We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Dangerously Insecure Internet Banking?
Flynn_2
Posts: 105 Forumite
I noticed someone mention how easy it was to login to their Abbey on-line accounts. Easy certainly, but also looks scarily insecure to me. To login to Abbey all you need is to enter your cashcard number, your password, and a pin.
Just those same identical items give access every time. So if anyone observes you entering those details, either in the room or remotely, e.g. using keylogger software, they can access your account at will. Keylogger software is freely available all over the net.
Once in they can on most accounts transfer your money as Abbey put it "to any UK Bank or Building society" without needing any other information. The password isn't even case-sensitive so is less secure than the password needed to post on most internet forums.
More secure systems request random letters from the passwords PINs so that even if you are observed, a different imput is needed for entry next time. Still worth changing the details regularly for maximum security.
Natwest now go a stage further and issue customers with a small card reader that generates random codes to authorise any new transfer mandate. New mandates require your card, card PIN, the device, and the authorisation number it generates.
Primitive systems like Abbey's look like an accident waiting to happen. Only hope their customers run a good anti-virus good and often and only ever access their account from their own PC and never one on a network. They need to be especially careful if anyone else, especially unsupervised youngsters, have access. :rolleyes:
Just those same identical items give access every time. So if anyone observes you entering those details, either in the room or remotely, e.g. using keylogger software, they can access your account at will. Keylogger software is freely available all over the net.
Once in they can on most accounts transfer your money as Abbey put it "to any UK Bank or Building society" without needing any other information. The password isn't even case-sensitive so is less secure than the password needed to post on most internet forums.
More secure systems request random letters from the passwords PINs so that even if you are observed, a different imput is needed for entry next time. Still worth changing the details regularly for maximum security.
Natwest now go a stage further and issue customers with a small card reader that generates random codes to authorise any new transfer mandate. New mandates require your card, card PIN, the device, and the authorisation number it generates.
Primitive systems like Abbey's look like an accident waiting to happen. Only hope their customers run a good anti-virus good and often and only ever access their account from their own PC and never one on a network. They need to be especially careful if anyone else, especially unsupervised youngsters, have access. :rolleyes:
0
Comments
-
But before you withdraw all your savings and keep them in a box under your bed, remember that under the UK banking code you are not responsible for fraud on your account unless you have negligently written down your account access information or given it to someone else.
Agree though that some banks seem to be weaker than others. Egg similarly asks for complete information each time.
Personally I think these random code generators are a waste of time and money. I'd rather have additional verification controls or even have to call up if I want to transfer a large sum to a new third party, which is the major risk.
R.Smile
, it makes people wonder what you have been up to.0 -
PC Pro Magazine (May issue) has a survey on Online banking and how secure or otherwise it is and FWIW Abbey get's a pretty low rating, 2 stars as opposed to Nat West and RBS 5 stars.
Worth a read TBH. 0 -
Hmm, I assume you're aware of the many reported cases where money has disappeared from accounts and the banks have refused to admit that a third party was involved? Proving fraud and your own non-involvement or proving that you weren't negligent isn't always easy and dealing with Abbey is a nightmare as many have found. The Observer newspaper had a column solely devoted to dealing with Abbey problems. They came last in the BBC Watchdog poll.But before you withdraw all your savings and keep them in a box under your bed, remember that under the UK banking code you are not responsible for fraud on your account unless you have negligently written down your account access information or given it to someone else.
The Abbey system is amazingly insecure especially for the many who don't fully understand keeping their pc secure. The answer isn't to keep your money under the mattress but to use a bank that understands security.Personally I think these random code generators are a waste of time and money.
The Natwest number generator is only needed when a new mandate to pay away money is set up and not to login so hardly a lot of time involved but significantly safer. Probably costs less to produce than one of Abbey's glossy brochures.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.2K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.3K Spending & Discounts
- 245.2K Work, Benefits & Business
- 600.9K Mortgages, Homes & Bills
- 177.5K Life & Family
- 259K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards