Who’s got your back when you’re banking?

Online banking security

Internet banking is an easily accessible, productivity-enhancing service that many of us use every day for business and leisure. I know I visit my bank website at least once a week to check my balance, pay a bill, transfer funds and more. As technologically-savvy consumers we trust that our banking provider will keep our details safe, as do they.

But when third party providers play in the banking arena, acting as a conduit between you and your bank, you have to take a step back and think: is my data still as safe as it can be?

Last month, online payments intermediary POLi, landed in hot waters with a few banks. POLi had apparently made changes to its service where they request internet banking details from users.  These requests are made through pages which may be mistaken for a bank’s internet banking site.

New Zealand’s leading banks issued statements advising customers not to provide their internet banking and login details to third parties. The statements from BNZ, ASB and ANZ have also stressed that internet banking details should not be disclosed to third parties.

Kiwibank and Westpac have provided similar advice via Twitter.   Such advice is relevant for users of small business accounting systems, some of which use customers’ internet banking details to source (via “screen scraping”) transaction records from their bank.  Such systems may not be secure and pose a risk to customers.

Opt for bank-authorised data collection systems (such as MYOB’s chosen data provider “BankLink”).  The following explains the key differences between bank-authorised data collection and “screen scraping”:

There are two main ways that accounting service providers can access aggregated bank transaction data:

  1. Via a supply contract with the bank under which the bank supplies approved transaction customer data via secure channels. This is the only method BankLink uses.
  2. Sourcing the customer’s internet banking login and password details, logging onto their internet banking site and copying the transaction data. This is known as “screen scraping” and may be done without the approval of the bank.

BankLink has always opposed screen scraping because it breaches the terms and conditions of most internet banking agreements, the quality of data is inconsistent and the flow of data is less reliable. The statements from major banks reinforce BankLink’s position that using screen scraping can be risky.

Considering the above, take a moment to think about who you have given your banking login and password to. Spend a little time this month to make sure your data is secure as you kick off what will hopefully be a successful year for all of us.