Online security

The security features built into CommBiz allow you to adapt your service to suit the way you want to operate your business. Within the banking industry, security considerations are paramount for any online service. Our security features include:

• User permissions
• Role permissions
• A configurable and extensive authority to operate against your nominated account
• Login security
• Security tokens for the authorisation of transactions
• An encrypted connection between your systems and the Bank
• Comprehensive audit reporting and user activity tracking
• Latest security alerts

 

User permissions
You are able to control the functionality provided to your staff using the user permissions function. Your nominated administrator(s) will decide what each of your users and authorisers can “see” and “do” within CommBiz.

Role permissions
CommBiz allows you to establish “roles” which represent common permissions for a group of users. Roles allow individual users to be assigned to a particular function, such as a payroll or accounts payable clerk.

Authority to operate
CommBiz requires an “electronic account authority” (that is, the authority to operate on an account) to be established for each account being accessed. The authority to operate outlines the number of authorisers required to authorise transactions on an account.

The authority to operate may also include rules such as monetary bands (that is, minimum and maximum payment limits) and authorisation lists (for example, A, B and C signatories). You can have a maximum of five lists and three monetary bands.

Authorised users established through the Express Registration mode will have authorisation rights across all accounts in your CommBiz service. The Express Registration only allows you to establish whether a given account will need one or two authorisers, regardless of the transaction value.
(Top of page)

Login security
Each user is authenticated using a login ID and login password, before being granted access to CommBiz. Passwords must be a minimum of 8 and a maximum of 16 characters in length and must be different from the last five passwords used. Once a user has logged into CommBiz, a session timeout period of 15 minutes is set, which will automatically lock the application on the screen you were on. The re-input of your login credentials will reactivate the screen being used.

In addition to the normal login ID and login password, all authorisers and administrators are required to enter a unique one-time (single-use) password, generated by a security token, when accessing administration functions or authorising transactions. We recommend that Login passwords are changed on a monthly basis, which can be initiated by individual users from their CommBiz Home Page.

At your request, you can also configure the system to ensure that all your users are required to use security tokens.

Security tokens
All CommBiz authorisers and administrators are provided with a security token. Every 32 seconds the security token uses an algorithm to generate a unique number, a one-time password (OTP), which can only be used once. The OTP provides a second factor of authentication for added security, the first factor being the login ID and login password.
The two tokens we offer are the Go3 and the Pro260, as shown below. If you select the Express Registration mode, the Go3 token is automatically assigned to your authorised Users. For Custom Registration, you can choose either type of token, depending on your security requirements.

 

	The Go3 token provides a simple two-factor authentication solution. The one-time password is generated by pressing the activation button on the left-hand side of the token. Go3 security token brochure
	The Pro260 token has a higher level of security and provides three-factor authentication. Before a one-time password can be generated, the Pro260 token must be activated by first entering a PIN number. How to use your security token How to change your token PIN If you have locked your security token Pro260 security token brochure

(Top of page)

Encryption
All CommBiz sessions between your systems and our CommBiz application are connected through a Secure Socket Layer (SSL) using 128 bit encryption. This is a widely used and accepted security method within the financial services industry.

Comprehensive auditing and user activity tracking
In addition to the audit log of user information, all actions made in CommBiz are recorded with a date and time stamp. System administrators can print audit reports as required.

Latest security alerts
View information on the latest Commonwealth Bank security alerts.
(Top of page)

• Important information. As this advice has been prepared without considering your objectives, financial situation or needs, you should, before acting on this advice, consider its appropriateness to your circumstances. Terms and conditions issued by Commonwealth Bank of Australia for CommBiz are available on request. View our Financial Services Guide (PDF 56kb). If you have a complaint, the Bank's dispute resolution process can be accessed on 13 2221.