We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Bank security and email accounts
Murmansk
Posts: 1,213 Forumite
Given that emails are not a very secure method of communication it seems to me that there is a significant security risk in the way in which, if you were to forget your internet banking details, your bank might send you a link via email to change your login details.
If someone had been able to hack into your email account they'd presumably be able to get hold of the link sent by the bank and get into your account.
I suspect most people don't have a particularly secure email account - a lot might not even know their password and I'm sure the majority don't use two factor authentication or any extra security.
We never seem to hear this mentioned in advice given out re bank fraud and how to avoid it - I wonder if this is because it's not actually as great a weakness as I suspect or that they've decided it's too "techy" for anyone to be able to understand it or do anything about it?
If someone had been able to hack into your email account they'd presumably be able to get hold of the link sent by the bank and get into your account.
I suspect most people don't have a particularly secure email account - a lot might not even know their password and I'm sure the majority don't use two factor authentication or any extra security.
We never seem to hear this mentioned in advice given out re bank fraud and how to avoid it - I wonder if this is because it's not actually as great a weakness as I suspect or that they've decided it's too "techy" for anyone to be able to understand it or do anything about it?
0
Comments
-
I wonder if this is because it's not actually as great a weakness as I suspect or that they've decided it's too "techy" for anyone to be able to understand it or do anything about it?
Mainly the former. Whilst emails can be "hacked" and intercepted - it's more effort than the average fraudster is willing to put in. It's most definitely *not* the weakest link.
There is probably also an aspect that email security isn't the bank's direct responsibility.0 -
Would you care to name some banks that do this?it seems to me that there is a significant security risk in the way in which, if you were to forget your internet banking details, your bank might send you a link via email to change your login details.
For example, in the case of Barclays, if a customer forgets their online banking passcode then:
"You can re-order your passcode online by clicking the 'Forgotten your passcode?' link (by the passcode field) on the log-in page, but for security reasons we have to send this to you in the post. You can also request a new passcode in branch, but this will also be posted out to you. Please note that you can only order a passcode once in 7 days."
https://www.barclays.co.uk/help/online-banking/login/forgot-details/0 -
Possible if you are talking about Web Mail but unlikely if you access your emails via an email client and POP3 as then the original emails won't be online and will be deleted from any online version once you have downloaded them. That in itself is an important difference between Web Mail, often indeed with poor security, and POP3.Given that emails are not a very secure method of communication it seems to me that there is a significant security risk in the way in which, if you were to forget your internet banking details, your bank might send you a link via email to change your login details.
If someone had been able to hack into your email account they'd presumably be able to get hold of the link sent by the bank and get into your account.0 -
Given that emails are not a very secure method of communication it seems to me that there is a significant security risk in the way in which, if you were to forget your internet banking details, your bank might send you a link via email to change your login details.
Even if they do send you an email (which i don't know many that do) I've never known one to send a link you have to click on. They may send email you a code you have to enter while resetting your details online but they will also ask for things like DOB, Card number and possibly other details.
No bank will just rely on sending a link in an email to reset your details. Your probably thinking of if you forget your password on a site like this forum and you get sent a link because it's not that important if it's intercepted.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 354.3K Banking & Borrowing
- 254.4K Reduce Debt & Boost Income
- 455.4K Spending & Discounts
- 247.3K Work, Benefits & Business
- 604K Mortgages, Homes & Bills
- 178.4K Life & Family
- 261.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards