We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Online banking security - why all so different?
FinanciallyChallenged
Posts: 16 Forumite
Why it is that different banks have such different methods of online banking security?
TSB/Halifax/First Direct/Santander all seem to manage without any kind of extra security device apart from a mobile phone.
Nationwide has a card reader but I can generally avoid using that as it's only necessary for making a payment to a new payee. From memory, Natwest had a similar system. The card readers are interchangeable between banks and bank accounts so you can have several of them in different places around the house/car/handbag which helps to minimise the irritation.
Clydesdale has a token that you need to use to make payments of >£250 - annoying, but I avoid using it by making multiple smaller transactions.
I've just got an M&S account and their system seems really annoying. It's an account specific device and I need to use it every time I want to log in to online banking. (Their mobile banking app is absolutely useless but that's another story!) I don't understand why M&S feel the need for higher security than other banks. Also, as M&S and First Direct are both under the HSBC umbrella, why do they have such different systems?
I'm an avid online/mobile banker so, if i weren't for M&S's switching and retention incentives, I would be off like a shot as their systems are just too annoying/useless!
TSB/Halifax/First Direct/Santander all seem to manage without any kind of extra security device apart from a mobile phone.
Nationwide has a card reader but I can generally avoid using that as it's only necessary for making a payment to a new payee. From memory, Natwest had a similar system. The card readers are interchangeable between banks and bank accounts so you can have several of them in different places around the house/car/handbag which helps to minimise the irritation.
Clydesdale has a token that you need to use to make payments of >£250 - annoying, but I avoid using it by making multiple smaller transactions.
I've just got an M&S account and their system seems really annoying. It's an account specific device and I need to use it every time I want to log in to online banking. (Their mobile banking app is absolutely useless but that's another story!) I don't understand why M&S feel the need for higher security than other banks. Also, as M&S and First Direct are both under the HSBC umbrella, why do they have such different systems?
I'm an avid online/mobile banker so, if i weren't for M&S's switching and retention incentives, I would be off like a shot as their systems are just too annoying/useless!
0
Comments
-
I don't know why they are different but I suppose that if they were all the same then hacking them would be easier.
I have the same card reader type of thing from Coop and Nationwide and as you say the devices are interchangeable so one at home and one with me works Ok.
Santander uses the one Time Pass code to the mobile phone - that's probably the most convenient.
The small device from M&S is very similar but different to the device from First Direct - these are probably me least favourite.
My MIL has a small card with a grid of characters and has to supply two given the row and column address during a sign on to one of her accounts - can't remember the bank that is with. That one is too easy to lose in my opinion.0 -
We have one of those from the Coventry.My MIL has a small card with a grid of characters and has to supply two given the row and column address during a sign on to one of her accounts - can't remember the bank that is with. That one is too easy to lose in my opinion.
I do all my banking in my office (alright, spare bedroom) so all these devices are in the drawer. I've never felt the need to bank while mobile.
On the "Why are they all different" front, we have a Santander joint account & the log in procedure for me & the wife are totally different.Tall, dark & handsome. Well two out of three ain't bad.0 -
Me too. It's easy enough to copy the grid to something like Keepass so that it can be stored alongside other passwords etc.EssexExile wrote: »We have one of those from the Coventry.Stompa0 -
EssexExile - My husband and I also have very different Santander log in procedures. We think it is because my accounts started life with Abbey National, and his were with Alliance and Leicester.0
-
Apps are moving to using biometric ID, e.g. Touch ID on IOS devices. A couple of the banks I hold accounts with are offering this now.
Online banking login can be simplified by using account aggregators, such as accountunity.0 -
EssexExile wrote: »We have one of those from the Coventry.
I do all my banking in my office (alright, spare bedroom) so all these devices are in the drawer. I've never felt the need to bank while mobile.
On the "Why are they all different" front, we have a Santander joint account & the log in procedure for me & the wife are totally different.
I travel on business so it is sometimes necessary to do some banking from my hotel rather than my home.
Now you mention it, yes my OH and I have different sign-on procedures with Santander. I think that is because her account was opened some time before mine. Both with Santander rather than any predecessor bank.0 -
Biometric ID would be brilliant. Which banks are doing that already?0
-
I got rid of my M&S account in the end for this reason, I kept losing the key fob thing and their app is the worst iv'e seen.0
-
Yes my online security is different from my OH on our San 123 accounts.
On a slightly different point - but still on security - I have just been refused information on an account that I opened years ago because the email address I'd sent from was not the one they had on record.
Using email addresses as security is inherently NOT secure.
anyone who has admin access to a Microsoft Exchange server with an account on it, can change the 'default SMTP address' ...i.e. the address an email appears to come from, to - I think - anything they like (although it may have to be from a valid domain name )
If I (still...) had access to an Exchange server it would have been the work of seconds to set up a dummy account and change the default SMTP address to be the one they wanted to see......0 -
Different banks use different risk factors which means they end up with different ideas of what is more secure. There's also their existing systems and policies which online secutiry has to fit into. Then theres just personal opinions and preferences of the people involved in the design and building of the system, as well as the implementation cost.
Its kinda like asking why different cars have different shapes - surely one shape is the most aerodynamic and thats that... But its not quite that simple.Never argue with stupid people, they will drag you down to their level and then beat you with experience.- Mark TwainArguing with idiots is like playing chess with a pigeon: no matter how good you are at chess, its just going to knock over the pieces and strut around like its victorious.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.7K Banking & Borrowing
- 253.4K Reduce Debt & Boost Income
- 454K Spending & Discounts
- 244.7K Work, Benefits & Business
- 600.1K Mortgages, Homes & Bills
- 177.3K Life & Family
- 258.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards