Natwest online banking security "upgrade" (NOT)

Levans

I logged on to Natwest's online banking this morning to be greeted with a message saying that as part of the next "upgrade" of the site, they will soon require a valid e-mail address for me, so that they can send me "important updates about products you hold with us"

I have 2 problems with this:

(1) I deliberately don't tell my bank my e-mail address as a basic security measure. Because they don't know my e-mail, I can guarantee that ANY e-mail I get purporting to be from NatWest is fraudulent, and so I automatically delete it without reading. If they're going to insist on having my e-mail address and using it to send me messages about my accounts, they are effectively destroying this extremely effective anti-phishing measure that I have set up.

(2) Any changes they make to my "products" (I hate that word) I want notification of in writing by post. An e-mail for such purposes is not acceptable to me. E-mails can be lost, intercepted and spoofed.

I suspect that demanding a customer's e-mail address has very little to do with account maintenance, and everything to do with pestering me with junk mail pushing financial products that I'm not interested in, degrading my online banking security in the process.

:mad:

Levans

Alx_B wrote: »

Admittedly it might be a bit of a stretch if you're already using their online banking, but you could claim that you don't use email regularly enough for it to be a reliable method of contact, & try insisting that you want correspondence regarding your accounts to be sent in writing.
It may be uncommon these days, but there must be people out there who just *don't* use email, & the bank must surely have to have some kinds of provision in place to deal with them?
Unless having an email address is to become a prerequisite for getting an account with them... :rolleyes2

Thanks for the swift reply- I may well try that. The wording in the message on the website today is vague, but it gives me the impression that when the demand for a valid address does pop-up, I will not be allowed to proceed until I give it to them. This could prove very inconvenient to a lot of people. Does anyone from NatWest ever read posts here? (Apologies, I'm a newbie).

oldagetraveller

I saw that too, this morning.
If necessary I will just create another Hotmail or Google Mail account and give them that e-mail address. They can spam away to their hearts content then.
I would think the "I don't use e-mail" excuse might not be good enough for them. It is online banking after all and would seem a bit odd to not use or have an e-mail address?
It will be interesting to see if by not providing an e-mail it's still possible to log in after the changes.
I presume not providing an e-mail will just mean it's not possible then to use online banking until one is supplied but obviously still be able use branches?
The message, yes, it is a bit vague!


**ONLINE BANKING IS BEING IMPROVED**


We'll be making a few changes to improve the look of your online banking service. We hope you like what you see.

**HAVE WE GOT A VALID EMAIL ADDRESS FOR YOU?**

In the next update to online banking, you will see the email address we hold for you on the 'Important Messages' page after you've logged-in. Please check this is correct and update it if you need to. If no email address shown, please provide one.

We need your email address to send important updates about the products you hold with us.

We will never send any email that contains a link asking you to enter your security details. For more information on how to stay safe online, please refer to our security centre in the 'Security' link at the top of this page.

Levans

Alx_B wrote: »

The only problem with giving them an addy for a spam account is that you'd still need to check the account regularly just to make sure you're not missing anything important from the bank.

This is my whole point! By Natwest not knowing any of my e-mail addresses, I can guarantee that *any* e-mail I get, to any of my addresses, are *not* genuine. By giving them *any* e-mail address, I would be laying myself wide open to 2 problems;

(1) If I were to ever check that address and find a message claiming to be from NatWest, there would be no way of knowing 100% that it is actually from NatWest (even if I've never given that address to anyone else, spambots generate millions of random e-mail addresses, and so there's a chance they'll hit upon mine) This is a degradation of the security I currently enjoy; i.e. I know that I haven't given Natwest my e-mail address, so I know that I won't be getting any legitimate e-mails from them.

(2) If I give them an e-mail address, NatWest can claim that I was informed about a change whether I have read the e-mail or not - potentially a problem, if a dispute arises over changes to my account T&Cs in the future. If they hold no address for me, they can't claim this, and it's not an issue.

