Yep @PhilT if it is properly set up https the data is secure even from the VPN providers or compromised network devices.
What the VPN adds is the hiding of metadata and an extra layer of encryption while data traverses parts of the net. The ISP and the Government will ever only see encrypted traffic with the VPN and not any other place visited. When data leaves the ISP there may be many computers/servers that the data passes through before it gets to and comes back from the destination and any of these could be compromised and the data captured. This is why we should use https whenever possible even on a VPN. A browser add on that helps ensure this takes place as often as possible is HTTPS Everywhere from E.F.F. (Electronic Frontier Foundation) https://www.eff.org/https-everywhere.
The bank wouldnât like to see your traffic coming from another country as this may mean your data had been stolen/compromised (probably from them) and they have placed origin checks to try and ensure it is you. So maybe not a lame or lazy excuse in all cases. This however is easy to thwart if the unwanted user has a VPN that has an Australian exit as the bank then wonât usually identify this as possible fraud. This is partly why many Banks and others now encourage Two/multi- Factor Authentication as this further limits the possibility of stolen identity.
