Using the BOQ Security Token


Protecting the integrity of our customers’ financial information is our top priority, as such we have introduced a superior level of online security by way of the BOQ Security Token.


The BOQ Security Token provides what is known as two-factor authentication.  Both a physical identifier (e.g. physical token or BOQ Secure App) and a remembered identifier (e.g. a Personal Access Code [PAC]) will be required to authenticate some online transactions.  This means that even if another person obtains your Customer Access Number (CAN), UserID (if applicable) and PAC, they will need the BOQ Security Token to be able to make a payment.


Not all transactions need a BOQ Security Token

A BOQ Security Token will not be required for the purposes of logging on to Internet Banking, rather it will be used to authenticate certain transactions where you are transferring funds to a non-BOQ account.  You will be able to check your account balances and move funds between your own accounts without being required to use your BOQ Security Token.


Not all value transactions* will require the use of the BOQ Security Token.  The BOQ Security Token is only required if you have selected a Daily Limits package with a Pay Anyone limit of $10,000 or more.  Note: all Payment File Upload Facility (PFUF), IBFX and RTGS users must use the BOQ Security Token irrespective of their daily limits.


The available limit packages are outlined in the table below:


Pay anyone daily limit  Authentication method BPAY® daily limit
 $0  -  $0
 $2,500  -  $10,000
 $5,000  -  $20,000
 $10,000  Token - Application # 1  $50,000
 $15,000  Token - Application # 1   $100,000
 $25,000  Token - Application # 1  $200,000
 $10,000,000  Token - Application # 2  $10,000,000


*Value transactions - any transaction where an amount greater than zero is transferred from a nominated account.


Note: Where you decrease your daily limit to a limit which does not require the use of the BOQ Security Token it will be necessary to authenticate the request by entering a One Time Password generated by 'Application #1' from your BOQ Security Token.


Back to Top 


Using the BOQ Security Token

When completing transactions, Internet Banking may prompt you to initiate one of two types of security application using the BOQ Security Token:


  • Token Application #1 (One Time Password) – this issues a unique 8 digit authentication code which customers will enter into Internet Banking when prompted.
  • Token Application #2 (Transaction Signing) – customers will be required to enter information about their transaction into the BOQ Security Token.  This will be used by the BOQ Security Token to generate an authentication code uniquely tied to that transaction, which customers will then enter into Internet Banking when prompted.


The two animated demonstrations below show how you will use the physical BOQ Security Token or the BOQ Secure App.  If the animation is running, wait until the end and click on Restart:





Adobe Flash This demo requires flash player, you can download flash player for free from


Back to Top 




Back to Top 


How the BOQ Security Token works

The BOQ Security Token is not a wireless device.  It does not emit any radio waves, frequencies or infrared.


The BOQ Security Token works by generating a passcode that continually changes.  Based on information registered with the Bank's central Token Management System when your BOQ Security Token is assigned to you, it is possible to match these passcodes with your Internet Banking profile when you transact online. 


The BOQ Security Token can be used with any computer and no special software is required.