SOFORT So Bad: Why Sharing Bank Login Details Is a Security Nightmare
Sharing bank login details with budgeting or payment apps seems convenient. But it could violate your bank's terms and leave you liable for fraud.
I've had it drilled into my heads since the dawn of the internet: never, ever share your passwords. Yet, modern fintech apps are constantly asking me to hand them over. What could possibly go wrong?
I recently opened a new trading account and used SOFORT to deposit some cash. It required me to input my bank login details directly into their portal to execute a fast transfer. While SOFORT is a legitimate service, my bank’s security team absolutely lost their minds when they found out, immediately suspecting a scam.
A few days later, I received a warning letter stating that the bank wouldn't be held responsible for any future losses on my account. Why? Because by sharing bank login details with a third party, I had breached their terms of service.
This got me thinking about budgeting apps like Pocketbook or old-school wealth trackers. Many of these services rely on a practice called "screen scraping" to fetch your transactions. But is screen scraping safe?
The short answer is no. If you hand over your banking passwords to an app and your account gets hacked, your bank has a get-out-of-jail-free card to deny liability. You're on your own.
Fortunately, Australia is moving toward a much safer alternative: Open Banking security under the Consumer Data Right Australia (CDR) framework. This allows you to securely link your accounts via official, read-only APIs without ever revealing your passwords. Until all your financial apps upgrade to CDR, be extremely careful about who you trust with your login keys.
