Acorns, an app that lets users invest small change on the stock market, is on a collision course with one of Australia's largest banks.

In August, it accused the Commonwealth Bank of Australia (CBA) of discouraging customers from sharing their banking password with the micro-investment startup. Now Acorns local managing director George Lucas says CBA has tested technology that blocks the app almost entirely.

On Oct. 14, Acorns noticed CBA users were getting error messages when they entered their banking details on Acorns, Lucas told Mashable. One of the app's key offerings relies on users sharing their banking details so it can track their purchases and invest the extra change.

It appeared the bank was blocking Acorns' financial data aggregation provider Yodlee as it tried to access the data of CBA customers who were also Acorns users, he said. What seemed to be a "software test" lasted until at least Oct. 19.

Yodlee, a U.S. company that aggregates financial data, acts as a secure go-between for Acorns and the CBA, encrypting the user's password. Yodlee's services are also used by major Australian banks such as ANZ.

A Yodlee spokesperson told Mashable it doesn't comment on specific details about customers and partners.

Of the more than 65,000 people who have given Acorns permission to access their bank accounts in Australia, around 20,000 are CBA customers. Being permanently blocked by CBA would be fatal to Acorns, Lucas argued.

"When you talk to the CBA, they'll go 'because of security issues, we can't talk about it,'" he said.

Image: acorns

"Security is a top priority for Commonwealth Bank," Pete Steel, CBA's executive general manager of digital, told Mashable in a statement. "Our security team routinely look for automated systems attempting to access client accounts and continually upgrade security controls.

"If we detect activity that could be a threat to customer security, we consider a range of actions which might include informing affected customers, or preventing unauthorised access."

The bank did not detail any specific security concerns it had about Yodlee or Acorns, which is registered with the Australian Securities and Investments Commission (ASIC). Nor did it confirm it had used software in the manner alleged by Acorns.

David Glance, director of the centre for software practice at the University of Western Australia, told Mashable he could see how an app like Acorns might be deemed a security risk.

"Having something coming in and accessing an account in that way, it does potentially present a problem," he said, adding he would not give his own bank details to third party providers. "You have to distinguish that from other types of attacks or people accessing accounts illegally."

Still, given CBA shares bank feed data with corporate third parties like accounting software MYOB, he questioned why there was no secure information-sharing program in place for more consumer-focused startups, such as Acorns.

The uncertain future of fintech

Australia's banking sector only has four major players, meaning it's more than able to pick fintech's winners and losers if it chooses to.

While the legality of sharing your banking password is still a grey area, Lucas argued that Acorns has the consent of the user when it accesses their CBA account via Yodlee.

"What you want to be able to do is dictate which fintechs are allowed to access CBA data, and therefore which fintechs are allowed to flourish and which ones aren't," Lucas said, addressing the bank.

In fact, CBA is not the only bank that's pushed back against fintech upstarts encroaching on its space: JPMorgan Chase CEO Jamie Dimon has also warned U.S. customers off sharing data.

Lucas suggested CBA might be nervous about Acorns' appeal to young people, who may choose new fintech providers rather than the bank's own fund management options. CBA's ComSec is the biggest online broker in Australia.

"It's very hard to set the agenda outside the big banks because of the power they hold in the market," Lucas said.

Ironically, CBA is currently making a similar argument to that of Acorns, but about the tech giant Apple.

CBA, along with Bendigo and Adelaide Bank, National Australia Bank, and Westpac, have applied to the Australian Competition and Consumer Commission (ACCC) in order to negotiate together with Apple over Apple Pay.

"It's very hard to set the agenda outside the big banks because the power they hold in the market."

The group argues that Apple's unwillingness to open up its hardware to third-party payment providers stifles innovation and competition. Apple, for its part, claims to do so would be a security threat.

"The banks can't use that argument when it comes to Apple, and then turn around and argue the exact opposite when it comes to smaller competitors," Glance said. (He made a submission on the issue to the ACCC.)

"Our banking market is a monopoly," he added. "Their words are hollow in that case — on one hand, they're arguing Apple should not be allowed to shut out competitors, while they do exactly that to third-party providers."

CBA's Steel said the bank recognises there is demand from customers to allow new fintech providers to access their bank account. "Commonwealth Bank is supportive of innovation where there is a genuine benefit for customers," he said.

The bank declined to explain how it determines "genuine benefit."

An ASIC spokesperson confirmed to Mashable it was looking into the issue between Acorns and CBA but could not comment further.