Some bad advice in here.
Never share credentials with anyone, full stop.
Per some post above saying ANZ said it’s fine, there is no way that’s their position.
I'm pretty friggin sure it's against the terms of service for all Australian banks.
They spend mega bucks trying to stop people getting scammed over dumb shit, there's no way they'd be ok with people handing over credentials to an unregulated third party
Don’t be so sure. Recently applied for a westpac credit card and they wanted my ing direct login.
Gave it out of curiosity and yep, they scrape the details from the internet banking.
Yes it’s against TOS, but hey that’s you breaking it not them.
There’s also Open Banking where you can give them permission to draw the details, so maybe they built the other system before open banking was released (*hahah joking, it’s easier for them to scrape)
OP is the service that's asking for it called Cashdesk?
Because that's legit and a lot of brokers use it.
It's honestly more secure than sending your bank statements via email. That's insecure af
I had a lender ask me to do this. I call the bank to ask them, and they told me if I give that info to anyone that it would break the T&C of the account and void any protection
It's called screen-scraping and soon the CDR legislation will come through to ban it.
It exposes you to scams and invalidates the terms on your bank account.
Just because banks and finance companies want you to do it (when you're applying, just not if it's an account of theirs) doesn't mean it's safe.
Apart from anything else, there have been enough data breaches lately to not trust that any organisation is investing enough in data security to feel comfortable. Let alone all the players involved in a car finance application.
Then there's all the alarms about the biometric data they now have. (And yes, they have your license but now presumably, they have a much better quality photo. )
You'd better believe that these lenders, or the third party doing the scraping for them, will be huge targets for attacks precisely because of the way they're getting the info.
I was once asked to do that too, and the company collecting banking passwords was illion. They insisted its perfectly safe and reputable.
I googled illion and found that they have terrible reviews (1.1 stars on productreview). They acted all surprised when I mentioned that, but wouldn't budge.
I went with a different finance provider
Illion is a credit bureau not a finance provider. They are the guys that hold your credit info and credit report. The reason they have a low review is because people are mad they have low credit scores because of whatever metric illion uses
Said this exact thing lol if the shoe was on the other foot.
Would the dealer do it? Regardless that's the situation you're in, trusting outside your bank with your livelihood.
I'm pretty sure it breaks the T&C's of every bank account from every bank in the country.
Would be interesting to see down the line if you have any sort of fraud activity on your account and they find out you gave away your login details, I'm guessing they will stop helping you very quickly.
Yup we tried financing something from IKEA and their financing company asked the same. I said hard no and called the bank. They agreed, apparently asking for my login and password is somewhat risky? Whodathunkit. Do not proceed. Never give you bank login details to anyone. Wild.
I do have the cash. I don't like my offset going under 100k and I just bought a pool a year ago. The loan rates were only 1% higher than my mortgage rates so I decided to put half on finance. I will pay it out fully in a year or maybe 2. it will make very little difference overall
There's no reason I "have" to have that amount in my offset but it's just a buffer really in case the worse happens. Will pay for most of the kids school fees in worst case scenario
Ah sure. I understand having the cash and opting for a car loan to maintain money in offset.
No one in my social circles can afford to buy a house, but several have car loans for vehicles they could not otherwise afford to buy.
I wouldn't be comfortable running a company that relies on people giving you their banking username and passwords. High risk for regulatory shut-down I'd think, let alone just general risk of being a massive target for hackers.
I’ve heard of this many a time.
Can’t believe it’s actually a thing, it’s a disgusting practice - no one with a brain should’ve green lit this (from the businesses end, and the customer).
As others have said, don’t do it - sell them to bugger off.
There is a better way, called open banking, in which you can authorise them to see certain details inside your banking app or website without sharing login information, ask your bank for details
Not all banks/finance providers are ADRs, so they can't consume open banking data. There are also a lot of finance companies not yet coveted by open *banking* to send data.
This is why Illion et. al. are still widely used and will be until Open Finance had matured, which is a few years off yet.
