We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
First Direct & Card Readers
Comments
-
JohalaReewi wrote: »I had a mailer from FD about this in the post. Arrived yesterday.
I have received nothing from FD about this yet0 -
If you had followed the forum etiquette, then no, but I wouldn't have posted if that was the case.
Please be more careful in the future and trim your quote to the appropriate parts.
Sorry will not be watched over by you.
The manor of your first reply came over that you are really superior.:T0 -
The secure keys are not particularly beneficial to increase security. They do add to the complexity of operating an online account. Their main purpose is probably to protect the bank, and make it easier to claim that the customer is liable as they did not follow the procedure correctly. I suspect that increased complexity makes it easier for social engineering attacks, and I believe there have been demonstrations of how to subvert these systems through versions of man in the middle attacks. Basically nothing is ever entirely safe (especially where humans operators are involved), and most security systems are compromised quite quickly if the rewards are big enough.
The good thing is that FD is using several systems (so you dont HAVE to carry around yet another easily broken or lost gadget), the smartphone app does work on two of the smartphone OSs (but hard to keep with the increasing numbers and versions of OSs), and its only necessary for relatively unusual transactions. However the time will come when a customer doesn't have the gadget or the phone battery is flat, and this forces customers back onto giving security details on an open phone line. Guess what? That is the biggest threat of all.
For a long time I've been pleased that FD's security is light enough that its possible to use without writing down credentials (i.e. they are memorable). Its a shame they have followed this approach which is obviously just another cosmetic attempt to increase apparent security, without actually really doing so, and mainly motivated to increase customer liability rather than the banks.
Anyway FD just got quite a few negative points on its much vaunted customer friendliness...0 -
...it did occur to me that this change might be as a result of changing to a new regulator...
www2.firstdirect.com/content_static/pdf/FSA_to_FCA.pdf0 -
The secure keys are not particularly beneficial to increase security. They do add to the complexity of operating an online account. Their main purpose is probably to protect the bank, and make it easier to claim that the customer is liable as they did not follow the procedure correctly. I suspect that increased complexity makes it easier for social engineering attacks, and I believe there have been demonstrations of how to subvert these systems through versions of man in the middle attacks. Basically nothing is ever entirely safe (especially where humans operators are involved), and most security systems are compromised quite quickly if the rewards are big enough.
The good thing is that FD is using several systems (so you dont HAVE to carry around yet another easily broken or lost gadget), the smartphone app does work on two of the smartphone OSs (but hard to keep with the increasing numbers and versions of OSs), and its only necessary for relatively unusual transactions. However the time will come when a customer doesn't have the gadget or the phone battery is flat, and this forces customers back onto giving security details on an open phone line. Guess what? That is the biggest threat of all.
For a long time I've been pleased that FD's security is light enough that its possible to use without writing down credentials (i.e. they are memorable). Its a shame they have followed this approach which is obviously just another cosmetic attempt to increase apparent security, without actually really doing so, and mainly motivated to increase customer liability rather than the banks.
Anyway FD just got quite a few negative points on its much vaunted customer friendliness...
indeed
the message you have entered is too shortHi, we’ve had to remove your signature. If you’re not sure why please read the forum rules or email the forum team if you’re still unsure - MSE ForumTeam0 -
...it did occur to me that this change might be as a result of changing to a new regulator...
www2.firstdirect.com/content_static/pdf/FSA_to_FCA.pdf
indeed
the message you have entered is too shortHi, we’ve had to remove your signature. If you’re not sure why please read the forum rules or email the forum team if you’re still unsure - MSE ForumTeam0 -
I have just rung FD as I got the email from them with the 3 choices.
Option 3
reduced functionality is not really an option.
Option 2 is the Secure Key, approx 2/3rd the size of a credit card as used by its HSBC sibling. Its cumbersome and tiring to use with all the steps to login on both the PC and key.
Many people in IT requiring access to their own company systems use a much smaller key and login mechanism. Which is more of a key fob than this mini calculator. Some password details and the unique changing code on the key via a single press and hey presto secure access.
I hate the calculator, and definitely dont want to carry two around
Option 1
Digital secure key. This can only be downloaded from the AppStore or Google play, both of which force you to create further credentials to allow a download. Why is the software not available directly from the banks own website ???
This can supposedly be used for both internet banking by PC ( so would have to be installed on any PC you potentially used) , or on a smartphone which I will never do. If banks insist on taking to you on landlines for security, why is a mobile accepted for carrying out a transaction !!!!
Having rung to discuss I was amazed at the lack of information that the support/customer service team have on this issue. They dont know that it can only be downloaded from a 3rd party site, and they cant find the informtion on their own site that makes this clear as the search option does not find the related page.0 -
I really can't see this as an issue. The credentials are necessary to operate the phone under everyday circumstances (Apple ID for AppStore and Google ID for Google Play). Without these the phone a pretty much useless. Delivering the apps via the official route improve security, not lessens it. The alternative would require rooting of phones which would be mean the phone is a security risk in its own right and you would never want to put a banking app on that.redandwhitewizard wrote: »Option 1
Digital secure key. This can only be downloaded from the AppStore or Google play, both of which force you to create further credentials to allow a download. Why is the software not available directly from the banks own website ???MFiT-T3 #149: {Q4/14} (£46,447)-->(£0) ~ +£46,447=100%
Mortgage Free: 1st October 2014 :j0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.2K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.3K Spending & Discounts
- 245.3K Work, Benefits & Business
- 600.9K Mortgages, Homes & Bills
- 177.5K Life & Family
- 259.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards