Protecting your financial information when using third-party platforms

Staying safe online is critical, especially when it comes to your financial information. We’re doing more with our money online than ever, including integrating our banking with third party systems and providers like accounting software, budgeting apps and payment platforms. But what do these advancements mean for your financial information security and protecting your business and personal information? This article explains how apps access your banking information, and how to ensure you and your business is protected from risk.

Why do apps access your banking data?

Third party platforms and providers may need to access your banking data in order to provide the service they’re designed to offer. This can happen in different ways depending on the program. For example:

• Accounting software may access your transactions to reconcile your income and expense reports.
• A budgeting app may read your transaction data in order to feed it through to your dashboard and aggregate your spending and balances.
• Buy Now Pay Later platforms may use your bank account information to make payments on your behalf.

How do third party platforms access your information?

There are a few different ways these third-party platforms or providers are able to access your bank information. The most common are screen scraping, data feeds and more recently, Open Banking.

Screen scraping

Screen scraping is often used by accounting software, online lenders, financial management and investment apps and Buy Now Pay Later platforms. Screen scraping copies your transaction information by using your online banking login credentials such as your access ID and password. These platforms store your credentials and log in regularly to ‘scrape’ the most current information. The system is effectively logging in as you at repeated intervals. Login credentials may also be stored by the app provider for future use.

While convenient, screen scraping raises a raft of security concerns as you’re giving your banking credentials to that third party who then logs in directly.
As we do not know the arrangement between you and the third party, or how your information is captured, shared, or stored, we cannot provide any assurance over the security practices of the third party or of the scraping technology provider. Screen scraping isn’t endorsed or supported by Bendigo Bank.

At Bendigo bank we are enhancing your e-banking security by making multifactor authentication mandatory. When you log in via the web browser or a screen scraper attempts to log in as you, you will be prompted to confirm its you via an authentication response on your smart phone. If you can’t confirm it’s you, your account will be locked.

There is an ongoing risk that changes to the internet banking platform can temporarily break screen scraping. Screen scraping can result in your internet banking details being locked.

We recommend that you contact your third-party provider and ask about alternatives such as data feeds or open banking to continue to use their services. Learn more about these alternatives below.

Banking data feeds

Data feeds are often used when you integrate your bank account data with accounting software such as Xero, MYOB or QuickBooks. Unlike screen scraping, data feeds are actually provided by Bendigo Bank. Automated data feeds are the secure and reliable way to access your banking information without having to share your e-banking credentials to a third-party provider.

Data feeds provide you with the assurance that transaction data that you have authorised will be provided to the third-party provider. At Bendigo Bank we provide data feeds that allow you to import transaction data into your accounting or budgeting software .

Open Banking

Open Banking is part of the broader Consumer Data Right (CDR) legislation. It was introduced by the Australian Government to give you more control over your data. Unlike screen scraping, it doesn’t use your login credentials ensuring your access ID and passwords are always protected . Instead, it allows you to share your information via a simple and secure automated process. You can see the list of providers accredited by the ACCC by visiting the CDR website.

Bendigo Bank customers are able to authorise the sharing of their data with CDR accredited service providers who offer a financial product or service via their app or website, for example, a budgeting tool.

This means you’ll be able to securely share banking data, including:

• Customer and account details,
• Transaction history, or
• Account balances.

If you choose to share your data, you’ll be directed to Bendigo Bank to log in using your e-banking access ID and we’ll send a one-time password to your mobile phone (you’ll never be asked to provide your e-banking password when sharing data with a legitimate data recipient in Open Banking). Once we have verified your identity, you’ll be asked to confirm that you wish to share your data with that provider. Open Banking also allows you to view and manage who you are sharing data with on an ongoing basis.

What’s the safest way to share my information with a third-party platform?

Open Banking offers the most advanced security protection. You have full control of the data sharing arrangement. Your data won’t be shared without your consent, and you can stop sharing your data at any time.

Key security advantages of Open Banking include:

• CDR is co-regulated by the Australian Competition and Consumer Commission (ACCC) and the Office of the Australian Information Commissioner (OAIC).
• Providers must meet strict accreditation criteria and this process is managed by the ACCC. You can find out which providers are currently accredited.
• Data will be securely transmitted by Bendigo Bank to accredited providers only.

Find out more about sharing your data via Open Banking.

At Bendigo bank we support Open Banking and Data feeds over unregulated screen scraping. We advise customers to refrain from providing their Access ID or password to third party platforms.