How we keep you safe online

We’re committed to making your online experience as safe as possible while preserving the ease and convenience of our Online Banking services.

How we keep you safe online

The Online Guardian Challenge Service

The Online Guardian Challenge Service works with Online Guardian to help make Online Banking even safer for you.

The Online Guardian Challenge Service further confirms your identity by using the secure challenge questions you chose or sending a verification code to your registered mobile phone.

How does it work?

Westpac’s Online Guardian will:

  • continually monitor Online Banking for unusual activity
  • identify unusual transactions
  • prompt you to further authenticate your identity by using challenge questions that you have set up, or sending one time verification codes to you by txt

Online Guardian is a fraud detection system that will learn your normal Online Banking activity, and will only ask to check your identity if something changes dramatically (like logging on from a different country or making a large payment to someone you haven’t paid before). Almost all of these checks will be in the form of one of your challenge questions, but a very small number will need a one time verification code that we will send to your registered mobile number by txt.

These challenges will be fairly rare, but important.

What you need to do

We’ll ask you to choose three questions and enter the answers (which can only be accessed by you). These will be your challenge questions. The questions should be things you already know, like “Where was your father born?” or “What was the name of your first pet?” They’re questions you simply know the answer to and are therefore much easier to remember.

We’ll also ask you to register your mobile number to receive verification codes by txt. Although we strongly recommend registering your mobile number, it won’t be a mandatory requirement for standard Online Banking functions and there will be alternative ways to authenticate payments if a verification code is required.

The challenge questions and your registered mobile number can be reviewed at any time using the 'Security preferences' menu on the left-hand navigation, however you'll need to correctly pass a challenge before you can access this.

Reset your own Online Banking password

Once your Online Guardian challenge questions have been set up and you have registered your mobile phone in Online Banking, you will be able to reset your password without having to call us or come into a Westpac branch. Simply click the ‘Reset your own password’ link on the login page.

From here you’ll be presented with one of your challenge questions to answer. Once you have passed this, a temporary password will be sent to your registered mobile phone which will enable you to login. Once logged in you will be required to change your temporary password.

Automatic Online banking logout

If your online banking session remains inactive for 10 minutes, you’ll be automatically ‘timed out’.

By selecting the logout link when you have finished your online banking session:

  • all pages you visited are removed from the browser's cache
  • no one else can click on the ‘back’ button to see your account details after you have finished your online banking session

Security email and txt alerts

Keep track of your Online Banking activity, bank account and credit card information with email and txt alerts.

>What are email and txt alerts?

Westpac’s Online Safety Guide

Developed with the assistance of the Internet Safety Group, the Online Safety Guide covers what you need to know about keeping your computer secure and yourself safe when you’re online.

The Online Safety Guide covers a number of topics that you need to know about whenever you’re online, including…

  • getting started online
  • banking online
  • shopping online
  • scams and e-crime
  • keeping your family safe.

>Download the Westpac Internet Safety Guide

Our Online Banking fraud team

If you get a phone call from a member of our Online Banking fraud team it's because

  • they’re analysing transactions that may look suspicious
  • they need confirmation from you that transactions on your accounts have been made or authorised by you

Our Online Banking fraud team will never ask you for confirmation of your security details or password. These should not be disclosed to anyone.

How can you tell if an email you get from Westpac is real?

  • we will always use your first name – phishing or hoax emails are generally impersonal and might say something like ‘Dear Westpac Customer’
  • we will never include a link to take you to our Online Banking login page – we will always ask you to login through our website.
  • we will never send an email (or phone you) and ask for your password (or PIN) or bank account details
  • often the hoax emails will contain numerous grammatical errors

If we email you about an important issue you’ll be able to find details on our website, and if you have any doubts you can call us to check things out.

What to do if you receive a phishing or hoax email

If you believe you have received a phishing scam email,

  • do not click on the link contained in the email
  • do not reply to the email
  • report the phishing scam (see below)
  • delete the email
  • update and perform an anti-virus scan on your computer
  • update and perform an anti-spyware scan on your computer

Reporting a phishing scam

If you believe you have received a Westpac-related phishing email, report it by forwarding the email to the following address:

phishing@westpac.co.nz

This email address is for notification purposes only and you will not receive an individual reply.

View the most recent phishing scam

How can you tell if a website is a hoax?

The Online Banking home page address (URL) is:

https://sec.westpac.co.nz/IOLB/Login.jsp

For customers invited to the Westpac New Online Banking BETA trial the address (URL) is:

https://bank.westpac.co.nz/beta/NIB.html#login

If you're ever at a site with a login page that differs in anyway from the above, you're not at an official Westpac Online Banking login page (refer images 1 and 2 below). Westpac uses extended validation certificates (EV). If you're running a reasonably new browser, this will display the organisation information associated with the certificate. It should read “Westpac New Zealand Limited [NZ]” either to the left or right of the home page address (refer images below).

Image 1 – Google Chrome browser showing the organisational information to the left of the Online Banking homepage URL.

Image 2 –  Google Chrome browser showing the organisational information to the left of the Westpac New Online Banking BETA login URL .

Westpac New Zealand Limited's Online Banking guarantee

At Westpac we are committed to protecting you from online fraud, and we are just as committed to preserving the ease and convenience of our online banking services.

We are so confident in our systems and processes that, subject to our Terms and Conditions, we make you the following promise:

"In the unlikely event that you fall victim to online fraud as a result of using Westpac New Zealand's Online Banking or Business Online Banking services, we will always reimburse, in full, all money taken from your account."

If we have detected the fraud (in most cases) money will be returned virtually immediately.

If you think you’re a victim of online fraud then contact your nearest Westpac branch to report it. They will more than likely ask you to contact the police as well.

Once the issue has been investigated and you are deemed to be the victim of fraud then you will have your money returned.

(Remember Westpac will never send an email (or phone you) and ask for your password (or PIN) or bank account details.

Note: The Online Banking Guarantee does not extend to Corporate Online or DeskBank services.