Skip to main content Skip to main navigation
Skip to access and inclusion page Skip to search input

Westpac uses sophisticated firewalls and anti-virus protection to counter threats and prevent unauthorised access. However, you should ensure that your own systems and practices are robust too – to give yourself the peace of mind of end to end online banking security. 

Key take-outs
  • Sign in and sign out using best practice
  • Update your password regularly and without using obvious words
  • Never bank on the net using public Wi-Fi
  • Use two-factor authentication for transactions
  • Keep your system and anti-virus software up to date
  • Be aware of scam emails and unexpected items on your statements

1. Sign in to the correct website

This advice seems obvious, but when your browser tries to pre-empt what you’re typing in it, make sure it provides the URL you actually wanted. 


Using Westpac’s main business banking website address for business banking is the safest way to go, and the least safe way is trusting an address or link provided by a third party.

2. Don’t use your bank sign in details for anything else

Your Westpac Online Banking password should only ever be used for your Westpac Online Banking. As soon as you start using it for other sites, the risk increases of it being lost to a fraudster.

3. Change your password frequently

Changing your password on a regular basis can be a pain, but it’s important. Make your passwords as complex as possible with a mix of letters, numbers and capitals. 


Also, try not to use the names of loved ones (including pets), and notable dates that may be easy for a hacker to find out about from your social media.

4. Avoid automatic sign ins

Pre-populated user names and passwords are temptingly handy for social media and other frequently used sites, but they are an absolute no-no for online banking. Never accept your browser’s invitation to save your sign in details.


If you do some or all of your banking on your mobile, try to use our Westpac App rather than signing in to the website – unless you wish to access an advanced business feature that’s not available in mobile.

5. Never bank on the net when you’re on public Wi-Fi

Public Wi-Fi is now widely available in malls, community spaces and on public transport – which can be very useful when you want some local information quickly. Be aware however that not only is public Wi-Fi often slow, it may not provide a secure internet connection either. That could make it susceptible to a hacker gaining access to the system and attempting to access user details, including logins.

6. Make the most of two-factor authentication

Two-factor (or two-step) authentication provides an extra layer of protection for transactions carried out online. In addition to accessing your account with a username and password, you can use an extra security device to confirm that the authorisation has come from you.


Westpac offers an SMS-based system (which sends your mobile a one-time code you use to authorise each transaction) and a physical SecurID® token (which generates a security code). Learn more about these options on our Westpac Protect page.

7. Keep your PC and mobile software up to date

To help avoid the risks posed by malware and other viral attacks, set your operating system and software applications to update automatically, and back up your business data to a separate drive or drives (such as the Cloud) on a regular basis.


Your anti-virus software should carry out regular scans of your system, whilst providing a firewall – but review your provider from time to time to ensure you are getting the best protection available.

8. Be aware of scam emails

Some risky emails can be spotted a mile off, due to their dreadful English. But others are far more sophisticated using logos, language and layouts that are just like those used by banks and utility providers. If you click on a link in one of these emails you could well be taken to a login page that looks like the real thing too, asking you to provide a username and password – which can then be used to access your account fraudulently.


Remember that a legitimate company would never ask you to log-in from a link in an email. Other clues to look out for are the email address used (which could use the company’s name but in an unusual way) and a lack of personalisation. Poor English is another sure sign of a scam.


If you receive a scam email that’s Westpac related, please report it immediately to

9. Keep an eye on your statements

Whether you’re using traditional or online banking, a regular check of your statements will help identify any unexpected or unauthorised transactions. Fraudulent activity involving Westpac accounts is covered by our Online Banking Security Guarantee.


Quickly checking statements at a time that suits – such as once a week at a particular time – is much easier now with the advent of eStatements.

10. Remember to sign out from online banking

That’s an appropriate point to finish on. Always use the sign out button as soon as you’ve finished your online banking, and for good measure close the browser window by selecting the ‘X’ too.


If you make your business a hard target for scammers and hackers, they will probably go looking for an easier target. Best practice at your end combined with the security features provided by Westpac, will help keep your online accounts safe and secure.

Things you should know

The information in this article is general in nature and does not take your objectives, financial situation or needs into account. Consider its appropriateness to these factors; and we recommend you seek independent professional legal and/or financial advice about your specific circumstances before making any decisions.