AUS
NZ
UK
CA
USA
IND
Highlights
- National Australia Bank (NAB) plans to eliminate passwords from its internet banking system by 2030, replacing them with cryptographic keys for better security.
- The move aims to counter growing cybersecurity threats, including scams and data breaches that exploit weak passwords.
- NAB’s adoption of cryptographic keys will enhance user authentication through biometrics, such as fingerprints and facial recognition, alongside PINs.
National Australia Bank (ASX:NAB), one of Australia's Big Four banks, has announced a groundbreaking shift in its approach to online banking security. By the end of the decade, the bank will fully remove traditional passwords from its internet banking system, replacing them with cryptographic keys designed to better protect users against growing cybersecurity threats.
According to NAB’s Chief Security Officer, Sandro Bucchianeri, passwords have become increasingly unreliable and “terrible” as scammers and cybercriminals have developed more sophisticated techniques to exploit them. Bucchianeri pointed out that many people use weak, repeated passwords across various services, making it easier for hackers to access sensitive information from breaches at other sites and use it to drain bank accounts.
To address this issue, NAB has already implemented cryptographic keys at its digital-only subsidiary, Ubank, which will serve as a model for broader adoption within NAB’s systems. These cryptographic keys will allow users to authenticate themselves without the need for a password or username, using more secure methods like PINs or biometric identifiers (e.g., fingerprints or facial recognition) instead.
A Fine Balance Between Security and Usability
As NAB prepares to roll out this technology over the next three to five years, the bank is working to strike a delicate balance between enhancing security and maintaining ease of use for customers. Bucchianeri emphasized that while stronger security measures are necessary, they must not make banking so cumbersome that customers resort to insecure shortcuts, such as writing down their PINs on paper.
NAB has already made significant progress in improving its defenses against the 50 million cyberattacks it faces annually. Though hackers have not breached the bank’s primary security measures, they have targeted smaller companies associated with NAB, gaining access to personal information like phone numbers. This data is then often used by scammers to impersonate bank customers or staff, facilitating fraudulent transactions.
Partnerships to Combat Scams and Fraudulent Transactions
In response to this evolving threat, NAB has taken additional steps to collaborate with other banks and cybersecurity firms. In November, NAB joined forces with BioCatch, along with ANZ, Commonwealth Bank, Suncorp Bank, and Westpac, to create the BioCatch Trust. This innovative partnership focuses on using behavioral analytics to identify potentially fraudulent transactions in real-time. By analyzing user behavior and device data, the BioCatch Trust aims to prevent scammers from laundering money through mule accounts.
Chris Sheehan, NAB’s Executive Group Investigations and former Australian Federal Police executive, emphasized the importance of such partnerships in combatting fraud. “Scammers are grubs who will do anything to rip Australians off,” he said, noting that while customer scam losses are decreasing, there is still much work to be done. Sheehan praised the BioCatch Trust as a global first and a step toward making Australia “the hardest country in the world for criminals to steal our money.”
NAB has been using BioCatch’s behavioral and biometric technology since early 2020 to detect attempts at impersonation. Additionally, the bank has implemented other fraud prevention measures, such as blocking suspicious payments, warning customers about new payees, and preventing payments to high-risk cryptocurrency platforms.