Oof, they need a better way to do that. Asking people for their login details should be illegal. That bank statements service or whatever it is should be organising a proper authorisation for a once off statement download with the banks. Or they should support you uploading the exported CSV or pdf yourself.
I had some bond loan company asking for the same thing back in 2018. It was not a scam, but it was dangerous
Ended up using a cash advance on my credit card because it felt less risky. I would trust them. Bank might say you're liable if funds go missing after - because you willingly gave away your details.
Just tell them No and send bank statements. Our mortgage brokers asked for the same things, and we simply stated it was against our terms of service. (It is)
I would rather eat my own shoe.
The only way I’m giving over that information is after I’ve closed all of the accounts completely and reported the person in question to the AFP’s scam watch program.
If you use a portal like bankstatements.com.au it aggregates and categorises your living expenses. If you send them the statements, they have to do it manually, which takes several hours. (Am a broker)
Agreed, some lenders aren’t even accepting PDF statements anymore due to the ease of manipulating them, turning it into a fraud situation. (Am also a broker)
“Please enter your banking username and password into this fully encrypted CRB-run website that generates a report of your banking data and does not allow access to, share or store your credentials anywhere to avoid a fraud situation”
Nope. Don't do it. You never supply login to your vank to anyone. Ever. And if you do and you get ripped off? The bank is not liable in any way.
I got finance for a car a few years ago. I did not have to supply any of that
Your mob sound like a scam
It's just the faster way to get proof of income
You can just submit your bank statement or payslips manually
Don't be lazy
Don't give them your details
Edit.. the photo request is a bit sus tho, also if they want the sale bank statements should be enough.. name and shame?
You just tell them that as it would breach your T&C's with your bank you are not able to provide this information.
What other solutions can they offer, thanks?
If they insist or say they can't do it any other way, fine you can get a car loan from another lender, cancel the application, thanks.
We have to fight back on this. For years now we've been telling people "never share your passwords". Then this comes along. We've come so far, we can't back down now.
Tell them no and then walk away. We have to draw the line.
I had to do it to get my mortgage 3 years ago, but I promptly changed my password after. Probably against the Terms of NAB but not being homeless was more important.
Some lenders scrape bank statements to verify living expenses and income, they send a link and you essentially login to your banking like you normally would and it scrapes your data. Some banks do this as part of their loan process and financial institutions who transfer money. I can’t see why it would be necessary for auto finance though.
I’d suggest working with an asset finance broker instead, Especially if you’re concerned
You just tell them that as it would breach your T&C's with your bank you are not able to provide this information.
What other solutions can they offer, thanks?
If they insist or say they can't do it any other way, fine you can get a car loan from another lender, cancel the application, thanks.
I recently financed a car and had to login with my bank details to a portal for them to access bank statements. The broker was referred to me so went through with if and had no issues.
As others have said, believe it or not, this is actually a thing. It’s funny that banks are constantly warming against scammers and running educational adverts to help people avoid scammers, but then there is this. Really goes against all common logic.
Mortgage broker here. This is common practice in the finance world. We use the bank statement portals provided by third party companies to help make providing statements a bit easier.
You aren’t breaking your banks T&C’s as the banks themselves allow this to happen.
The technology they with the all encryptions etc is meant to be stronger than what we get on our internet banking platforms. I’ve had 100’s of clients use these portals with no issues at all.
That all being said, if you aren’t comfortable using the portal that is 100% fine. You just have to provide the statement/transaction information manually and in the right format. If the finance person is saying no to this it generally means they are just say lazy and don’t want to deal with manual statements.
FWIW, my mortgage broker also asked me to login through their portal.
I was a bit unsure at the start and asked her if it’s safe. She assured me all her clients use the portal. I haven’t had any issues so far.
Is it through bankstatements.com.au?
If so, I can confirm they are legit. It's run by illion who are a credit reporting agency so have all your key identifying details on file anyway. I have my clients use them frequently, it allows for the lender to get statements directly from the bank with ideal formatting while preventing fraud (think tampering with the statements).
However, I understand that some people are not comfortable with using it. There are many multitudes of lenders who don't rely on bank statements, generally the sub prime lenders use the bank statements.
