Skip to main content Skip to main navigation Skip to accessibility page Skip to search input

Responsible Disclosure at Bank of Melbourne

Our approach

Protecting our customers from cybercrime is one of our highest priorities. If you ever suspect or identify a technical issue or vulnerability in our banking systems that could compromise customer information, we strongly encourage you to report it. Your vigilance helps us keep our systems secure and our customers safe.

When should you contact us?

If you notice a technical issue or weakness that could potentially:

  • Allow access to information that should remain private
  • Reveal private documents or information
  • Affect the ability to make, cancel, or approve payments as expected
  • Cause parts of our website or services to be temporarily unavailable or not work properly
  • Impact important security steps or lead to transaction or account information displaying incorrectly
  • Anything else that seems odd or risky and could let someone break the rules, get around security, or harm other customers or the bank.

If you encounter something unusual, please take a moment to let us know. The sooner you reach out, the faster we can work to resolve any issues.

What should you NOT report here?

If you need to report a personal concern about a fraud, scam, or something affecting your own account or personal security, follow the steps on our how to report page

How to report a technical issue

Please report any technical issues through our Vulnerability Disclosure Program or alternatively, email vulnerability@bankofmelbourne.com.au.

When making your report via email, please include as much detail as possible to assist us - we recommend including the following info:

  • Your name and contact information (optional)
  • Date and time the suspected security issue or vulnerability was discovered
  • IP address (if known) used when the suspected security issue or vulnerability was discovered
  • A detailed description of the suspected security issue
  • Vulnerable URL/application and parameter (if applicable)
  • Step-by-step instructions to reproduce the vulnerability

What happens next?

We will firstly assess the report and (if you’ve shared your contact details), we’ll contact you to acknowledge that we have received your report and discuss the details of how we intend to resolve the issue. We appreciate your assistance in reporting suspected security issues; however, there are occasions where we will not investigate a reported issue. We’ll let you know the reasons for this if you’ve shared your contact details with us.

We protect you

Learn more about how we protect you, Bank of Melbourne Secure and our security technologies.

Protect yourself

Find out simple hints and tips to protect yourself from fraud and scams.

Types of scams and fraud

Scammers are very active in our community. The more we know about scams and share this knowledge with family and friends the better we’ll be at protecting each other and reducing their impact on the community.