Another Victim of NatWest's Insecure Banking Security Systems
Options
Comments
-
Neither my Natwest nor my Barclays debit cards contain anything that resembles the username / membership number needed for logging in.
I think the quote you have used is from the part of the discussion about what happens if you say you have forgotten your user name / membership number.
It appears with NatWest and Barclays you can then re-register using you card details and a few other bits and peices that scammers could easily locate, such as date of birth and middle name (see post #53)0 -
p00hsticks wrote: »I think the quote you have used is from the part of the discussion about what happens if you say you have forgotten your user name / membership number.
That, but also Barclays and NatWest allow you to log on to online banking using the long card number instead of a username/membership number."In the future, everyone will be rich for 15 minutes"0 -
When you log onto Barclays you can use your long card number as your username, hence my saying the username is on the front of your debit card - it is the long card number. No point keeping your username secret!0
-
When you log onto Barclays you can use your long card number as your username, hence my saying the username is on the front of your debit card - it is the long card number. No point keeping your username secret!
They might have changed their system since I registered, but back then the username was given to you by Barclays, and if there is any randomness then it is only a small part of the username as a whole.
(unless by complete fluke a random process gave me a username which coincidentally has significant information in it :huh: )"In the future, everyone will be rich for 15 minutes"0 -
A thought... would it make sense for accounts to have different tiers of security? So someone like EachPenny who is clearly very good at keeping everything secure can have very feature rich frictionless online banking, whilst banks could have the discretion to disable certain features or require increased security for customers who opt in or have been caught out before?0
-
whilst banks could have the discretion to disable certain features or require increased security for customers who opt in or have been caught out before?
The problem is that everyone would lower the security level and then blame the bank when their money gets stolen. Like people write down pin numbers or use their DOB and then go crazy when the bank won't refund their card fraud.0 -
The problem is that everyone would lower the security level and then blame the bank when their money gets stolen. Like people write down pin numbers or use their DOB and then go crazy when the bank won't refund their card fraud.
I'm not envisaging the minimum security being any lower than it currently is today. But take the situation from the OP - if they could get a refund on condition that they could no longer set up new payees on online banking, but had to use telephone banking or a branch to do so (ie they had to move to a more secure account), would that be a reasonable model?0 -
The problem is that everyone would lower the security level and then blame the bank when their money gets stolen. Like people write down pin numbers or use their DOB and then go crazy when the bank won't refund their card fraud.
Although I recall a certain bank required customers who were the victim of fraud to install and use certain "security software" to continue using online banking. I don't know if they still do that. That's not an example of a good measure IMHO.
Being able to optionally change your username and require it for login (no card number fallback) would be an example of a good measure. Being able to disable online password resets and fall back to receiving a postal activation code would be another. Being able to upgrade from SMS authorisation to TOTP would be fantastic.0 -
Rosemary7391 wrote: »I'm not envisaging the minimum security being any lower than it currently is today. But take the situation from the OP - if they could get a refund on condition that they could no longer set up new payees on online banking, but had to use telephone banking or a branch to do so (ie they had to move to a more secure account), would that be a reasonable model?
A halfway position might be to allow customers read-only access to check balances and payments etc, but not to initiate transfers or payments without going through some further security system.
But with closures of their branch networks we might arrive in a position where older people (especially) have vey little choice when it comes to meeting their banking needs."In the future, everyone will be rich for 15 minutes"0 -
It is a valid point, and if banks are on the hook for loses suffered by customers who have been scammed we might arrive at a situation where banks decline to give 'vulnerable' customers access to online/phone banking (or withdraw it).
A halfway position might be to allow customers read-only access to check balances and payments etc, but not to initiate transfers or payments without going through some further security system.
But with closures of their branch networks we might arrive in a position where older people (especially) have vey little choice when it comes to meeting their banking needs.
It is really interesting to examine the assumptions under which systems operate. It often reveals why certain sections of society struggle!0
This discussion has been closed.
Categories
- All Categories
- 343.4K Banking & Borrowing
- 250.1K Reduce Debt & Boost Income
- 449.8K Spending & Discounts
- 235.5K Work, Benefits & Business
- 608.3K Mortgages, Homes & Bills
- 173.2K Life & Family
- 248.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 15.9K Discuss & Feedback
- 15.1K Coronavirus Support Boards