Leading Australian banks are cautioning account holders against using third-party payments providers who demand that they hand over online banking passwords and usernames to access their services.
Many online payments companies, such as POLi Payments and Acorns, require customers to share access codes for their bank accounts to execute transactions using their online systems.
While most Australian banks, including the four majors – NAB, ANZ, Commonwealth and Westpac – allow their customers to use third-party providers, they are increasingly concerned that sharing login details and other sensitive information may have created more opportunities for fraudsters to break into accounts.
The banks’ concerns are magnified by the fact that services such as POLi have partner agreements with offshore payments companies such as Neteller and Skrill.
The New Daily revealed on Wednesday that POLi Payments is a subsidiary of Australia Post, and is recommended by hundreds of offshore casinos as a reliable payment method. The government-owned postal service generates millions of dollars from the subsidiary.
Some banks such as HSBC Australia do not allow their customers to link their bank accounts to external providers, citing security and transparency concerns.
While regional and major banks have a business interest in encouraging their customers not to use rival payments providers, they suggest that customers are jeopardising the security of their bank accounts if they share important details such as passwords with third parties.
In recent months, the banks have begun to ramp their rhetoric about security and are advising clients not to share account passwords with third parties.
Most banks guarantee to compensate customers’ accounts if funds are stolen from their online accounts – so long as account holders do not share security information such as pin numbers and internet banking passwords with other individuals.
It is not clear whether banks are prepared to extend such guarantees to cases where funds were stolen from accounts linked to third-party services.
A Westpac spokesperson said the bank did not have working agreements in place with many third parties, including POLi Payments.
“We do actively monitor all third-party payments options for security concerns,” the spokesperson said.
“However it is recommended customers make payments via our online banking or mobile apps, which guarantees the customer’s security.”
The country’s largest consumer bank, Commonwealth Bank, is also recommending that customers never share client IDs and passwords.
An ANZ spokesman warned that customers could be increasing the risk of fraudulent transactions on their accounts if they shared security information.
“ANZ encourages customers to only use their internet banking login details with ANZ’s site and not with any other websites,” the spokesman said.
“If customers provide their login details to a non-ANZ site it could result in unauthorised transactions on their account.”