MPH80

Levans wrote: »

(2) If I give them an e-mail address, NatWest can claim that I was informed about a change whether I have read the e-mail or not - potentially a problem, if a dispute arises over changes to my account T&Cs in the future. If they hold no address for me, they can't claim this, and it's not an issue.

That's just as equally true with a postal address. They aren't going to send things registered post - and even if they did there's no guarantee you'd read it.

From their point of view - they are saving money doing this - so it makes it a sensible way to progress.

I agree on your point about knowing it's a scam - but scam emails are easy to detect - they always have "click here to login/give us your details". Your bank will rarely send something like that.

M.

RayWolfe

MPH80 wrote: »

Your bank will rarely send something like that.

NEVER, not rarely!

Levans

MPH80 wrote: »

That's just as equally true with a postal address. They aren't going to send things registered post - and even if they did there's no guarantee you'd read it.

From their point of view - they are saving money doing this - so it makes it a sensible way to progress.

I agree on your point about knowing it's a scam - but scam emails are easy to detect - they always have "click here to login/give us your details". Your bank will rarely send something like that.

M.

As a Natwest customer who allows them to use my money to make them money, I'm not interested in them saving money in ways that degrade my online security.

Yes, snail mail can get lost too, but it's interception is much more difficult as it requires the physical presence of the criminal during it's transit. E-mail servers, on the other hand can be hacked from anywhere in the world...

I'm a very careful about e-mails generally, don't rely on them for critical or financial communications, and I have never fallen for a phishing scam, despite having been sent plenty of attempts (the funniest ones are for banks that I don't even have an account with). There is no point in introducing a new attack vector for fraudsters for no good reason, and there is no good reason why my bank should use e-mail to communicate with me when the existing system (letters in the post) work just fine. Saving money at the cost of my security is not a good reason from my perspective.

KiKi

I'm not being funny, but it's pretty easy to tell a scam email from a genuine email, regardless of how good the copy is and the images are. Firstly, the website won't be correct. Secondly, the English is likely to be terrible. And thirdly, your bank won't ever send you a link to log in from an email. I don't believe for one second that you couldn't genuinely tell if your email is from your bank or not.

And if you doubt it, call them.

But, seriously, if you are that security aware, and that worried about security, there's no way you're going to fall for a scam email. Most savvy people don't fall for scams - it's not just about being 'careful' on emails, it's about exercising some common sense about what your bank is and isn't going to ask you to do.

KiKi

ffacoffipawb

KiKi wrote: »

And thirdly, your bank won't ever send you a link to log in from an email.KiKi

Egg (Egg Money) do.

[Deleted User]

KiKi wrote: »

I'm not being funny, but it's pretty easy to tell a scam email from a genuine email [...] the English is likely to be terrible.

They can do a pretty good job though. This one almost fooled me...

---

Forwarded message

---

From: <paypalofficialnotice@hotmail.com>
Date: Mar 12, 2006 11:22 AM
Subject: Your Account Not Is Working Now Please
>
> Hello Paypal User Your account not is working now!
>
> You must reply this email with check with youre credit card number and
> address and name so i can check youre account is working now.
>
> Youre account will not work soon until account will work when you send number
> and expiry date. We will not be illegally buy with youre card. Beware illegally
> fraud mans and womans! This is a real email! You know because it come from
> pay pal. It says from pay pal at the end so you know it is not fake. If you do
> not send real credit card numbers for check there will be a bad fine.
>
> From pay pal ofices.
> This is a real email.
> paypalofficialnotice@hotmail.com
>
>


:rotfl:

KiKi

Gosh, that would have almost fooled me...the fact that it says it's a real email must mean it's true.

Yes, okay - Egg Money do provide a link, but not to 're-enter your security details'. And they make it very very clear: they use your name in the email, not a generic one. Plus, if you don't want to use the link, don't. Go to the site itself and do it; I always do that anyway.

My point was really that if the fear of giving your bank your email address is because you don't want to compromise your "extremely effective anti-phishing measure"....the other just as extremely effective measure is never click on a link in any email. It has exactly the same effect.

KiKi