The anz plus internet banking security update represents a major leap in digital safeguarding for New Zealand customers, integrating advanced artificial intelligence and biometrics to counter increasingly sophisticated cyber threats. As of April 2, 2026, ANZ has rolled out a suite of enhancements designed to protect both personal and business accounts from unauthorised access and real-time payment fraud. Key features of this update include the introduction of concurrent session blocking, which prevents a single account from being accessed on multiple devices simultaneously, and masked email addresses within user settings to prevent data scraping. For Kiwi businesses, the update enforces stricter "Know Your Customer" (KYC) identity verification for high-value functions like international currency exchanges. This article provides a comprehensive breakdown of these new security layers, practical tips for navigating the updated interface, and essential advice on avoiding the latest phishing scams targeting the ANZ community.
New core features of the anz plus internet banking security update
The latest anz plus internet banking security update introduces several mandatory technical changes aimed at hardening the bank's digital perimeter. One of the most significant shifts is the implementation of "Active Session Detection," which ensures that if a user logs into a new device, any previous active sessions are automatically terminated. This prevents a common vulnerability where a session left open on a public or secondary device could be hijacked. Additionally, the update has streamlined the authentication flow within the ANZ Digital Key app, removing unnecessary "Sign In" taps to provide a more responsive yet secure experience. These changes are part of a broader strategy to align the security processes of the ANZ mobile apps with the robust standards of the desktop web platform, ensuring a consistent level of protection across all digital touchpoints.
- Concurrent Session Blocking: Prevents simultaneous logins on multiple devices to stop unauthorized account takeovers.
- Email Address Masking: Automatically hides portions of a user's email in the settings menu to protect against identity theft.
- Forced App Upgrades: Requires users to move to version 22.0 or higher to ensure all latest compliance and security patches are active.
- KYC Enforcement: High-level functions like "Get Rate" for currency exchange now require a completed identity verification check to proceed.
Concurrent Session Blocking: Prevents simultaneous logins on multiple devices to stop unauthorized account takeovers.
Email Address Masking: Automatically hides portions of a user's email in the settings menu to protect against identity theft.
Forced App Upgrades: Requires users to move to version 22.0 or higher to ensure all latest compliance and security patches are active.
KYC Enforcement: High-level functions like "Get Rate" for currency exchange now require a completed identity verification check to proceed.
| Security Feature | Implementation Date | Primary Benefit |
|---|---|---|
| Active Session Detection | 27 February 2026 | Automatically logs out old sessions on login |
| Email Masking | 02 March 2026 | Protects sensitive contact info from prying eyes |
| ANZ Digital Key 25.1 | March 2026 | Faster authentication with fewer touchpoints |
| Concurrent Blocking | 27 February 2026 | Eliminates multiple-device hijack risks |
The role of behavioral biometrics in fraud prevention
A subtle but powerful component of the anz plus internet banking security update is the enhanced use of ANZ Falcon technology. This system now utilizes "behavioral biometrics" to analyze how a user typically interacts with the app—such as typing speed and common swipe patterns. If a transaction or login attempt deviates significantly from these established patterns, the system may trigger an additional verification step or temporarily freeze the account. This invisible layer of protection is highly effective at stopping automated "bot" attacks and human scammers who may have stolen a password but cannot replicate the genuine user's physical interaction style. .Read more in Wikipedia.
Mandatory updates for business and transactive users
For New Zealand business entities using ANZ Transactive – Global, the anz plus internet banking security update brings a more structured framework for managing user permissions and administrative visibility. A new "View Account Users" button has been added to the management screens, allowing business owners to see a real-time list of every individual who has access to a specific account, including their current status. This is particularly useful for large organisations with high staff turnover, as it simplifies the process of auditing and removing permissions for former employees. Furthermore, the update removes the ability to "toggle" between different security devices, forcing all approvals to be completed on the specific device used during the initial login. This "closed-loop" security model reduces the risk of a secondary, unauthorized device being used to approve a fraudulent payment.
- Enhanced User Activity Reports: Shows all users within a selected date range, even those who have not performed any activity, for better auditing.
- Administrative Improvements: Provides greater visibility into user entitlements and account-linked statuses.
