e-banking security
Bendigo Bank is conscious of protecting the security of all customer information.
If you believe someone knows your e-banking login details or has accessed your account:
- If you can, log in to e-banking and change your password immediately
- Contact us on 1300 236 344 or visit your local branch as soon as possible. We will lock your account to prevent any further access and investigate the situation
Security measures
We have put a wide range of security measures in place for e-banking, including:
- A security team who constantly monitor the system for suspicious activity
- Automatic alerts that are generated if abnormal activity is detected
- 128-bit data encryption to keep your sensitive information secure
- A short time-out limit that ends your session if no activity is detected
- Locking of inactive accounts
- Offering security tokens to provide multi-factor authentication on your account
Protecting your e-banking details
We recommend following the guidelines below to help keep your e-banking account and devices secure:
- Never reveal your e-banking login details (password, security token 6-digit code, or four-digit PIN) under any circumstances. We will never ask you for this information either in person or by SMS, email, or other form of communication
- Never store your e-banking login details on your device, or where others may be able to access them
- Use a security token for an additional level of authentication
- Ensure your device is protected by up-to-date anti-virus and firewall software
- When using a web browser
- Always log in to e-banking from the Bendigo Bank website by typing www.bendigobank.com.au
- Never allow a web browser to remember (store) your e-banking password
- Always check there is a padlock symbol on the login page. Select the padlock to verify you are dealing with Bendigo Bank
- Never follow a link from an email or SMS that asks you to log in to e-banking or takes you directly to a login screen
- Only use e-banking on devices you know are secure
- Never leave your device unattended while logged in to e-banking
- Always select Log Out (found in the More menu in the Bendigo Bank app) when you are finished using e-banking
- If you are using a web browser and leave e-banking without logging out, it is possible for someone to return to e-banking using your browser’s back function until your session times out
- Check your accounts regularly, including balances and transactions. Report any discrepancies to us as soon as possible
- If you do not access e-banking for more than a year, your account will be considered inactive and locked. This reduces the risk of someone accessing it without your knowledge
- Avoid using internet cafes
- If using internet cafes, hotels or motels (both in-room and in any business centres or computing facilities provided for the use of their guests or others), or similar locations, ensure you know if your device access details are recorded and take steps to maintain confidentiality of that information
Joint accounts and authorised users
Joint account holders must register for e-banking individually. We issue each user a unique Access ID and password for their use alone. Access IDs and passwords should not be shared under any circumstances.
You can also nominate a third party to be an authorised signatory on a bank account. We issue authorised signatories their own Access IDs and passwords, allowing them to access your linked account(s) in the same way that you can. To nominate an authorised signatory please contact your local branch.
App vs web browser security
The Bendigo Bank app provides a greater level of security than using e-banking on a web browser. For this reason, if you have a compatible device, we recommend using the Bendigo Bank app.
Screen scraping
Screen scraping is a process of automated data gathering used by third party service providers.
Providing your e-banking Access ID and password allows the third party to access your account. They can then use scraping technology to copy your transactional data. Third parties that use this technology include online lenders, financial management and investment app providers, and accounting package providers.
Screen scraping may occur as a once off, or on a regular basis, depending on the requirements of the third party. The third party and the scraping technology provider may also store your Access ID, password, and/or transactional data for future use.
As we do not know the arrangement between you and the third party, or how your information is captured, shared, or stored, we cannot provide any assurance over the security practices of the third party or of the scraping technology provider.
It is against the terms and conditions of our banking products for you to provide your e-banking login details (Access ID, password, security token 6-digit code, or four-digit PIN) to a third party. We strongly recommend that you protect your login details at all times.
If you believe your details may have become known to another party, you should log in to e-banking as soon as possible and change your password.