What you need to know about internet banking, mobile banking apps and other new banking technologies, and your rights with these.

Protect yourself online

Electronic banking, including internet, contactless cards, mobile or smartphone, is convenient and easy once you get set up. But it means taking special care about security to protect your money and your identity.

It is easy to make mistakes like entering the wrong account number when you use internet banking or a manual deposit slip. Banking transactions are processed by account number, so you need to get this right.

The latest technology allows you to transfer money by ‘bumping’ your mobile phone with someone else’s. It uses GPS to locate the parties that have bumped each other. Both of you need the same banking app to use the bump service, although not necessarily the same bank, and you need to confirm the transaction.

Bank apps have considerable security built in, but you never know what hackers are going to do next. You can take some steps to protect yourself when using mobile or internet banking:

  • Always type the name of the bank into your browser’s address bar.
  • Avoid public wi-fi hotspots that are unsecured and that don’t require a password.
  • Don’t use passwords or PIN numbers that are easy to guess. Keep them secret or store them electronically, eg on a password app.
  • Don’t open attachments or click links in emails you receive from unknown sources, or even from people you know, if they look odd. Just delete the email.
  • Only enter your account or credit card information on a site that begins with ‘https’ or that displays the padlock symbol. This means the site is secure.
  • Keep your antivirus software and firewall up to date.
  • Always log off from the internet or mobile banking when you’re finished.
  • Check your accounts often. Tell your bank instantly if you lose your phone or cards, or you notice unusual activity.
  • Enable the auto-lock on your phone and secure it with an access password.
  • Download your banking app only from a location that the bank tells you and update it often.
  • Mobile phone security apps are good. Download ‘Find My Phone’ or ‘Find My iPhone’ apps to help locate your device if you have lost it.

Think you’re being scammed?

See Scams and online safety.

See also:

Know your rights

If you’ve made a payment in error, you should contact your bank immediately. If the payment has been made to an invalid account, it will usually ‘bounce’ back into your account.

It can be more difficult to retrieve a mistaken payment if it has gone into a valid account. As a general rule, banks can only reverse mistaken payments with that account-holder’s consent. If you report a mistaken payment, your bank and the recipient’s bank must try and recover the payment, by asking the account-holder for consent to reverse the payment.

If they refuse, you will need to resolve the issue directly with them. You might have to take the matter to court, although privacy issues may prevent you getting the recipient’s contact details.

Receiving a payment in error

If you receive an unexpected payment into your account, let your bank know as soon as possible. If your bank asks for your consent to reverse a payment received in error, you should consent.

If you have already spent the money, you will need to repay it unless all three of these conditions are met:

  • when you received the payment, you reasonably believed the money was owed to you in good faith
  • you used that money and you didn’t act fraudulently or recklessly with very little care
  • it would be unfair for you to have to repay the money given your particular situation and the circumstances of payment.

See the Banking Ombudsman’s quick guide to Mistaken payments(external link) for more information.

Contactless cards debited without your consent

Contactless cards make sales quick and easy. The downside is that they may increase the risk of unauthorised transactions being made without your knowledge or consent. You are responsible for taking reasonable steps to safeguard your card, PIN and/or password. If you don’t, you may be liable for some or all transactions that you did not authorise.

Contact your bank immediately if you lose your card or it is stolen, or you notice any unauthorised transactions on your bank statements.

You can complain to the Banking Ombudsman if you are unhappy with any decision about contactless cards and unauthorised transactions.

Read the Banking Ombudsman’s quick guide to Contactless cards(external link) for more information.

Contact your bank

Contact your bank if you notice any unauthorised transactions on your bank statements or you have been the victim of a financial scam.

If your concern or difficulty is not resolved to your satisfaction, you can then contact the Financial Dispute Resolution Scheme (external link) that your lender belongs to.

Read Resolve a problem to find out more.

Next steps

If you are unable to resolve your issue directly with the bank, our Resolve It tool has information to help you take the next steps. These may include going to the Disputes Tribunal or District Court.

Resolve IT: Banking, finance and insurance

Resolve IT: Scams

Need more help?

Contact us for more guidance.


Marty gets an email from a friend and opens the attachment on his smartphone. Next he logs onto internet banking using his smartphone and checks his bank account statement. Immediately he notices a large withdrawal of $1,500 that has happened without his authority. He phones his bank straight away and they investigate. It turns out he has been the victim of a financial scam. He reports the matter to the Police to investigate as well. He has to take his phone in to be cleaned by a computer specialist.