might be used to reset your password/PIN or fraudulently gain access to online platforms that you have been given access to on behalf of your company. To protect your identity, please be aware of the following:

  • Do not write down personal identity security information such as security questions and answers (i.e. What was the first school you went to?).
  • Do not provide personal information to anyone who has called or emailed you without your request.
  • Personal information you provide on social media sites can be used to commit identity theft and commit fraud.
  • ANZ will require you to answer some personal security information when you call us. We will need this to ensure we can verify your identity over the telephone. Make sure that no one can overhear your security answers.

To enable you to securely log on to your ANZ web-based platform you will have been provided with a User ID and a security credential such as a Password, Smartcard or a Token device.  These are used to verify your identity when you log on to the platform and also to perform certain transactions. Follow the advice below to ensure that your security credentials cannot be stolen to commit a fraud.

Password and PIN tips

  • Your PIN or Password should not be based on information that is easily found such as your User ID, personal telephone number, birthday or other personal information.
  • Your PIN or Password must be kept confidential and must not be divulged to anyone.
  • Your PIN or Password must be memorised and not recorded anywhere.
  • Your PIN or Password should be changed immediately if you suspect that someone else might know it.
  • Consider using a passphrase as your password. The Australian Cyber Security Centre (ACSC) suggests that a strong passphrase (long, unpredictable and unique i.e. containing 4 or more random words) can make your account harder to crack.
  • The same PIN or Password should not be used for different websites, applications or services, particularly when they relate to different entities.
  • Consider using a password manager to help stay on top of your passwords. Password managers are applications that can generate and store your passwords for your online accounts.
  • Your password will be harder to guess if contains a combination of upper and lower case letters, numbers and symbols.
  • Never reveal the One-time-password [OTP] generated by your security token to anyone.

Smartcard and Token tips

  • Only connect your smartcard when needed.
  • Always remove your smartcard between uses.
  • Always store your smartcard or token safely.
  • Never share your smartcard or token with a colleague.
  • Immediately advise the Customer Service Centre if your smartcard or token has been lost or stolen.
  • Ensure anti-malware protection software has been downloaded on your computer.
  • Check your computer security on a regular basis and download the latest security upgrades.
  • Ensure you only access trusted sites on the internet and do not open emails you’re not sure about.
  • Use a firewall to prevent unauthorised intrusions.
  • Block spam emails.
  • Keep your computer browser (e.g. Internet Explorer, Firefox), and product software (Microsoft Office/Adobe flash, etc) up to date. Software providers frequently develop updates and patches to address new and developing security threats.
  • Make sure you are logged on to a secure web address with a Secure Socket Layer (SSL) Certificate. You should check that the bank’s website address changes from http:// to https:// and a security icon that looks like a lock or a key appear when authentication and encryption is expected. If you click on this icon you will find information about the organisation with whom you have the secure session with.

Contact your organisation’s system administrator if you are concerned that the above security controls are not in place on your computer.