e-banking security
At Bendigo Bank, we’re committed to keeping you safe. If you believe someone knows your e-banking login details or has accessed your account:
- Log in to e-banking and change your password immediately
- Contact us on 1300 236 344 or visit your local branch as soon as possible. We will lock your account to prevent any further access and investigate the situation.
Security measures
We use various security measures to protect your information. These include:
- Multi-factor authentication (MFA) technology
- Automatic logout functionality for online and mobile banking
- Dedicated security team who constantly monitor the system for suspicious activity
- Automatic alerts if abnormal activity is detected
- Locking of inactive accounts
Protecting your e-banking details
We recommend following these guidelines to help keep your e-banking account and devices secure:
- Never reveal your e-banking login details (password, one time passcode, or four-digit PIN) under any circumstances. We will never ask you for this information either in person or by SMS, email, or other form of communication
- Never store your e-banking login details on your device, or where others may be able to access them
- Ensure your device is protected by up-to-date anti-virus and firewall software
- When using a web browser
- Always log in to e-banking from the Bendigo Bank website by typing www.bendigobank.com.au
- Never allow a web browser to remember (store) your e-banking password
- Always check there is a padlock symbol on the login page. Select the padlock to verify you are dealing with Bendigo Bank
- Never follow a link from an email or SMS that asks you to log in to e-banking or takes you directly to a login screen
- Only use e-banking on devices you know are secure
- Never leave your device unattended while logged in to e-banking
- Always select Log Out (found in the More menu in the Bendigo Bank app) when you are finished using e-banking
- If you’re using a web browser and leave e-banking without logging out, it’s possible for someone to access your e-banking using your browser’s ‘back’ function (until your session times out)
- Check your accounts regularly, including balances and transactions. Report any discrepancies to us as soon as possible
- If you do not access e-banking for more than a year, your account will be considered inactive and locked. This reduces the risk of someone accessing it without your knowledge
- Steer clear of public WiFi when using e-banking
- Public WiFi networks may be convenient, but they can pose significant security risks. Hackers can electronically ‘eavesdrop’ on your banking and online activity, and data can be easily intercepted and read by anyone with access to the network. It can also be hard to tell whether or not a network is safe to join. Malicious hotspots can trick victims into connecting to what they think is a legitimate network by using a reputable name. Hackers then redirect their computers to unwanted websites and record keystrokes to gain access to your accounts. To be safe, avoid using online banking when connected to public WiFi
- If using internet cafes, hotels or motels (both in-room and in any business centres or computing facilities provided for the use of their guests or others), or similar locations, ensure you know if your device access details are recorded and take steps to maintain confidentiality of that information
Choose strong, unique passwords or passphrases
Make sure your passwords are unique, complex, and free from easy-to-guess personal information like birthdays, street names or children’s names. Avoid common words like ‘password’ and common sequences like ‘qwerty’ or 1234 and consider using more complex ‘passphrases’ instead of words. Remember to update your password every 3-6 months or following any suspicious activity.
Joint accounts and authorised users
Joint account holders must register for e-banking individually. We issue each user a unique Access ID and password for their use alone. Access IDs and passwords should not be shared under any circumstances.
You can also nominate a third party to be an authorised signatory on a bank account. We issue authorised signatories their own Access IDs and passwords, allowing them to access your linked account(s) in the same way that you can. To nominate an authorised signatory please contact your local branch.
App security
If you have a compatible device, we recommend using the Bendigo Bank app and setting up multi-factor authentication on your trusted device.
Screen scraping
Screen scraping is a process of automated data gathering used by third party service providers.
Providing your e-banking Access ID and password allows the third party to access your account. They can then use scraping technology to copy your transactional data. Third parties that use this technology include online lenders, financial management and investment app providers, and accounting package providers.
Screen scraping may occur as a once off, or on a regular basis, depending on the requirements of the third party. The third party and the scraping technology provider may also store your Access ID, password, and/or transactional data for future use.
As we do not know the arrangement between you and the third party, or how your information is captured, shared, or stored, we cannot provide any assurance over the security practices of the third party or of the scraping technology provider.
At Bendigo Bank we have enhanced your e-banking security by making multi-factor authentication mandatory. When you log in via a web browser (or a screen scraper attempts to log in as you), you’ll be prompted to confirm it’s you as an authentication response via your smart phone.
With screen scraping there is an ongoing risk that changes to the internet banking platform can both temporarily break screen scraping, and screen scraping can result in your internet banking details being locked.
We recommend that you contact your third party provider and ask about alternatives such as data feeds or open banking to continue to use their services.
Learn more about these alternatives below.
It is against the terms and conditions of our banking products for you to provide your e-banking login details (Access ID, password, one time passcodes, or four-digit PIN) to a third party. We strongly recommend that you protect your login details at all times.
If you believe your details may have become known to another party, you should log in to e-banking as soon as possible and change your password.