- Security Device Locking: Requires that all approvals are enacted on the security device used at the start of the session.
- Term Deposit Menu Migration: Centralizes term deposit reporting and viewing under a new, more secure menu structure.
Enhanced User Activity Reports: Shows all users within a selected date range, even those who have not performed any activity, for better auditing.
Administrative Improvements: Provides greater visibility into user entitlements and account-linked statuses.
Security Device Locking: Requires that all approvals are enacted on the security device used at the start of the session.
Term Deposit Menu Migration: Centralizes term deposit reporting and viewing under a new, more secure menu structure.
| Business Tool | Update Action | Outcome |
|---|---|---|
| Account Management | New ‘View Account Users’ button | Instant oversight of who has access |
| Activity Reporting | Inclusion of inactive users | Complete audit trail for compliance |
| Get Rate Function | KYC verification required | Prevents unauthorised FX trading |
| Digital Key Flow | Reduced taps for approvals | Faster, secure business payments |
Navigating the new KYC compliance requirements
With the rise of international financial crime, ANZ has tightened the identity verification process for businesses. If your organisation has not completed its "Know Your Customer" (KYC) check in the jurisdiction where your account is domiciled, certain high-value features will now display an error message. It is essential for NZ business owners to ensure their residential and corporate documentation is up to date in the ANZ portal to avoid service interruptions, particularly when dealing with international trade or large-scale currency movements.
Protecting against the 2026 phishing wave
Coinciding with the anz plus internet banking security update, a new wave of highly sophisticated phishing scams has been identified targeting New Zealanders. These scams often involve "fake reward" or "loyalty point" text messages that claim your points are about to expire. The link in the message directs users to a cloned ANZ login page designed to steal Customer Registration Numbers (CRNs) and passwords. ANZ has issued a stern reminder that they will never send a text message or email containing a direct link to log into internet banking. The bank’s "Digital Padlock" remains a critical tool for those who suspect they have been compromised, allowing a user to instantly lock down their digital profile and prevent any funds from leaving their account until a manual identity check is performed by the fraud team.
- Fake Reward Scams: Fraudulent SMS messages claiming reward points are expiring to trick users into clicking malicious links.
- Advisor Verification Scams: Scammers calling and sending fake "verification emails" to gain trust before asking for codes.
- Direct Debit Scams: Fake emails claiming a new direct debit has been set up, urging the recipient to call a fake "help" number.
- Urgency Tactics: Scammers often use high-pressure language to force users into making a mistake before they can pause and think.
Fake Reward Scams: Fraudulent SMS messages claiming reward points are expiring to trick users into clicking malicious links.
Advisor Verification Scams: Scammers calling and sending fake "verification emails" to gain trust before asking for codes.
Direct Debit Scams: Fake emails claiming a new direct debit has been set up, urging the recipient to call a fake "help" number.
Urgency Tactics: Scammers often use high-pressure language to force users into making a mistake before they can pause and think.
| Scam Type | Red Flag | Action to Take |
|---|---|---|
| Points Expiry SMS | Contains a link to “Redeem” | Delete immediately; do not click |
| Advisor Verification | Caller asks for a code back | Hang up; ANZ never asks for codes |
| Direct Debit Email | References a mobile number for help | Check transactions via the official app |
| Unsolicited 2FA Code | Code arrives when not logging in | Change your password and call 0800 269 296 |
How to use the ANZ Digital Padlock in an emergency
If you believe your login details have been stolen, the ANZ Digital Padlock is your last line of defense. This feature, accessible via the official app or by calling the 24/7 Customer Protection Team, acts as a "kill switch" for all digital transactions. Once activated, even with a correct password and OnlineCode, no money can be moved from the account. This provides essential breathing room for the bank’s security specialists to verify the integrity of the account and issue new, secure credentials to the genuine owner.
Best practices for post-update digital safety
Following the anz plus internet banking security update, it is a good time for all customers to review their personal security hygiene. The bank recommends that users enable "Automatic Updates" on their smartphones to ensure they are always running the latest version of the ANZ app, as these updates often contain "zero-day" patches for newly discovered vulnerabilities. Furthermore, users should take advantage of the "Profile and Security" menu in internet banking to ensure their contact details—especially mobile numbers—are accurate. Incorrect details can prevent you from receiving vital OnlineCode SMS alerts, which are now used for a wider range of activities, including creating a new PayID or sending money to a first-time recipient.
