SMS Security FAQs

SMS Security is a service within Heritage online available to all members with a mobile phone. It provides an extra layer of security for certain transactions performed within Heritage online by generating a One Time Password (OTP) sent to your mobile phone. The OTP is used in place of the Pay Anyone password.
A One Time Password is a 6-digit number sent to your pre-registered mobile phone. This number is used to authorise certain transactions within Heritage online. A different password is generated on each occasion.
All members who are registered for Internet Banking and have a valid Australian mobile device number recorded on their membership are able to register for SMS Banking and SMS Security.
Members can register for SMS Banking by selecting “Register SMS Security” under the ‘Security’ Menu in Heritage online. Members are automatically registered for SMS Security when they sign up for SMS Banking.
SMS Security is available anywhere that members can receive a standard text message to an Australian mobile phone number. For details on receiving SMS while overseas and whether additional charges apply, please contact your mobile phone service provider.
When a member registers for SMS Banking, SMS Security replaces the Pay Anyone Password as the method of Pay Anyone authentication. This means that if members choose to register for SMS Banking in the new Heritage online, they will no longer be able use the old Heritage online to complete functions that require the use of the Pay Anyone password such as adding a new Heritage or Inter-bank payee. Please note that it is not a requirement to sign up for SMS Banking, however members can only have SMS Banking or the Pay Anyone Password, not both.
The Pay Anyone process has been streamlined. Instead adding a payee as one step and then completing a transfer to that destination as a separate step, members can now simply perform a transfer, entering the details of the new destination into the fields provided. If the destination is new, the system will automatically detect this, ask for the appropriate authentication, either a Pay Anyone Password or a One Time Password.
The delivery of the SMS can sometimes be delayed in mobile carrier networks. If you have more than one mobile registered, check you selected the correct one when requesting the OTP code. As no payment would have been made if you have not received the code, you can restart the process and try it again. If you are still having issues, please call 13 14 22 for assistance.
Only parties to a membership registered for Internet Banking are able to register for SMS services, this does not include authorised signatories to the account.
The new SMS services are currently limited to Australian mobile phone numbers for the protection of our members. A good portion of Internet fraud originates overseas and identification processes to obtain a mobile phone vary around the world as does access to mobile networks.
SMS Banking is optional. There is no requirement to register for SMS Banking (even if you have a working mobile), you can simply continue to use your Pay Anyone password, while still being able to take advantage of the other improvements introduced to Heritage online, including a more streamlined Pay Anyone process and more advanced transaction searching features.
For security reasons, it is not possible to revert to Pay Anyone with a Password online. To be able to use a Pay Anyone password again requires a signature to protect your security and cannot be completed over the phone or online. You will either need to visit a branch in order to set up a Pay Anyone password or fax a letter to 07 4694 9782 requesting a Pay Anyone password.

It is also possible to simply disable SMS Banking via Heritage online, by proceeding to “Maintain Personal Settings” and un-checking the “SMS Banking Enabled” option. This will remove SMS Banking, including SMS Security.
This is our backup service. If there is a problem with our primary service we utilise a backup service in order to continue to provide our SMS service. We do not anticipate the backup service to be used often or for a lengthy period.