We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
'Rapport' Security
Options
Comments
-
I don't think I'd call it phishing when the genuine webpage is being modified to insert a different login form onto the page. It sounds like the poster went to the correct Natwest login page. It isn't clear exactly how the information would have been transmitted to the bad guys, but keylogging would be simpler than setting up a phishing website to receive the details. Both could have been used, though.Was that not a form of keylogging not phishing? i.e. could they not put an overlay onto your sign and get your id and password?0 -
My rapport with natwest didnt flag up any issues when a frame was injected/overlayed on top of my normal login page asking for extra info, in fact rapport gave it the green light. dont trust it!0
-
chris_wales wrote: »My rapport with natwest didnt flag up any issues when a frame was injected/overlayed on top of my normal login page asking for extra info, in fact rapport gave it the green light. dont trust it!
After all the fuss it may do next time, good point about staying on your guard. The question is would you have noticed if they had just asked for your password and login?'Just think for a moment what a prospect that is. A single market without barriers visible or invisible giving you direct and unhindered access to the purchasing power of over 300 million of the worlds wealthiest and most prosperous people' Margaret Thatcher0 -
A&L appear to be taking a tougher stance on Rapport being a 'must' in certain cases, asking customers to prove they have it installed:
http://forums.moneysavingexpert.com/showthread.html?t=2357223To get a new pin I have had to take a screenshot of A&L login page showing rapport on (green)
This follows another instance back in January:
http://forums.moneysavingexpert.com/showpost.html?p=30073877&postcount=30
My view is it would be quite wrong to make the installation of Rapport compulsory and a condition of online banking -- if that's what they're doing, and ultimately have it in mind across the board.
It wasn't the impression the Trusteer rep (now PPR'd) had earlier on in this thread in Feb (p3, #50), when they said:
We’re not aware of any bank that currently insists on their customers using the Rapport software, although at the end of the day it’s up to each bank to decide how they implement it.
(though the 'currently' and ending caveat could be telling).
I suppose if it's only insisted upon if a user's computer has been compromised in some way (as seems to be the case in the two examples so far) there could be some justification for A&L's position, but still think it's a worrying development in a 'thin end of the wedge' sense.~cottager0 -
Having read the A&L thread I am flabbergasted. Surely no bank should need to ask a customer to provide a screenshot showing a Rapport login (which can presumably be easily faked) and (apparently) request it to be sent to them as an email attachment. Their online internet software must itself be able to prove Rapport was enabled when a customer connects, without the need for a customer, who may not be internet savvy, to do the work for them. But if this story is true it is a very worrying trend.
I have purposely not installed Rapport for my HSBC banking. Apart from various issues reported in this thread, it is not at the moment apparently compatible with Opera. OK, because of minor compatibility issues with Opera I access online banking with Firefox, but an application like Rapport is meant to protect you from Phishing emails so it must also protect your normal day-day browsing otherwise it is effectively useless. There is no way they can make it compulsory until they cater for people outside the IE/Firefox Windows market - and after the MS Browser Ballot screen there are going to far more or those in the future.0 -
Hi, I can verify it is true as it is me it,s happened to, I am the victim.I supplied the screenshot, to both Rapport and A&L, after 30 minutes phone call with A&L security, who e-mailed me with the instructions.Masonic will vouch for the conversation , debate we had whether to instal Rapport or not. HSBC advised me to do it, it,s my link A/c to A&L. A&L insist it,s on, hence the screenshot proving it.I am still awaiting my new pin, but they are leaving the 8 digit ID number the same, even though both were breached.I asked him to change ID number, said no need.I complained 5 digit pin was not secure enough, they say it is, my third line of defence, personal data was not breached, 3 attempts, hence the block on my A/c. No one notified me about the compromise, only when I tried to log in did I notice the block on, 0844 call verified the block and compromise details.A&l also stipulate that history etc is deleted before logging on typing URL in, not bookmark or favourites, and never google.They never explained how I was compromised as all my bank A/cs are on favourites and verified by Rapport before putting on favourites.Now that,s from the horses mouth. e-mail can be suppled if you want to see it;I reckon to be fairly savvy, and comp is clean. Masonic being my mentor;;;The reason I posted it separate from this thread is as I do not know how I was compromised, my entries regarding this thread are way back as Masonic said, Jan/Feb, in conjuntion with HSBC employee recommending Rapport and their login page.spenderdave wrote: »Having read the A&L thread I am flabbergasted. Surely no bank should need to ask a customer to provide a screenshot showing a Rapport login (which can presumably be easily faked) and (apparently) request it to be sent to them as an email attachment. Their online internet software must itself be able to prove Rapport was enabled when a customer connects, without the need for a customer, who may not be internet savvy, to do the work for them. But if this story is true it is a very worrying trend.
I have purposely not installed Rapport for my HSBC banking. Apart from various issues reported in this thread, it is not at the moment apparently compatible with Opera. OK, because of minor compatibility issues with Opera I access online banking with Firefox, but an application like Rapport is meant to protect you from Phishing emails so it must also protect your normal day-day browsing otherwise it is effectively useless. There is no way they can make it compulsory until they cater for people outside the IE/Firefox Windows market - and after the MS Browser Ballot screen there are going to far more or those in the future.0 -
They can't, because Rapport does not meddle with your internet traffic. It is undetectable from the outside, except when it sends information back to Trusteer. If it did, that would be far more worrying!spenderdave wrote: »Their online internet software must itself be able to prove Rapport was enabled when a customer connects, without the need for a customer, who may not be internet savvy, to do the work for them.0 -
It is a shame A&L have not been a bit more forthcoming about exactly what happened, although that's to be expected in a situation like this. It sounds as though somebody found out your 5-digit PIN somehow, but didn't know anything else. The IP address of the machine used and the actual information entered would probably be quite revealing, but I doubt you'll get any more information out of A&L.The reason I posted it separate from this thread is as I do not know how I was compromised0 -
They found the 8 digit ID number and 5 digit pin, but failed the persnal self selected questions, or did they? A&L made me feel guilty,screenshots, passport ID, etc.Something just does not seem right, but as you say, A&L are not going to admit a loss if it,s their fault:If I didn,t have Rapport on, I wonder if I would have taken a loss?It is a shame A&L have not been a bit more forthcoming about exactly what happened, although that's to be expected in a situation like this. It sounds as though somebody found out your 5-digit PIN somehow, but didn't know anything else. The IP address of the machine used and the actual information entered would probably be quite revealing, but I doubt you'll get any more information out of A&L.0 -
They can't do that. That's why they are making sure you have it running now before they reactivate your account. At the end of the day you can't prove it was running in the past (and they can't prove it wasn't). I don't think there was a loss. They would have needed your password that you use when you set up a new payee and you never get asked to enter that in full.They found the 8 digit ID number and 5 digit pin, but failed the persnal self selected questions, or did they? A&L made me feel guilty,screenshots, passport ID, etc.Something just does not seem right, but as you say, A&L are not going to admit a loss if it,s their fault:If I didn,t have Rapport on, I wonder if I would have taken a loss?0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.9K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.9K Work, Benefits & Business
- 598.7K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards