In an Australian first, ANZ said passwordless web banking would help prevent customers from malware attacks, including infostealer scams, as well as reduce the risks from data stolen in data breaches or impacted in phishing attacks.

ANZ Group executive Australia retail Maile Carnegie said by launching passwordless banking ANZ would help customers access its services effortlessly while fortifying security, identity and data controls.

“By introducing this change, we’re helping prevent customer log-in details from the risk of data breaches or phishing attacks – providing an extra layer of protection and one less thing for customers to worry about when it comes to banking security,” Ms Carnegie said.

Instead of using a password, customers can log in via passkeys of their fingerprint, face or device pin or through their phone number and approving a log-in request sent to their ANZ Plus app.

The passwordless service will be launched on ANZ Plus only and has not been applied to the ANZ app.

Last month, ANZ unveiled Digital Padlock technology that it will roll out in the ANZ app, ANZ Plus and internet services.

Once activated, it will block debit and credit cards as well as disable digital access and stop unauthorised activity on accounts while still allowing direct debits and loan repayments to go through.

The ANZ move comes after the big four banks were named as part of an infostealer attack.

According to an investigation by cyber intelligence researcher Dvuln, banking details belonging to at least 14,000 CommBank customers, 7000 ANZ customers, 5000 NAB customers and 4000 Westpac customers were being traded on the dark web.

Dvuln co-founder Jamieson O’Reilly told NewsWire there was a thriving underground where criminals were making a good living through infostealer scams.

“Instead of the traditional ransomware attack where they lock your computer and ask for money, criminals have found that it’s much more lucrative to not be detected, not make any noise and just leave the malware on your device as long as possible so that every time you change your information, it is sent back to the criminal gangs that control it.

“It means they have this continuous stream of information that they can sell to other cybercriminals.

“So rather than one payment with a ransom, they’re getting year-on-year payments in some cases where they’ve got a device infected for a long time.”

Mr O’Reilly said while the research focused on the banks, there was a much larger problem for Aussie households.

“We chose to highlight the banking risk because that would get the everyday Australian’s deserved attention, but there was a lot more information,” he said.

With the launch, ANZ is reminding Aussies to remain vigilant online.

“Don’t give personal information or money to anyone if unsure.” ANZ said.

“Never click a link in a message, and only contact businesses or governments using contact information available through their official website or secure apps. If you’re unsure, hang up or delete.”

Originally published as ‘Preventing phishing attacks’: Major bank’s plan to slow down cybercriminals