
When a local loan company asked Palmerston North man Alan Goodwin for his bank account password he ran for the hills.
Goodwin was seeking a car loan from non-bank lender Better.co.nz. The company told him the loan could only be approved after he gave his financial details to an external website, ‘bankstatements.co.au’.
The website asked for his full name, his bank, his customer number and password. Fearing that the website was a scam Goodwin did not fill out the form.
But the loan company, and the business behind ‘bankstatements.co.au’ have stood by their request as standard business practice, something of a great concern to computer safety experts.
READ MORE:
* Businesses at risk as vulnerability identified in popular software
* Single mum issues warning after falling victim to text scam
* About 30,000 phone users report receiving ‘FluBot’ scam texts
A spokesperson for ‘bankstatements.com.au’, said the request for bank passwords was a standard and safe way to extract financial data from a person’s bank account.
Goodwin was having none of it.
“Even if this company was legitimate, it is such a shocking business practice holding that private information. No matter what security they have,” he said.
Goodwin works in IT and said he knows all too well that you should never give your bank password to anyone on the Internet.
“I wouldn’t provide my password to a bank staff if they asked, I wouldn’t provide it to the government. Why would you…