Savings & Loans - Internet Banking - Information

Internet Banking uses industry-standard encryption to help keep you safe online, while our Factor2 Personal Icons help protect you from unauthorised transfers from your account. The first time you transfer money to another financial institution or use BPAY, you will be asked to choose three secret icons that you’ll need to select every time you use these services.

(From Savings & Loans - Internet Banking - Information)

Okay, so let me get this straight. You have introduced a second set of paswords, right?

Each time you use BPAY or transfer funds to another financial institution, you will be prompted with nine icons, including your three chosen icons, in a random order. You will need to select your secret icons in the correct order before you can BPAY or transfer funds.

Okay, I have some issues with this.
Firstly, if someone already has access to my login details, they have breached security. They can look at personal details about me, including the address my credit union has on file. But not my date of birth. Which they might be able to get by google.
Okay, you are trying to do something nice and stop someone stealing all of my money if they happen to get my PCLink access details. And you give me a system where I need to click on three icons.
Surely shoulder-surfing is easier to do if you just have to see the three icons someone clicks on, rather than try to see what keys they have pressed on the keyboard.

If you forget your Factor2 Personal Icons, you will need to call our Member Contact Centre on 13 11 82 to have them reset.

Okay, so someone could get my login, pretend to forget my icons, and ring and get them reset. So the system can fairly easily be bypassed. But then I wouldn’t be able to get in myself. Granted, it is a level of security that didn’t exist before, but I don’t really see that it is any more secure. If they have gotten in, it stops them transferring all of my money out.
Until they ring, read off my address, google my date of birth, and then they can steal all of my money. Now, it happens I have been pretty good at keeping my date of birth private. I even use a faked D.O.B. for lots of online sites. Which I have to remember when I have used that fake.
It’s just lucky I don’t have much money in there…