Two-factor payment verification

With scams getting more advanced, there needs to be systems in place to protect consumers, since banks aren’t taking responsibility.

If paying someone you don’t know, or transferring large amounts, funds are held until the payee confirms, or if paying a murchant such as Noel Leeming, codes are generated.

I’m getting a smart TV and home theater system from Noel Leeming which costs $1500. I pay online using my other purchases virtual card,. Debut app sends me a code I enter into the payment screen to confirm the transaction, so I enter it, then funds are cleared, and I have the choice to add it to my whitelist.

Similarly, I’m paying someone not on Debut or another bank. I get a code from Debut, plus the payee gets a code they have to enter into their banking app within a set time. I then get another code I enter to confirm the payee has entered their code, after that funds are cleared.

1 Like

Having some sort of “safety check” with the account holder for transactions above a certain amount is a smart move. Systems like POLi Pay provide a fairly simple portal that asks customers to authenticate by logging into their bank account using online credentials. I’ve personally always been a little uneasy whenever paying through this system, because I have to trust that the site is safe. I’m sure POLi have measures in place, but I’ve had my personal account (with another bank) compromised before and I’m now forever weary.

There may be differences to keep in mind between say:

  • paying in person, with EFTPOS or PayWave
  • paying for something online
  • transferring money to an account number

Paying for things with your card
With EFTPOS and PayWave, the POS (point of sale) machines normally time-out after a few seconds and cancel the transaction and this might also be the case for some online payment solutions. However larger transactions on POS do require a PIN, so that could work. Most merchant payment systems likely need to work around a range of banking security protocols and may support some sort of pause within a set period. Given we’re discussing larger amounts, it makes sense, but I still think it’s something that will need to be fine-tuned and tested very well. All-in-all, my personal preference would be for it to just not be complicated. Like, if I could just use Touch ID or Face ID or if it’s already using this system that it can auto-accept, that would be cleaner. (for me personally.)

Paying people through the app
As for the recipient being required to confirm receipt. I think that should also just happen seamlessly. If you send someone money, their bank may not process transactions on the weekend, but maybe you could send them something like a digital receipt that shows a webpage with the transaction amount and the recipient account and indicates whether the recipient bank has accepted the transfer yet, so then they can see it’s been sent, but their bank has not processed it yet. On the back of that, it would be neat if there was a one-time “say thanks” button that could be disabled by the Debut account holder (in case of harassment.).

As for security, I’m not sure how or where the recipient might enter a code into their own banking app, because they’re all a bit different, but perhaps, in the spirit of 2-Factor Authentication, the Debut account holder can turn on 2FA for payments above a set threshold. The only reason why I’m not completely convinced on this one is because it’s also a way that someone in an “unhealthy relationship” might control their partner. So, again, fantastic ideas and great reasoning behind them. Just considering different options and balancing security with ease of use, but above all, user control over their own money. Keep 'em coming!

My reply is too long now! Congrats on the new telly btw! :slight_smile:

1 Like

On POLi I would love to see a way to create a temporary login password that’s a one-time use just to give to POLi for logging in. With my current bank I do this by changing my password, using POLi then changing it back, but support for this workaround would be nice.

It would be nicer if companies didn’t use POLi at all.

1 Like

Welcome, and thanks for the comment, @crimson. That’s quite an elegant solution. The app could have a code generator, not unlike your 2-factor authentication apps and maybe Poli could be set-up to recognise the 2FA code.