CBA, other banks weigh IT countermeasures against digital payment abuse

By on
CBA, other banks weigh IT countermeasures against digital payment abuse

In response to messages hidden in low-value transaction descriptions.

The Commonwealth Bank is not ruling out more technical ways to recognise or prevent digital payments being used to harass or abuse customers, calling action it took last week a “first step”.

The bank revealed the results of an analysis last week that showed more than 8000 CBA customers received multiple low-value deposits, often less than $1, with potentially abusive messages in the transaction descriptions over a three-month period.

In response, CBA created a new acceptable usage policy making it “unacceptable to use digital banking services to stalk, harass or intimidate any person”, and said future transactions or access to digital banking services could be suspended for breaches.

Since then, it has emerged that the other three ‘Big 4’ banks - ANZ, Westpac and NAB - already had similar policies in place, though it is unclear if any have conducted an analysis of transactions similar to CBA’s.

Additionally, questions have been raised - including by iTnews - on the extent to which potentially abusive messages included in digital transaction descriptions could be automatically recognised and flagged, and whether any banks are going down this path.

Such a system could potentially be used to recognise a pattern of low-value transactions and particular keywords in the descriptions, though could be prone to a high rate of false positives.

CBA indicated it had no specifics to share on any technical experimentation, though it did not rule out the prospect.

“The new acceptable use policy represents our first step to address the issue of technology-facilitated abuse,” general manager of community and customer vulnerability Catherine Fitzpatrick said in a statement to iTnews.

“We are constantly looking for new and innovative ways to protect our customers, particularly those most vulnerable such as victims or survivors of domestic violence or financial abuse, and we will continue to improve our services to ensure all customers can have a safer banking experience when they bank with us.”

Westpac’s chief marketing and digital officer Martine Jager said it had “multiple processes” in place to protect customers from abuse and to keep them safe while they bank online.

“This is one of our top priorities,” she said.

“We have multiple processes in place to help protect them, including continually reviewing and enhancing our policies and procedures to ensure our customers can use our digital banking services in a safe and secure away.”

A NAB spokesperson said access to its services “may be denied due to the use of inappropriate language, which includes any abuse.” 

“Our Customer Support Hub, a specialist team of dedicated bankers, also provide support for our customers experiencing domestic and family violence,” the spokesperson said.

“We continually assess how we tackle forms of abuse and want to ensure we are always providing a safe banking experience for our customers. 

“We will make further improvements to our systems and policies.”

iTnews understands ANZ Banking Group already has powers to close an account for inappropriate behaviour within existing terms and conditions.

It also indicated it would support any industry-level activity that heightened awareness around issues of financial abuse.

CBA reveals more of its three-month data analysis

Further details of CBA’s abuse analysis also came to light via various posts to LinkedIn.

Derek Jenkins, head of insights for group customer advocacy at CBA, said it was his team that had tackled the data analysis “with no idea what we'd uncover”. 

“It turned out that the one 'seed' case study we had (from a domestic & family violence victim-survivor) was the tip of a proverbial iceberg called technology-facilitated abuse,” Jenkins wrote.

“Some customers had weaponised the customer-to-customer funds transfer function to use it as a secure, real-time messaging service to abuse, stalk and intimidate the recipients for a cost of as little as $0.01 (minimum transfer amount). 

“There were some things self-service banking facilities were never designed for and I'm proud to see CommBank take a stand.”

Fitzpatrick provided additional numbers in her own LinkedIn post.

She said that through the analysis, CBA found one customer alone “received almost 900 [abusive] messages in a compressed time period”.

Fitzpatrick said that customers under the age of 25 “were on the receiving end of most transactions (almost two thirds)”.

“Both men and women are sending and receiving these messages, but the nature of the messages and the context varied from relatively innocuous ‘jokes’ to serious threats,” she said.

“It’s not limited to domestic and family violence, however we could see that there were some very specific references to family violence contained within these messages.”

If you or someone you know is experiencing domestic or family violence, call 1800RESPECT (1800 737 732) or visit For counselling, advice and support call MensLine Australia on 1300 789 978 or

In an emergency or if you’re not feeling safe, always call 000.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?