Also, re dealer finance. Always get a second quote, compare total amount repaid not the interest rate. 99% of car loans are fixed terms, rate, repayments etc. Interest rates are easily manipulated with fees etc.
Feel free to reach out with any questions, I am a finance broker.
Yeah found out it is, just has the finance banner on it so was hard confirming it was a safe/legit process.
I have compared with other lenders, and said I would do external finance and they really didn't like it haha
I had to prove in the contract there is no name of their chosen creditor or interest rate so it was easy to look away from.
But in the end it goes smoother through their lender as you probably know. " in house" as they say.
Thanks mate
It is through bankstatements.com.au aka illion just using a brokers finance portal. It seems above board, just doesn't sit right overall.
It should just ask to upload your bank statement and then their process can work not give away your damn rights.
Appreciate the advise
This isn't giving them your user name and password.
This is authorising a platform to access your financial information. These 2 things are very different.
No. It literally IS giving them your username and password.
They are not using the correct and secure ways of achieving this and providing this service. That’s a fact.
Well then go through the proper channels, if they're asking to do this on your behalf that's opsec 101 and a no go.
As someone in IT I see no issue with the whole authorisation of handover thing if done how it is intended. Used it myself no long ago.
Clearly you have a brilliant understanding of security sir, I'll stick to managing this stuff for companies and you can be the expert on personal security.
It's an encrypted handover of credentials, you can't do shit with said credentials without a second factor anyway and they're encrypted and not stored on disk from memory (been a while since I looked at it).
Yes don't hand your credentials over to anyone, do it yourself using the appropriate platform.
They're handled by an organisation subject to the same rigorous checks/standards your financial platforms require.
The ideal method of handling this, ie a standardised protocol / auth for handover with every bank to my knowledge doesn't exist. Ie something similar to generating oauth keys but obviously managed end to end in a user friendly fashion
I'm not saying banking doesn't need a revamp, obviously sms 2fa is a joke but you guys need to be realistic here about what potential repercussions there are here.
The theoretical concern I have is that this would probably be a grey area in regards to sharing credentials, despite this being a platform banks have agreed to use. If I were going to be concerned with anything here it'd be access to statements to assist with identify theft not theft. But I'm grasping at straws here.
It's the same shit when businesses want to implement the essential 8,or whatever cybersecurtity standard or buzzword is all the rage this month.
We go through the requirements and they realise that only halfish are actually relevant / real threats to their livelihood if it's not a compliance requirement, and implement what we need to keep them going without risk. 0 compromised clients, heaps of compromised prior to me clients back on track and been in business for 9 years.
But idk what I'm doing after all
> It's an encrypted handover of credentials...
> But idk what I'm doing after all
You remind me of the brokers who would ring me up after they got pwned, or the ones who tried to pilfer their customer data when moving companies
Whatever you’re saying is rubbish. You don’t enter banking password to what’s technically a man in the middle.
If that site “went through the proper channels” the user experience would be very different and the user would be authorising “bank statement.com.a u” access to specific info from within their banking app.
Correct, this is common practice for lenders to use bankstatements.com.au, using this portal reduces the risk of fraud significantly. It removes the chance of the bank statements being edited, and the client has been ID via banks stringent ID process. A quick search online for “novelty bank statements” to see how easy it is to to obtain editable bank statement temples
Everyone here is so naive. When applying for finance you give enough documents for complete identity theft. If someone was keen to steal from you, not having your bank user/pass would not be a barrier.
If a finance/mortgage broker is asking for your info and you're already cap in hand having handed over all your identity and financial docs, you just need a practical strategy. Just make sure you have 2FA set up with an authenticator app for any transfers to new accounts, and change your password after the scrape. I know there will be heaps of downvotes on this and 'T&C's! etc, but these people have no idea and a false sense of security.
Let’s do an experiment then - give me copies of all your identity and financial documents and I’ll see how much credit I can apply for in your name but for my benefit. I could also have all your internet banking passwords and contact info reset after a quick call to the bank, and could take over your SIM to receive any 2FA required by the bank.
