Acorns managing director George Lucas told Mortgage Business that CBA was sending its customers “misleading statements” to try and “slow growth” of the micro investment app.
The app, which broke into the Australian market in February, asks its users to enter their bank login details (via third-party aggregator service Yodlee) and then tracks all purchases made on these accounts, rounds up each transaction to the nearest dollar, and invests the “change” into a “diversified portfolio” of exchange traded fund (ETFs) when the credit reaches $5 or more.
In July of this year, the investment start up announced that it had surpassed the 100,000 user milestone.
It is this growth, Mr Lucas argues, that has triggered the Commonwealth Bank to warn its customers — who make up around 40 per cent of Acorns users — against sharing NetBank log in details with a “non-CommBank service”.
In a statement issued yesterday, CBA’s executive general manager of digital, Pete Steel, added: “It’s important to us that our customers know how they can keep their banking details safe, such as never sharing passwords or PIN codes.
“In the same way we recommend customers never share the PIN code for their ATM card or credit card, we also recommend customers never share their NetBank or CommBank app client ID and passwords.
“This includes only entering your NetBank client ID and password on the CommBank site or CommBank app. Some websites or smartphone apps may offer services where they ask for … NetBank client ID and password. We always recommend [customers] only enter these into the CommBank website or CommBank app,” Mr Steel said.
He added that the bank’s 100 per cent security guarantee only applies “where [the] customer is not at fault and has taken steps to protect their client ID and password”.
However, speaking to Mortgage Business, Mr Lucas said that CBA’s comments were “misleading” because they don’t mention the ePayment Code or the fact that “if the client had given Acorns [via Yodlee] their credentials, then this is authorising them to officially do it and is not an unauthorised access to their account”.
He said: “We have been authorised by the client to access their account — and this is all regulated by ASIC’s ePayment Code.
“If CBA was really concerned about security, then they would just block the service trying to access that data. It would take about 30 seconds. But that would be very anticompetitive if they did.
“So, instead of blocking [Yodlee], or emailing the customers to check that they wanted this service to access their accounts when it first happened, they waited until they saw that we were getting really big and sent out a mass email to clients to slow down our growth.”
He added: “We threaten CBA because we take people’s money to invest and look after, which is in direct competition with their business model.
“This is not about a security concern, it's more about the bank’s business model, and they’re using security as a fear mongering tool to protect their business model.”
According to Mr Lucas, the email has “not had any effect on Acorns customers”, although he said that he has received emails of support from customers.
The Commonwealth Bank is just one of the big four banks that warns customers against sharing internet banking log in details.
According to a NAB spokesperson, the bank also “advises customers to always keep their passwords safe, never disclose their internet banking login details to a third party, and to regularly change their internet banking password”.
“Customers are reminded that their banking terms and conditions state that if they give out their login details they are responsible for any loss”, the spokesperson added.
Westpac says that it would “work with the third-party provider and [Westpac] customers to mitigate the risk and exposure where practical”, and would assess each event on a case-by-case basis should a loss occur.
Mr Lucas added that the regulatory environment has to change to enable fintech to prosper, as currently the government “is only really supportive of fintech if it is lined with what the banks do”.
He continued: “The government has to do something to ensure and encourage fintech in the business-to-consumer space rather than just talking about it. And they have to realise how much the large banks can stifle competition because of their size in Australia.”
[Related: Fintech adoption tipped to double in 2016]