Set up security features for your account

CommSec has additional security features that provide an extra level of safety to your account. These only take a few minutes to set up.

• Verbal phone PIN 
  A 6-16 digit numerical pin that can be used to identify you when you call us 
• Security questions & answers 
  These questions will be used to identify you if you forget your password, or whenever we need extra verification. 

• Trading password 
  A trading password can add an extra level of security to your account. It can be used when placing orders via the CommSec website, CommSec Mobile app or CommSec IRESS. This password is different to your login password. 
  
• SMS security 
  SMS-based two-factor authentication (2FA) and SMS one-time password (OTP) allows you to verify your identity with a code, sent to you via text message. 

How to register for additional security features

Verify your calls with CallerCheck

What is CallerCheck? 

CallerCheck allows you to confirm if a caller claiming to be from CommSec or CommBank is legitimate, by triggering a security message in your CommBank app.  

We also use CallerCheck to make sure we’re speaking with the right person when receiving and making calls, before we share any details about your account. 

It’s our preferred way of identifying you over the phone safely.  

Please note, CallerCheck is only available for CommSec customers that are CommBank app users. You'll need to have version 4.37 or newer of the CommBank app installed. This feature is not currently available in the CommSec mobile and CommSec Pocket apps.     

Find out more about CallerCheck.

Create strong, unique passwords

Password security

Your banking, social and email accounts contain important information that make up your digital identity. Here’s how to create strong passwords to help keep your information safe.

Creating a secure password

• Use a mix of letters, numbers and symbols 
• Use as many characters as you can - a longer password is harder to decipher 
• Avoid anything that can be easily guessed such as your address or birthday, or common quotes and phrases 
• Consider a passphrase: Similar to a password, but instead of creating a string of letters, numbers and symbols, use words that tell a story. For example: MyPetGo@tHa$@PhD. It tells a silly story that’s easy to remember, while increasing the unpredictability of your password and making it difficult to guess. 

Password security

• Don't share your passwords with anyone  
• Don’t write your passwords down anywhere 
• Make them unique – reusing a password multiple times makes it less secure, as it only requires one breach to compromise all the accounts with the same password 
• If you have many accounts, setting alphanumeric passwords for each can become a difficult exercise for your memory. In this instance, you may want to consider using passphrases instead 
• Wherever available, enable multi-factor authentication, which adds an additional check to prove your identity. An example might be a code you must enter which is accessed via an authenticator app on your mobile device. 

SMS Security Codes

It's important to read all security code messages carefully. Only enter a security code if you'd like to authorise the activity. Never share your security code with anyone, including CommBank & CommSec.

Protect yourself from SMS and email scams

We will never send you an email or SMS asking for banking information like your CommSec Client ID, password, or NetCode; or include a link to login directly from the email or SMS. Always type commsec.com.au into a browser or use the CommSec app to securely access your investing.

You can reduce your risk of being scammed by paying close attention to messages or emails that:

• Aren't quite right. Scammers may use similar email addresses (e.g. @combank.com or @Comsec.com) and copy the look and feel of official messages to trick you into thinking a message is legitimate.
• Have spelling mistakes and incorrect grammar
• Include an urgent call to action, such as asking you to unlock or verify an account, or log on and pay a traffic infringement notice. They might also contain malicious software (also known as malware) designed to infect your machine and steal data over time.

How to check if a message is legitimate:

• When contacted by an unsolicited third party, it's better to be over-cautious. Contact the organisation directly using a phone number from their website (not the email or message) before you reply
• Hover your mouse over a link to see the destination URL (web address), before clicking it. On a smartphone you can press and hold a link to inspect it. Carefully read these URLs, as they’re often created to look similar to legitimate addresses.

Safeguard your computer and mobile phone

Your computer gives you the ability to trade online, so we want to make sure you are aware of the actions you can take to protect your computer against viruses and malware.

You can protect your computer by:

• Enabling automatic updates to ensure you always have the latest operating systems and software
• Never downloading remote access software at the request of a third party
• Always downloading software from a reputable source
• Ensuring you have the right level of protection for your laptop and computers. Anti-virus software protects against viruses, spyware, malware, phishing attacks, spam attacks and other online cyber threats. Keep your anti-virus software up-to-date and check regularly that it still meets your needs.

We know that your mobile phone carries a lot of personal information, so we want to help you protect it against fraud and scams.

You can protect your device by:

• Using a pin/password or biometrics
• Keeping your operating system up to date
• Using the latest version of the CommSec app
• Disabling apps from any untrusted sources
• Keeping hardware restrictions on your phone. Do not jailbreak (Apple) or root (Android) in order to install unapproved third party apps or features.
• Not downloading remote access software at the request of a third party
• Contacting us if your mobile service is suddenly disconnected or you’re notified of a change of provider without your permission.

Learn about the latest scams, how to spot them and what to do if you've been scammed.

Learn how to protect yourself from fraud.

We're here to help

If you have any questions or you think your CommSec account may have been compromised please call us.

In Australia: 13 15 19
From overseas:  +61 2 9115 1417
8am-6pm Sydney time, Monday to Friday