Digital Services Security Features

To access your ANZ digital service, login with an issued User ID and a security credential such as a Password or a Token device. These credentials verify your identity when you log on to the platform and manage or approve transactions. It is highly recommended to keep your credentials private from others.
ANZ strongly recommends:

• Using two-factor authentication (2FA) for an additional layer of security, such as a Token or ANZ Digital Key.
• Not using public computers to access ANZ Transactive – Global or conduct transactions; not using public WIFI networks when using online banking services.
• Not saving usernames and passwords, PINs on browsers.
• Not using unlocked mobile equipment to download and use the online banking application software or OTP (One-Time Password) generator software.

To help protect you from fraud, ANZ partners with a trusted security service provider.

By using Institutional Digital Services (other than via mobile), you consent to ANZ and our provider collecting behavioural data about how you use your device on Institutional Digital Services (other than via mobile) logon pages and in channel – such as mouse movements and keystroke patterns. We use this, along with other information we collect or hold, to detect suspicious activity.

ANZ’s security service provider creates anonymised profiles and is not able to identify you as an individual. If you do not consent to this, please exit your Institutional Digital Services (other than mobile) logon page and contact us.

For details on how ANZ manages your information, please refer to the ANZ Privacy Policy.

ANZ recommends users safely end every session by using the Log Off button in the navigational bar and then closing the browser. ANZ Transactive – Global will also automatically log you out after 15 minutes of inactivity.

Know Your Customer (KYC) is what we do to identify who you are, and either confirm or verify those details to ensure they’re accurate. KYC isn’t just for new customers, it’s for all customers, regardless of tenure. By having the right customer information, we can help protect you and reduce the risk of fraud and financial crime.

Security device approvers must have KYC information registered with ANZ to approve payments and direct debits.

To register or update your KYC details to use ANZ digital services, please contact ANZ.

Two-factor authentication (2FA) provides an additional layer of security when using ANZ digital services. With two-factor authentication, you confirm your digital identity using a combination of something you know (your password) and something you have (a security device).

With 2FA, if an unauthorised person obtains your password, that information alone is insufficient to access your ANZ digital services. ANZ strongly recommends the use of security devices at all times. Contact ANZ to request a security device. Please note that not all security device types are available for all digital services or all users. Additionally, laws and regulations in some geographies may mandate the use of a particular type of security device.

To learn more about the security device types available, refer to Security Devices.

Having a single individual perform all functions within a digital channel can increase the risk of fraudulent activity going undetected. As such, ANZ strongly recommends you segregate duties amongst multiple users. This includes using multiple administrators when making changes to user profiles and system settings, as well as ensuring different users are involved when creating and approving payments and direct debits. 

To ensure that you have implemented segregation of duties across ANZ Transactive – Global:

• Check that your Administration Model provides segregation of duties for changes made to user profiles and system settings
• Check the Authorisation Matrix that is in place for each payment and direct debit product is appropriate
• Check that your users have the correct roles assigned for the tasks they undertake
• Check that all new and changes made to beneficiaries in your Beneficiaries screen require approval
• Consider receiving an email notification each time a change is made to a beneficiary from your Beneficiaries screen.

ANZ Transactive – Global has preset default limits for approving payments and restricting the transaction value users can authorise. Your company administrator can amend users' discretion limits based on your structured business requirements.

To learn more, refer to User Permissions and Edit User.

All data is encrypted when transferred between ANZ Transactive – Global and our customers via the Transport Layer Security (TLS) protocol, which maintains the confidentiality and integrity of data while communicating over the internet. The TLS protocol establishes the website's identity and encrypts the transmission channel between a web browser and a website to keep the transmitted information confidential. Only the user who has established a secure web connection can see the data unencrypted. Any attempted change to the data will be detected and disallowed.

ANZ provides security audit trails that report on activities performed within ANZ Transactive – Global. Reports include: 

• Administration audit history: Provides audit history of changes made to roles and users
• User Activity Report: Details a users’ interactions with the system, including timestamps, IP addresses, services, functions and actions involved
• Payment and direct debit audit reports: Details date, type, status, totals and who created, approved and modified the payment/direct debit
• Payment and direct debit Template audit reports: Provides an audit report for changes made to a template
• Beneficiary Audit Report: Provides an audit report for changes made to a beneficiary from your Beneficiaries screen

Audit reports can be exported to CSV and PDF and are available indefinitely. To download audit reports, refer to Report Profiles .

ANZ Transactive – Global has multi-layered monitoring capability to monitor unusual user logon behaviour. This will detect when a customer’s device has been infected by financial malware, abnormal behaviour that could lead to suspicious activity, or when a customer has submitted their security credentials to a phishing site that looks like an ANZ log on page. ANZ also offers customers access to IBM® Security Trusteer Rapport™. This free software focuses on multi-layered protection against financial malware and complements your existing anti-virus software. 

For more information, please see Security software.

To speak to the team or report fraudulent or unusual activity on your account, contact ANZ’s dedicated Customer Protection Team via Global digital services support for immediate support. The Customer Protection Team is available 24/7, 365 days.

To learn more about cybersecurity and best practices, refer to ANZ Security.

It is a recommended obligation for Company Administrators to regularly review your organisations’ user access, including disabling or deleting users as required, to help minimise the risk of unauthorised activity. 

Changes to specific fields in the user profile will generate a notification to the end user.