Responsible Disclosure at Bank of Melbourne
Our approach
Protecting our customers from cybercrime is one of our highest priorities. If you ever suspect or identify a technical issue or vulnerability in our banking systems that could compromise customer information, we strongly encourage you to report it. Your vigilance helps us keep our systems secure and our customers safe.
When should you contact us?
If you notice a technical issue or weakness that could potentially:
- Allow access to information that should remain private
- Reveal private documents or information
- Affect the ability to make, cancel, or approve payments as expected
- Cause parts of our website or services to be temporarily unavailable or not work properly
- Impact important security steps or lead to transaction or account information displaying incorrectly
- Anything else that seems odd or risky and could let someone break the rules, get around security, or harm other customers or the bank.
If you encounter something unusual, please take a moment to let us know. The sooner you reach out, the faster we can work to resolve any issues.
What should you NOT report here?
If you need to report a personal concern about a fraud, scam, or something affecting your own account or personal security, follow the steps on our how to report page.
How to report a technical issue
Please report any technical issues through our Vulnerability Disclosure Program or alternatively, email vulnerability@bankofmelbourne.com.au.
When making your report via email, please include as much detail as possible to assist us - we recommend including the following info:
- Your name and contact information (optional)
- Date and time the suspected security issue or vulnerability was discovered
- IP address (if known) used when the suspected security issue or vulnerability was discovered
- A detailed description of the suspected security issue
- Vulnerable URL/application and parameter (if applicable)
- Step-by-step instructions to reproduce the vulnerability
What happens next?
We will firstly assess the report and (if you’ve shared your contact details), we’ll contact you to acknowledge that we have received your report and discuss the details of how we intend to resolve the issue. We appreciate your assistance in reporting suspected security issues; however, there are occasions where we will not investigate a reported issue. We’ll let you know the reasons for this if you’ve shared your contact details with us.