I’ve blogged before about BNZ’s stupid Netguard Card – which has codes on it to allow you to login to your bank account. Perish the thought that you are travelling when the new one is issued, or that you lose it without first taking a photograph and placing it on your blog or Flickr.
BNZ updates the card every year – and that’s where we can start figuring out how much it costs.
They use cards from Entrust, a company that entertainingly does not even own entrust.co.nz. (pretty trustworthy huh) There is, however, a pricelist on their site, and they are quoting US$8.26 per user for a yearly process for 10,000 cards.
They are quick to point out the savings of the card versus the alternative of a Token:
That’s based on 10,000 users, but we can change the number of users – so let’s choose 800,000 – my guess to the number of active BNZ customers.
That’s not so bad – at all. Indeed even with recent exchange rates and a healthy “Where the heck is New Zealand?” margin, these things are probably coming in at NZ$4-5 dollars each. That’s still $4-5 that I’d rather have in my account however.
The comparison for 80,000 users looks pretty bad for those tokens though – banks that use them would pay an extra US$23m.
So as I understand it BNZ is now obliged to use some sort of additional security check, and so choosing the Netguard Card is the least bad alternative. It’s cheap, fits in my wallet, and can be photographed and stored digitally.
I’d still prefer the option of nothing though.
The Kiwibank option actually works OK. It just required you to enter a couple of characters of a ‘secret’ word of your choosing (you have to give them 3 from memory). The trick is that make you select it with a mouse as opposed to the keyboard to stop key loggers.
You would hope that nobody else copies your card, then returns it to your wallet before you notice it missing.
Stuart – they would still need to know my login number and password.
However the login number is written on the credit card, so, yes, any theft of your wallet will result in the loss of two of the three security items. It’s security theater.
Even worse than theft of your wallet is if someone can get hold of your wallet for a minute without you knowing. They could take a photo of your credit card and Netguard and you wouldn’t even know it. At least if your wallet was stolen, you could cancel your cards. They would still need your password (hope you’ve chosen a secure one) but they could try to guess it at their leisure.
National Bank and ASB both send me a text message with a unique code. If for some reason it doesnt work, I can call the bank and they can verify me over the phone and manually validate the transaction. In both cases I don’t need the code to log in and view, but if I want to make a one of payment or setup a Bill Payee or AP, I need the code to authenticate.
I have a Visa card with BNZ so have a NetCode for that, and find the NBNZ and ASB method so much better, and because they aren’t issuing me any hardware the cost must be very low
Adam Let’s compare then. Each text has a cost to the bank (and ultimately to the customer). It we say it is 5 cents, and that you login once per week, then it is costing $2.60 per year, which is getting up to the Netguard prices. 10 cents and it’s $5.20.
However if the system doesn’t work then it starts to become both expensive (all those calls, call centers and call center staff) and a poor customer experience. How often does this fail?
If I guess at 1 time per year (above BNZ’s system), and price each call at $3 (I’m completely making these figures up), then that’s now a total of $5.60 per year (at 5 cents per text).
It’s also tough when you are out of phone range, or travel without one – say you are sitting in an internet cafe in China. What then?
On the balance of it all though I think I’d prefer this approach to the BNZ one.
I’ve never once had it fail, but that said I don’t have to use it all that often. Most of the payment I make are to Bill Payees already setup.
I rememeber reading a post of yours when you were overseas and trying to get a NetGuard back when BNZ decided to make it mandatory. I certainly think in a situation like that you would have been up and running much faster if you were with National or ASB.
I think what annoys me most about NetGuard is that becuase I only have a Visa card with BNZ, all I really log in to do is check balances/transactions. It frustrates me I need to authenticate for read-only stuff.
BNZ system also seems to fall down in a situation where your NetGuard is lost/stolen/expired. You are totally locked out of your internet banking until you can source a new card.
The ASB netguard is only required for transactions over a certain value outside of your account. The rest just uses a password.
I made the original ‘question/answer’ for Kiwibank back when I was working for them.
As Glenn stated users must enter 3 or more (with no upper limit) personal questions eg “What road do I live on”. The system then randomly asks for two random letters from your answer. Then – even if there is a keylogger the chances of the same letters and questions being asked are very tiny.
I made sure that the system was in before I went on my trip around the world so when I logged in from dodgy Internet cafe’s in Prague and Rome I still felt safe :)
It’s a good system and while it isn’t true two-factor it still involves something personal which got the job done. :)
Via @nzkoz on twitter:
@lancewiggs you’re lucky they went with that stupid decoder ring rather than some of the idiotic shit I saw pitched a few years back
I’ll confess, I thought Asb’s netcode was stupid at first, but as far as 2nd factor auth goes it seems the best of a bad bunch.
So – what were the other stuff that was pitched?
Jay, you the man! That Kiwibank question/answer thing is awesome, and I love not having to tote around something in my wallet that I’m just going to lose anyway.
I tell you, all the great banking innovation seems to be coming out of Kiwibank these days. Certainly isn’t coming out of National Bank … holy christ that site is antiquated!
Comments are closed.