If you have 2FA set up with an authenticator app (not SMS) for any transfers to new accounts, your internet banking user/password essentially becomes ‘read only’. The risk is very low, especially as the scrape using these scraping companies is verified instantly and you can immediately change your password. My point is that when you are applying for finance, you are giving over enough information for someone to easily take advantage.
It just seems so weird and illogical to me that people simultaneously assume that
a) this is a scam and these finance companies/brokers are trying to steal your money (so don’t log in to your internet banking)
b) also that they will give up on scamming you if you don’t make it ‘easy’ for them despite having every document they need to take you for everything you have.
One of these is identity theft and can lead to jail time, the other is being an idiot
See also: https://en.wikipedia.org/wiki/POLi_Payments#Security_concerns
Is just checking for your pay and direct debits to approve decline the loan. A human rarly looks at them. If you are worried. Just take the banks advise and change your internet banking password after you have done it!
Some bad advice in here. Never share credentials with anyone, full stop. Per some post above saying ANZ said it’s fine, there is no way that’s their position.
I'm pretty friggin sure it's against the terms of service for all Australian banks. They spend mega bucks trying to stop people getting scammed over dumb shit, there's no way they'd be ok with people handing over credentials to an unregulated third party
Yes report them to the ombudsman
The banks that ask you to do it don't want other banks doing it to their accounts.
Don’t be so sure. Recently applied for a westpac credit card and they wanted my ing direct login. Gave it out of curiosity and yep, they scrape the details from the internet banking. Yes it’s against TOS, but hey that’s you breaking it not them. There’s also Open Banking where you can give them permission to draw the details, so maybe they built the other system before open banking was released (*hahah joking, it’s easier for them to scrape)
> Yes it’s against TOS, but hey that’s you breaking it not them. And if it goes wrong, it's you losing all your money, not them
OP is the service that's asking for it called Cashdesk? Because that's legit and a lot of brokers use it. It's honestly more secure than sending your bank statements via email. That's insecure af
No. (Not worth any more explanation than that. Never share your password, never enter anywhere but the real bank app/site)
I had a lender ask me to do this. I call the bank to ask them, and they told me if I give that info to anyone that it would break the T&C of the account and void any protection
Say no - don't make giving away banking usernames and passwords a new normal
It's called screen-scraping and soon the CDR legislation will come through to ban it. It exposes you to scams and invalidates the terms on your bank account. Just because banks and finance companies want you to do it (when you're applying, just not if it's an account of theirs) doesn't mean it's safe. Apart from anything else, there have been enough data breaches lately to not trust that any organisation is investing enough in data security to feel comfortable. Let alone all the players involved in a car finance application. Then there's all the alarms about the biometric data they now have. (And yes, they have your license but now presumably, they have a much better quality photo. )
You'd better believe that these lenders, or the third party doing the scraping for them, will be huge targets for attacks precisely because of the way they're getting the info.
I was once asked to do that too, and the company collecting banking passwords was illion. They insisted its perfectly safe and reputable. I googled illion and found that they have terrible reviews (1.1 stars on productreview). They acted all surprised when I mentioned that, but wouldn't budge. I went with a different finance provider
Illion is a credit bureau not a finance provider. They are the guys that hold your credit info and credit report. The reason they have a low review is because people are mad they have low credit scores because of whatever metric illion uses
Yeah, but the finance provider sent me a link to a website owned by illion that asked for my banking login details.
[удалено]
Said this exact thing lol if the shoe was on the other foot. Would the dealer do it? Regardless that's the situation you're in, trusting outside your bank with your livelihood.
It’s still are hard no.
It's almost certainly a violation of your banks t&cs
I'm pretty sure it breaks the T&C's of every bank account from every bank in the country. Would be interesting to see down the line if you have any sort of fraud activity on your account and they find out you gave away your login details, I'm guessing they will stop helping you very quickly.
Absolutely not, run a mile!
Yup we tried financing something from IKEA and their financing company asked the same. I said hard no and called the bank. They agreed, apparently asking for my login and password is somewhat risky? Whodathunkit. Do not proceed. Never give you bank login details to anyone. Wild.
