VoiceOver users please use the tab key when navigating expanded menus


protect and manage your security

Protecting your security credentials

If you have been granted access by your company to an ANZ web-based platform it is very important that you understand your obligations in protecting your security credentials. The risk to your company from an online fraud attack is very real and the consequence of an attack can be significant. To help you understand your part in the chain of protection please read below for tips on protecting your identity, security credentials and computer.


Identity theft is a crime whereby someone obtains some of your personal details (such as date of birth, personal security questions and answers) in order to impersonate you. This personal information might be used to reset your password/PIN or fraudulently gain access to online platforms that you have been given access to on behalf of your company. To protect your identity, please be aware of the following:

  • Do not write down personal identity security information such as security questions and answers (i.e. What was the first school you went to?).
  • Do not provide personal information to anyone who has called or emailed you without your request.
  • Personal information you provide on social media sites can be used to commit identity theft and commit fraud.
  • ANZ will require you to answer some personal security information when you call us. We will need this to ensure we can verify your identity over the telephone. Make sure that no one can overhear your security answers.

To enable you to securely log on to your ANZ web-based platform you will have been provided with a User ID and a security credential such as a Password, Smartcard or a Token device.  These are used to verify your identity when you log on to the platform and also to perform certain transactions. Follow the advice below to ensure that your security credentials cannot be stolen to commit a fraud.

Password and PIN tips

  • Your PIN or Password should not be based on information that is easily found such as your User ID, personal telephone number, birthday or other personal information.
  • Your PIN or Password must be kept confidential and must not be divulged to anyone.
  • Your PIN or Password must be memorised and not recorded anywhere.
  • Your PIN or Password should be changed regularly or immediately if you suspect that someone else might know it.
  • The same PIN or Password should not be used for different websites, applications or services, particularity when they relate to different entities.
  • Your password will be harder to guess if contains a combination of upper and lower case letters, numbers and symbols.
  • Never reveal the One-time-password [OTP] generated by your security token to anyone.
  • Never select the browser option for storing or retaining your User ID and Password.

Smartcard and Token tips

  • Never share your Token or Smartcard with anyone.
  • Always store your Token or Smartcard securely and do not leave it unattended. You should treat the security device like you would treat your own credit card.
  • Immediately advise ANZ if your Smartcard or Token has been lost or stolen.
  • Ensure anti-malware protection software has been downloaded on your computer.
  • Check your computer security on a regular basis and download the latest security upgrades.
  • Ensure you only access trusted sites on the internet and do not open emails you’re not sure about.
  • Use a firewall to prevent unauthorised intrusions.
  • Block spam emails.
  • Keep your computer browser (e.g. Internet Explorer, Firefox), and product software (Microsoft Office/Adobe flash, etc) up to date. Software providers frequently develop updates and patches to address new and developing security threats.
  • Make sure you are logged on to a secure web address with a Secure Socket Layer (SSL) Certificate. You should check that the bank’s website address changes from http:// to https:// and a security icon that looks like a lock or a key appear when authentication and encryption is expected. If you click on this icon you will find information about the organisation with whom you have the secure session with.

Contact your organisation’s system administrator if you are concerned that the above security controls are not in place on your computer.

Preventing electronic notification fraud

Information on how to ensure emails and SMS are coming from ANZ.

There are a number of ways to ensure that the SMS you have received is a genuine message from ANZ. Things to look out for include:

  • An SMS that asks you to respond – ANZ will never ask you to respond to an SMS and will instead instruct you to access a website or call ANZ. The link will take you to a page on our website, where you can find out more before logging in, applying or downloading
  • An SMS asking you to verify your identity – ANZ will never send you an SMS asking you to verify, provide or enter your personal information or security credentials.

If you suspect that you have received a hoax or fraudulent SMS, please report the incident to the Customer Service Centre.

