NAB to Replace Passwords with Biometric Authentication by 2030

National Australia Bank (NAB) has announced plans to eliminate traditional passwords in favor of advanced authentication methods like fingerprints and facial recognition by 2030. The initiative comes as the bank faces approximately 50 million cyberattacks monthly, with criminals frequently targeting smaller businesses connected to NAB to access sensitive information.

The move is part of a broader industry trend toward passwordless authentication, following the FIDO Alliance’s push for passkey adoption across banking and payments sectors.

NAB’s Chief Security Officer, Sandro Bucchianeri, described passwords as “terrible” for online banking security. “We plan to implement passkeys and biometric recognition technology,” said Bucchianeri, allowing customers to access accounts through facial recognition, fingerprints, PINs, and swipe patterns – similar to smartphone unlocking mechanisms. This approach mirrors recommendations from ISACA’s cybersecurity experts, who have called for organizations to replace traditional password authentication with biometric and AI-powered solutions.

The bank’s digital subsidiary, ubank, has already introduced passkeys in 2023. The main NAB platform is expected to implement similar authentication methods within three to five years. Customers can currently configure various login methods through the NAB app, including biometric options such as Face ID or fingerprints. The implementation builds on the growing adoption of biometric authentication in financial services, as demonstrated by similar initiatives from digital banks like Revolut.

Bucchianeri highlighted the importance of balancing security with usability, noting that excessive security measures may prompt users to seek workarounds, potentially compromising safety. Conversely, prioritizing convenience could weaken overall security protocols.

NAB has implemented additional security measures, including an interbank intelligence-sharing network focused on fraud and scams in collaboration with CBA, ANZ, Westpac, and Suncorp. This network is part of a larger initiative that includes BioCatch’s behavior-based financial crime intelligence-sharing network, launched in November 2024 to combat sophisticated fraud schemes across Australian banking institutions. The bank has also introduced payment alerts for suspicious transactions and removed links from customer text messages to prevent phishing attempts.

The transition represents a broader shift in banking security practices, as financial institutions adapt to evolving cybersecurity challenges. The complete migration from traditional passwords is scheduled for completion by 2030, positioning NAB among the growing number of financial institutions embracing next-generation authentication technologies to enhance security and user experience.

Sources: 2GB Sydney, Yahoo! Finance

–

December 9, 2024 – by Cass Kennedy