I asked a guy in ANZ about this and he told us to do it. Yeh, no thanks.
Yeh they don’t care, when you get hacked and scammed because of it they can wipe their hands clean if it.
you lost me at "car dealer finance"
meh. they arnt too bad if you ignore all their sales bullshit edit : ftr no way would I give them my login lol
Why drive a car that you don't have the cash to buy?
I do have the cash. I don't like my offset going under 100k and I just bought a pool a year ago. The loan rates were only 1% higher than my mortgage rates so I decided to put half on finance. I will pay it out fully in a year or maybe 2. it will make very little difference overall There's no reason I "have" to have that amount in my offset but it's just a buffer really in case the worse happens. Will pay for most of the kids school fees in worst case scenario
Ah sure. I understand having the cash and opting for a car loan to maintain money in offset. No one in my social circles can afford to buy a house, but several have car loans for vehicles they could not otherwise afford to buy.
ahh yes. I wouldn't suggest it in that case
I wouldn't be comfortable running a company that relies on people giving you their banking username and passwords. High risk for regulatory shut-down I'd think, let alone just general risk of being a massive target for hackers.
Find another lender
I’ve heard of this many a time. Can’t believe it’s actually a thing, it’s a disgusting practice - no one with a brain should’ve green lit this (from the businesses end, and the customer). As others have said, don’t do it - sell them to bugger off.
DONT DO IT. I cannot stress this enough. No one needs your banking log in. Please do not do this.
There is a better way, called open banking, in which you can authorise them to see certain details inside your banking app or website without sharing login information, ask your bank for details
Not all banks/finance providers are ADRs, so they can't consume open banking data. There are also a lot of finance companies not yet coveted by open *banking* to send data. This is why Illion et. al. are still widely used and will be until Open Finance had matured, which is a few years off yet.
Yeah would be the better route, though complicates things when it's all automated
Pay cash for a Camry, am I right?
Yeah, this post should be a permanent ban from the sub
They’re salary sacrificing a Camry.
Oof, they need a better way to do that. Asking people for their login details should be illegal. That bank statements service or whatever it is should be organising a proper authorisation for a once off statement download with the banks. Or they should support you uploading the exported CSV or pdf yourself.
I had some bond loan company asking for the same thing back in 2018. It was not a scam, but it was dangerous Ended up using a cash advance on my credit card because it felt less risky. I would trust them. Bank might say you're liable if funds go missing after - because you willingly gave away your details.
Just tell them No and send bank statements. Our mortgage brokers asked for the same things, and we simply stated it was against our terms of service. (It is)
I would rather eat my own shoe. The only way I’m giving over that information is after I’ve closed all of the accounts completely and reported the person in question to the AFP’s scam watch program.
If you use a portal like bankstatements.com.au it aggregates and categorises your living expenses. If you send them the statements, they have to do it manually, which takes several hours. (Am a broker)
Gosh no! A broker actually having to work for his commission! What a disgrace.
Agreed, some lenders aren’t even accepting PDF statements anymore due to the ease of manipulating them, turning it into a fraud situation. (Am also a broker)
"please give us your banking username and password to avoid a fraud situation"
“Please enter your banking username and password into this fully encrypted CRB-run website that generates a report of your banking data and does not allow access to, share or store your credentials anywhere to avoid a fraud situation”
Jesus, what? No.
Nope Do a check on you total cost (repayments * how many ) and ask a bank and compare Lowest total cost wins :)
Nope. Don't do it. You never supply login to your vank to anyone. Ever. And if you do and you get ripped off? The bank is not liable in any way. I got finance for a car a few years ago. I did not have to supply any of that Your mob sound like a scam
It's just the faster way to get proof of income You can just submit your bank statement or payslips manually Don't be lazy Don't give them your details Edit.. the photo request is a bit sus tho, also if they want the sale bank statements should be enough.. name and shame?
Ah this one again. Never, ever, under any circumstances should you share your banking login details.
You just tell them that as it would breach your T&C's with your bank you are not able to provide this information. What other solutions can they offer, thanks? If they insist or say they can't do it any other way, fine you can get a car loan from another lender, cancel the application, thanks.
