URGENT: Warning after bank customers hacked
TENS of thousands of banking customers' personal information on the nation's newest payments system has been successfully hacked into by fraudsters.
Customers' information including their phone numbers, customer names, BSB and account numbers all linked to a person's PayID was accessed by fraudsters in recent days.
In what is a disaster for the New Payments Platform (NPP), which has struggled to get millions of Australians to move across to using PayIDs, banks and authorities are now working in overdrive to ensure customers' information is safe.
In 2018 the NPP was rolled out to deliver 24-hour, seven-day-a-week instant transfers.
This now allows customers at most institutions to move money instantly between banks, doing away with delays that could previously have taken several days for the money to arrive in another account.
Customers could set up a PayID meaning they no longer need to disclose their BSB and account numbers.
Instead they could link their own email address, phone number or ABN for small businesses to their bank account and share this with the relevant person who could then move money to them.
One of the nation's largest banks, Westpac, is among multiple financial institutions impacted and sent out an urgent warning to customers over the weekend to check their bank accounts.
The email to customers said, "We have heightened monitoring on your account and ask that you are on the lookout for any suspicious activity.
"We ask that you also be vigilant with any messages received via text or phone calls from an unidentified source."
A Westpac spokeswoman said the latest incident has "affected customers from other banks including Westpac and we have notified all impacted Westpac customers".
"We are urging all customers to be wary of any SMS phishing attempts - for example, a personalised message which looks like a legitimate message from Westpac or another bank, in an attempt to acquire banking credentials and password."
Customers at Westpac's subsidiary banks including Bank of Melbourne, BankSA and St.George were not impacted.
It remains unclear whether any customers' money has been lost.
Payments provider Cuscal said a financial institution they work with had "experienced a spike in PayID inquiries" recently.
"We have put in place heightened monitoring and are reviewing additional control options," a Cuscal spokeswoman said.
An NPP spokesman said "the affected data included PayID name and account numbers. "None of the details involved can, on their own, enable the withdrawal of funds from a customer's account without the customer's specific further involvement."