ANZ will never send you an email asking you to either verify or provide your personal information or security credentials.  However, ANZ will often send emails that contain hyperlinks. If you do receive an email from ANZ that contains links or asks you to respond in any way, please check for the following:

  • We send emails, and these often contain hyperlinks. However, if we send you an email with a hyperlink, the link will take you to a page on our website, where you can find out more before logging in, applying or downloading
  • The email does not ask you to reply to verify and provide your personal information and security credentials
  • The website that the email links to is safe and secure. To ensure that the site is secure please see the "Steps to prevent Phishing attacks" section below.

If you receive an email that you suspect is either a hoax or fraudulent, please report the incident to the Customer Service Centre.

Phishing is when someone attempts to fraudulently obtain your personal information and security credentials via an electronic message that impersonates a trustworthy entity.  The message will often instruct you to follow a link and then enter your personal information. To ensure that a website is a safe and genuine ANZ page, please make sure that you are on a secure website by checking if there is a Socket Layer (SSL) Certificate. To check that you are on a site with a SSL Certificate:

  • Check the address bar of your browser to see if ANZs website address has changed from http:// to https://
  • Check to see if a security icon that looks like a lock or a key is visible near the address bar on any page that you need to enter your security credentials. Clicking on the icon will provide you with more information about ANZs SSL Certificate.

To minimise your chances of becoming a victim of a Phishing scam:

  • Treat all emails that request your personal information or security credentials with caution. ANZ will not send you an email asking for your personal information or your security credentials
  • If you use a password to access your online accounts, change it on a regular basis
  • Keep your anti-virus and firewalls up-to-date and preform regular scans of your computer.

If you are unsure if the email is really from ANZ contact the Customer Service Centre before following any instructions or clicking on any links contained in the email.

Email is one of the prime movers for malicious viruses. These viruses are often within attachments and can come from someone you may or may not know. If you receive an unexpected email that contains attachments from ANZ, please contact the Customer Service Centre before opening.

ANZ security self service

The following information applies to activating your ANZ corporate online account. If you use ANZ for your personal banking, you may be contacted for other reasons using the details registered with your personal banking accounts.


Are there any fees and charges for receiving an SMS message from ANZ?

ANZ will not charge you a fee for receiving an SMS.  However, your mobile service provider may charge you a fee to receive an SMS.  Any such charges are your sole responsibility and any matters regarding these charges should be raised with your mobile service provider.


What should I do if I have not received an SMS?

Please ensure that your mobile phone has reception. If your phone is out of range of the mobile network, then it won't be able to receive the SMS.

You can request for a new SMS to be sent by clicking on the 'Generate New Code' button. Try this if you have not received an SMS within five to ten minutes or have not entered your verification code within 15 minutes of requesting it.

The last four digits of the mobile number recorded in our system will be displayed on screen. Please contact the Customer Service Centre for assistance if these digits are incorrect, or if they are correct and you still do not receive an SMS.


What are the Security Questions (Challenge and Response) and when are they used?

Security questions are a feature that provides an extra level of protection for your transactions and personal information. These questions and answers are personal to you and help us verify your identity.

These questions are designed to be easy for you to remember but hard for someone else to guess or obtain (i.e. on social media).  Your security questions and answers are like a PIN or password. You should keep these secret and not disclose them to anyone.  Do not write them down or record them anywhere.

You will be asked for the answers to your security questions when we need to verify your identity. This includes when you:


How do I change my security questions?

To change your security questions please contact the Customer Service Centre. You will need to provide the help desk with the answer to two of your existing security questions in order to change them.

If you have forgotten your security questions, please complete the Security Profile Reset Form which is available on the Contact Us page.


What should I do if I have incorrectly answered my security questions?

If you incorrectly answer your security questions three times, you will have your online access suspended as a precaution. You will be notified if this happens and will need to complete the Security Profile Rest Form available on the Contact Us page.

For a full set of relevant disclosures, please visit the link below.

View disclosures