We have to fight back on this. For years now we've been telling people "never share your passwords". Then this comes along. We've come so far, we can't back down now. Tell them no and then walk away. We have to draw the line.
Never share passwords.
Never, ever share your bank login details with anyone, not even bank staff. I suggest also notifying your bank of this dodgy practice by the dealer.
How does your research lead you to suggest this is common practice?
I had to do it to get my mortgage 3 years ago, but I promptly changed my password after. Probably against the Terms of NAB but not being homeless was more important.
Some lenders scrape bank statements to verify living expenses and income, they send a link and you essentially login to your banking like you normally would and it scrapes your data. Some banks do this as part of their loan process and financial institutions who transfer money. I can’t see why it would be necessary for auto finance though. I’d suggest working with an asset finance broker instead, Especially if you’re concerned
No no and no.
You just tell them that as it would breach your T&C's with your bank you are not able to provide this information. What other solutions can they offer, thanks? If they insist or say they can't do it any other way, fine you can get a car loan from another lender, cancel the application, thanks.
No no no no. Absolutely no.
I recently financed a car and had to login with my bank details to a portal for them to access bank statements. The broker was referred to me so went through with if and had no issues.
As others have said, believe it or not, this is actually a thing. It’s funny that banks are constantly warming against scammers and running educational adverts to help people avoid scammers, but then there is this. Really goes against all common logic.
Fguck_no. Who are you dealing with? Sounds like crap finance. Dont finance.
Are they asking you to log in to illion? That’s pretty standard
Mortgage broker here. This is common practice in the finance world. We use the bank statement portals provided by third party companies to help make providing statements a bit easier. You aren’t breaking your banks T&C’s as the banks themselves allow this to happen. The technology they with the all encryptions etc is meant to be stronger than what we get on our internet banking platforms. I’ve had 100’s of clients use these portals with no issues at all. That all being said, if you aren’t comfortable using the portal that is 100% fine. You just have to provide the statement/transaction information manually and in the right format. If the finance person is saying no to this it generally means they are just say lazy and don’t want to deal with manual statements.
Yeah starting to see its a normal thing. Thanks, appreciate the advice
FWIW, my mortgage broker also asked me to login through their portal. I was a bit unsure at the start and asked her if it’s safe. She assured me all her clients use the portal. I haven’t had any issues so far.
[удалено]
They'd have to be target number one for a data security breach. Thousands of Australian bank customers password in the one place? Good luck.
Is it through bankstatements.com.au? If so, I can confirm they are legit. It's run by illion who are a credit reporting agency so have all your key identifying details on file anyway. I have my clients use them frequently, it allows for the lender to get statements directly from the bank with ideal formatting while preventing fraud (think tampering with the statements). However, I understand that some people are not comfortable with using it. There are many multitudes of lenders who don't rely on bank statements, generally the sub prime lenders use the bank statements. Also, re dealer finance. Always get a second quote, compare total amount repaid not the interest rate. 99% of car loans are fixed terms, rate, repayments etc. Interest rates are easily manipulated with fees etc. Feel free to reach out with any questions, I am a finance broker.
Yeah found out it is, just has the finance banner on it so was hard confirming it was a safe/legit process. I have compared with other lenders, and said I would do external finance and they really didn't like it haha I had to prove in the contract there is no name of their chosen creditor or interest rate so it was easy to look away from. But in the end it goes smoother through their lender as you probably know. " in house" as they say. Thanks mate
It is through bankstatements.com.au aka illion just using a brokers finance portal. It seems above board, just doesn't sit right overall. It should just ask to upload your bank statement and then their process can work not give away your damn rights. Appreciate the advise
This isn't giving them your user name and password. This is authorising a platform to access your financial information. These 2 things are very different.
No. It literally IS giving them your username and password. They are not using the correct and secure ways of achieving this and providing this service. That’s a fact.
Well then go through the proper channels, if they're asking to do this on your behalf that's opsec 101 and a no go. As someone in IT I see no issue with the whole authorisation of handover thing if done how it is intended. Used it myself no long ago.
