Show:
Bit Of Everything
Bit More of Everything
Failed Authentication
SMS Authentication
Manual Authentication
100

What how many questions do you need to ask to complete 'low risk' personal authentication and what are they?

3 questions;
Name
DOB
1 additional question (3a)

100

What information do you need to get from the customer when answering "recent transaction:

how the transaction was made - transfer in IB, withdrawal at ATM, BPAY at a post office

amount - -/+ 50

who it went to - reference/merchant name 

DR - always customer initiated 

not an a statement yet

Is not a purchase authorisation or outstanding transaction.


100

How many times, in what timeframe can a customer fail auth over the phone?

Can fail auth twice in a fortnight

100

What are the 2 questions you ask before sending a code?

Name & DOB

100
What is the minimum amount of questions you ask for high risk auth and what are they?

5 questions

Name 

DOB

3A

4A

5A

200

Are you able to accept answers from accounts that have a T (third party) and a Y(signatory) next to them?

No, you are only able to accept answers from O, P & S

200

What must you advise before completing outbound authentication?

"This call will be recorded and may be used for quality, training and identification purposes."

200

What next steps can you advise your customer to take after failing at the allowed amount of auth attempts?

Help them find their nearest NAB branch, and advised them they'll need to take photo ID with them.

200

If your customer is unable to receive the sms code after you have sent them a code twice, what must you do?

proceed to complete high risk manual authentication.

200

Why don't we ask for a last deposit amount?

Because anyone can transfer money into someone's account and is too easy for a fraudster to know

300

What details do you need to get from your customer to accept an answer for 'another party'

full name of joint party and the type account that is joint

300

is outbound auth a HR type or LR type of auth?

it' only LR, if the enquiry turns into a HR you need to complete HR auth (exclu Sms auth)

300

What steps do you take to record a failed auth?

Following ticking the questions you have attempted to ask, in the Authentication screen in the bottom window, click Fail. A red flag displays in the Authentication window 

Leave a clear Siebel activity around why the customer failed auth.


300

When aren't you able to SMS auth a customer? list 3

  • If they are exempted from SMS Security.
  • If an All Services Block is active in Convenience Banking Profile (CBP).
  • If an alert appears on the customer’s profile indicating a compromised NIN.
  • If an alert appears on the customer’s profile from the Digital Fraud and Anti Scam team.
  • When making outbound calls to customers.
300

What do you need to get from the customer to be able to accept an answer for regular payments

  • Provide a direct debit, periodical payment, or loan repayment, leaving an account.

  • Not provide a credit payment (wage/salary, Centrelink payment, and so on) or an outstanding transaction to answer the question.
  • State the frequency of the regular payment. Only weekly, fortnightly, or monthly payments are acceptable
  • Remain within the tolerance level of +/- $50.
  • State to whom the payment is going. For a direct debit, prompt for a company name. For a periodical payment, prompt for the account that funds are going to.
400

If you become suspicious of a customer’s behaviour or transaction patterns (with no concerns over the customers identity), what much you submit?

An Unusual Activity Report (UAR).

400

What do you do if you feel unsure or suspicious of a customer where you have only outbound authenticated them?

You can authenticate using the inbound auth method

400

List 3 tell-tale signs may be displayed by fraudsters over the phone claiming to be NAB customers? 

Vocal or Audio cues - muffled, difficult to understand, hear another person in the background giving answers, age may not match voice tone
Financial cues - large transactions going in and out without a ongoing salary

Behavioural cues - customer wanting something that doesn't match their usual activity

Reliance on documentation 

High risk country whisper from IVR

Private or unusual numbers 

Diversion tactics - avoiding directly answering questions you are asking

Failed Authentication or Repeated Call-backs 

External Support Services - National Relay Service or external interpreter service

Lost or Stolen Cards 

Phishing or Compromised NINs 

400

Can you customers be sms authed if they have no NABID or accounts on their profile. If so, how would you do it? 

Click New Customer in IBADMIN.

In the Mobile Number field, type a mobile number from Siebel/eBOBS.

Click Challenge Number. The verification number displays in a message on the top right corner of the screen. 

400

When asking for a recent transaction what type of transaction types can we accept?

The customer manually initiated (such as a funds transfer, bill payment, credit card purchase)

500

Name 2 reasons to why you would move to a B question during authentication?

Only move to the B (or C) question if:

  • The customer’s query is the answer to the question.
  • The customer’s answer is incorrect, but shows a degree of knowledge and fulfils certain acceptance criteria (based on the question’s rules).
  • The customer answered the question correctly, but you are still uncertain as to the identity of the caller.
500

When are you able to use an alternative number that isn't on the customer's profile and outbound auth them?

Only use an alternative number the customer has provided if the customer was authenticated on the call where they provided the number.

500

If you have received a call where you suspect you are speaking to a fraudster, what must you do?

Complete DFAS Notification eForm and select Suspected ID takeover as the fraud type. You must also follow the failed authentication process.

500

What do you do if the code doesn't match after you have gotten your customer to repeat the code back to you?

If the codes still do not match Record a failed authentication attempt.

500

When asking if there is another party on an joint account, what must we confirm with the customer?

  • The customer must provide the other party’s full first name and surname, as it appears in Siebel.

  • The customer also state which type of account the other party is a joint owner of. For example, “John Smith is joint owner to my savings account” is an acceptable answer.