- Enable Biometrics: Use Face ID or Fingerprint login on the ANZ app for a secure, password-less entry.
- Audit Contact Details: Ensure your phone and email are current to receive real-time fraud alerts and 2FA codes.
- Use Private Wi-Fi: Avoid doing your banking on public networks in cafes or airports, which are easily intercepted.
- Set Transaction Alerts: Configure notifications for large withdrawals so you are instantly aware of any unusual activity.
Enable Biometrics: Use Face ID or Fingerprint login on the ANZ app for a secure, password-less entry.
Audit Contact Details: Ensure your phone and email are current to receive real-time fraud alerts and 2FA codes.
Use Private Wi-Fi: Avoid doing your banking on public networks in cafes or airports, which are easily intercepted.
Set Transaction Alerts: Configure notifications for large withdrawals so you are instantly aware of any unusual activity.
| Safety Step | Platform | Importance |
|---|---|---|
| Update Address/Phone | App or Web | Ensures you get security codes |
| Enable Face ID | ANZ Plus App | Prevents “shoulder surfing” of passwords |
| Check App Version | App Store / Google Play | Must be v22.0 or higher for new security |
| Run Security Scan | Personal Device | Detects hidden keyloggers or malware |
The importance of the Internet Banking Guarantee
ANZ stands by its security updates with a comprehensive "Internet Banking Guarantee." This means that the bank will reimburse any financial loss resulting from an unauthorised transaction, provided the customer has not contributed to the loss (e.g., by sharing their password) and has notified the bank as soon as the suspicious activity was discovered. This guarantee, combined with the new layers of the anz plus internet banking security update, ensures that Kiwi customers can bank online with the highest level of confidence and protection.
Final thoughts
The anz plus internet banking security update is a vital evolution in the ongoing battle against cybercrime in New Zealand. By combining mandatory technical upgrades like session blocking with proactive scam education and the powerful "Digital Padlock" feature, ANZ has created one of the most resilient digital banking environments in the country. For the average Kiwi, these changes mean a faster, more streamlined authentication process, while for the scammer, it means a significantly harder target to breach. Staying informed about these updates and maintaining a healthy level of skepticism toward unsolicited messages will ensure your financial digital life remains secure and prosperous throughout 2026 and beyond.
Frequently asked questions
What is the new anz plus internet banking security update?
It is a major series of enhancements rolled out in early 2026, featuring concurrent session blocking, email masking, and behavioral biometrics to prevent unauthorised account access.
Why was I logged out of my other device automatically?
The update introduced "Concurrent Session Blocking." You can no longer be logged into ANZ internet banking on multiple devices at once. Logging in on a new device will end the previous session.
What is the ANZ Digital Padlock?
The Digital Padlock is an emergency feature that allows you to instantly lock your digital profiles if you suspect fraud, preventing any money from being moved until the bank verifies your identity.
Does the update change how I approve business payments?
Yes, for ANZ Transactive users, all approvals must now be completed on the same security device used for the initial login to prevent multi-device hijacking.
What should I do if I receive an SMS with a link from ANZ?
Delete it immediately. ANZ will never send a text message or email containing a link that asks you to log into your internet banking account.
Why is my email address partly hidden in the settings menu?
This is "Email Masking," a new security measure to protect your sensitive contact information from unauthorized viewers or screen-scraping malware.
Do I need to update my ANZ app for these features to work?
Yes, you must upgrade to at least version 22.0 of the ANZ app to access the latest security enhancements and ensure compliance with new safety standards.
What happens if I haven't completed my KYC check?
Certain high-value functions, such as international currency exchanges, will be disabled until you complete your "Know Your Customer" identity verification.
Is biometric login (Face ID) safer than a password?
Biometric login is generally considered safer as it is unique to your physical characteristics and cannot be easily guessed or stolen like a traditional alphanumeric password.
Who should I call if I suspect my ANZ account is compromised?
Contact the ANZ Customer Protection Team immediately on 0800 269 296. They are available 24/7 to help secure your account and investigate potential fraud.
