I’m in the process of applying for a mortgage to buy a house. I picked a small lender with a good rate and low fees. Because of the banking royal commission, you now have to provide a lot more evidence of your expenses than previously, and I wasn’t too surprised to be asked to provide statements for all my bank accounts and credit cards so they could check where I spend my money.
What did surprise me was being asked to go to a third party website, bankstatements.com.au and enter my internet banking details including my passwords! The website has logos from all the major banks and claims high levels of encryption.
However if you look at the website terms, it does not “have an official association or relationship with any bank or banking institution accessible via the [BankStatements.com.au] website.”
It seems they take your login details and use them to log into your internet banking account and gather information - again from the terms:
“this requires us to retain and use your Credentials to access your Account Information”
“Credentials means your account login and password.”
“Account means and includes your account held with a bank, credit union, financial services provider or any on-line portal (such as MyGov or reward platform) in Australia and/or New Zealand.”
As I’m sure you are, I was horrified by the very idea of this, and couldn’t imagine how any financial institution would consider asking their customers to do this. I flat out refused to do so, and the lender stated my only other option is to withdraw my application.
The lender actually says this on their website: “If you receive an email claiming to be from a bank or other financial institution that asks you to enter your account details—delete it! (name of lender) will NEVER send an email like this.” It is ironic that they sent me the link to bankstatements.com.au via email…
I called and spoke to all my banks. They were as horrified as I was, and all stated that I must not enter my internet banking login details on the website, and that they did not have a relationship with the website. Some of them stated they would investigate the use of their trademarks without authorisation. One asked me to send details to their fraud/security team, and to also report it to consumer affairs/fair trading organisations.
One suggested that it might be a scam - and I actually called the lender to double check that the mortgage specialist I had been communicating with actually worked for them.
Now I’m cutting the lender a bit of slack for now, which is why I have not named them here.
This is a service that the lender pays the third party to provide, and in speaking to the lender, they do not seem to understand the third party is asking for passwords and logging into customer’ internet banking. They may have been told that the third party uses open banking - although not many banks actually support this system.
I’ve already talked to CHOICE about this matter, but I’ve seen online that a few other people have also been asked to give their internet banking login details to this or similar third party websites. It would help the investigation if you have any experience to share.