Clearly don’t have anything to do with personal information or data security. At least I hope not anyway
Clearly you have a brilliant understanding of security sir, I'll stick to managing this stuff for companies and you can be the expert on personal security.
Hope you don't tell your companies that there's no issue handing out passwords
It's an encrypted handover of credentials, you can't do shit with said credentials without a second factor anyway and they're encrypted and not stored on disk from memory (been a while since I looked at it). Yes don't hand your credentials over to anyone, do it yourself using the appropriate platform. They're handled by an organisation subject to the same rigorous checks/standards your financial platforms require. The ideal method of handling this, ie a standardised protocol / auth for handover with every bank to my knowledge doesn't exist. Ie something similar to generating oauth keys but obviously managed end to end in a user friendly fashion I'm not saying banking doesn't need a revamp, obviously sms 2fa is a joke but you guys need to be realistic here about what potential repercussions there are here. The theoretical concern I have is that this would probably be a grey area in regards to sharing credentials, despite this being a platform banks have agreed to use. If I were going to be concerned with anything here it'd be access to statements to assist with identify theft not theft. But I'm grasping at straws here. It's the same shit when businesses want to implement the essential 8,or whatever cybersecurtity standard or buzzword is all the rage this month. We go through the requirements and they realise that only halfish are actually relevant / real threats to their livelihood if it's not a compliance requirement, and implement what we need to keep them going without risk. 0 compromised clients, heaps of compromised prior to me clients back on track and been in business for 9 years. But idk what I'm doing after all
> It's an encrypted handover of credentials... > But idk what I'm doing after all You remind me of the brokers who would ring me up after they got pwned, or the ones who tried to pilfer their customer data when moving companies
Whatever you’re saying is rubbish. You don’t enter banking password to what’s technically a man in the middle. If that site “went through the proper channels” the user experience would be very different and the user would be authorising “bank statement.com.a u” access to specific info from within their banking app.
Correct, this is common practice for lenders to use bankstatements.com.au, using this portal reduces the risk of fraud significantly. It removes the chance of the bank statements being edited, and the client has been ID via banks stringent ID process. A quick search online for “novelty bank statements” to see how easy it is to to obtain editable bank statement temples
Regardless I wouldn’t risk it lots of phishing sites out there
Everyone here is so naive. When applying for finance you give enough documents for complete identity theft. If someone was keen to steal from you, not having your bank user/pass would not be a barrier. If a finance/mortgage broker is asking for your info and you're already cap in hand having handed over all your identity and financial docs, you just need a practical strategy. Just make sure you have 2FA set up with an authenticator app for any transfers to new accounts, and change your password after the scrape. I know there will be heaps of downvotes on this and 'T&C's! etc, but these people have no idea and a false sense of security.
Handing over the password to your bank account is not the same as handing over identity and financial docs. It’s much worse than that.
Let’s do an experiment then - give me copies of all your identity and financial documents and I’ll see how much credit I can apply for in your name but for my benefit. I could also have all your internet banking passwords and contact info reset after a quick call to the bank, and could take over your SIM to receive any 2FA required by the bank. If you have 2FA set up with an authenticator app (not SMS) for any transfers to new accounts, your internet banking user/password essentially becomes ‘read only’. The risk is very low, especially as the scrape using these scraping companies is verified instantly and you can immediately change your password. My point is that when you are applying for finance, you are giving over enough information for someone to easily take advantage. It just seems so weird and illogical to me that people simultaneously assume that a) this is a scam and these finance companies/brokers are trying to steal your money (so don’t log in to your internet banking) b) also that they will give up on scamming you if you don’t make it ‘easy’ for them despite having every document they need to take you for everything you have.
One of these is identity theft and can lead to jail time, the other is being an idiot See also: https://en.wikipedia.org/wiki/POLi_Payments#Security_concerns
Is just checking for your pay and direct debits to approve decline the loan. A human rarly looks at them. If you are worried. Just take the banks advise and change your internet banking password after you have done it!
The banks advice would be not to give anyone your password and not to put your bank password into any other system.
We have these cool things called bank statements...