There is a couple of these services [1, 2] which are going on right under the banks noses. The customer enters their internet banking credentials into the 3rd party website to facilitate an confirmed funds transfer to a merchant.
In both cases these clearly appear to undermine the long touted dictum of banks to their customers - not to share internet banking credentials or enter them in at any website other then the bank’s.
Why is this going on right under the bank’s nose and why aren’t they (In this case the BNZ) doing anything about it? I’m sure they could put a stop to this quite easily if they had the will. In the case of Payment Express, they are a company which partners with banks (incl. BNZ) and receives referrals from them.
I refer to the following in BNZ’s “Internet banking terms and conditions” :
_ 8.5 Protecting your Login Details, NetGuard Device and Fingerprint Login: You are responsible for keeping your Login Details, NetGuard Device and Fingerprint Login secure. You must:_
© not voluntarily or recklessly disclose your Login Details or details related to your NetGuard Device to any other person (including the police, bank staff or your family);
Has the BNZ given these companies a pass, and if so, can the BNZ confirm a customer will be covered for any losses incurred as a result of using one of these services -or- if this is not the case, why is the bank not bringing pressure to bear (and any other technical, legal and commercial remedies) on these services for blatantly undermining the bank’s policies and public message? 
Payment Express: https://www.paymentexpress.com/Products/Ecommerce/account2account
BNZ Internet Banking Terms and Conditions - Security section: https://www.bnz.co.nz/about-us/governance/terms-and-conditions/internet-banking#security
BNZ Online Banking Security: https://www.bnz.co.nz/support/banking/privacy-and-security/online-banking-security
Here’s what you can do to help
NetGuard offers you super secure internet and mobile banking, but here are some simple things you can do to help.
- Never follow links from an email, or a non-BNZ website, asking you to log into our internet or mobile banking services