Strong Customer Authentication - **Now delayed** changes to online verification

masonic

molerat wrote: »

Nationwide do not have a mobile number for me to use as SCA and asked me to confirm / change the number. Problem is you can't add / change a mobile in on line banking and need to fill in a form and take into branch.

I seem to have the ability to add/update phone numbers online, including mobile phone number.

Manage > My Details > Change my phone number

"View and update the contact details we hold for you, and change your marketing preferences.

Current phone numbers
All your accounts will be updated with any changes you make here. If you don't want to change all your accounts, please use the Special requirements - Change of Address Form.

Changes to phone numbers will take effect immediately."

molerat

masonic wrote: »

I seem to have the ability to add/update phone numbers online, including mobile phone number.

Manage > My Details > Change my phone number

"View and update the contact details we hold for you, and change your marketing preferences.

Current phone numbers
All your accounts will be updated with any changes you make here. If you don't want to change all your accounts, please use the Special requirements - Change of Address Form.

Changes to phone numbers will take effect immediately."

Don't have that option, only to use the special requirements form, maybe because this is a very old account. I couldn't even get into the changes page earlier and it locked me out asking me to answer security questions that I am positive I had never set up. Once the account was reset it asked me to set up the 5 security questions.


edit: Cracked it - open a FlexDirect account and it asks for phone number. Checked my details and mobile is there. Still no ability to change it though.

KimballKinnison

The Financial Conduct Authority (FCA) referred me to their document, "Payment Services and Electronic Money – Our Approach The FCA’s role under the Payment Services Regulations 2017 and the Electronic Money Regulations 2011 June 2019 (version 4)":
<Sorry as a new user you are not allowed to post with links.>
Section 20.21 states:
"...For example, not all payment service users will possess a mobile phone or smart phone and payments may be made in areas without mobile phone reception. PSPs must provide a viable means to strongly authenticate customers in these situations."

I am without mobile phone reception.
I have raised a formal complaint, quoting the FCA document, with Asda Money (credit card) who stated in an email (25/8/19):
"Unfortunately if you do not possess a mobile phone, after September 2019 you will no longer be able to use your card online."
Also Virgin Money (savings) who stated in an email (9/8/19):
"...you won’t be able to access your account online if we don’t have your mobile number."

colsten

KimballKinnison wrote: »

I am without mobile phone reception.

You should consider WiFi calling.

Uxb1

Wifi calling seems only available from UK networks if you have a pay monthly contract.
Anyone on PAYG cannot get wifi fi calling.
Furthermore O2 (as of 2018) only allowed wifi calling if you had O2 firmware on your phone if it was android - ie you had to buy your android phone from O2 as well.

I've long held the opinion that as part of these 2FA changes HMG should simply have called in the network operators and made it simple and plain - You implement wif-calling on all tarrifs and phones which can manage it - or you get no more spectrum - get on with it.

molerat

colsten wrote: »

You should consider WiFi calling.

If only it were that simple. For instance my phone hardware is capable of wifi calling but the combination of firmware and network operator make it unavailable - MrsM with the same phone can. It should not be that difficult and it seems that, from the post above, the banks are not complying with the FCA's interpretation of the regulations and making it more difficult.

adindas

Browntoa wrote: »

M&s is HSBC , same card reader and m&s app

OTP to mobile , initially also to email but only temporary basis later text only or ring bank

https://bank.marksandspencer.com/security/how-we-protect-you/otp-faqs/

SuiDreams wrote: »

HSBC, M&S and FD its currently a secure key device NOT a card reader. Can also use digital secure key. Its optional for logging in at the moment and only required for adding payees etc currently. Must use this to log in from 5th September.

I understand HSBC is now giving an option to replace physical secure key with digital secure key with their apps. Some people especially those who are banking with many banks do not like to install too many banking's apps on their mobile.

Is there any way to receive OTP by text your mobile phone number (instead of installing apps) with HSBC banking Group ?

I do not think the "Physical secure key" of HSBC banking group is interchangeable. If my memory served well, I remembered I tried it with FD and M&S a few time they were not interchangeable. Also I remember i read somewhere that the physical secure key they is linked to each specific account, so they can not be interchangeable. I wonder about other people experience about this ?

18cc

Physical secure keys are locked to the account for FD and cannot be interchanged

pafpcg

SuiDreams wrote: »

HSBC, M&S and FD its currently a secure key device NOT a card reader. Can also use digital secure key. Its optional for logging in at the moment and only required for adding payees etc currently. Must use this to log in from 5th September.

That's what it says on the website, but in practice.....

My partner has always had difficulty with the tiny physical keypad so has inevitably used the password route to login to online banking. To check that this month's payment to the regular saver was credited this morning, she tried to login but having supplied the passphrase etc, the system demanded that the smartphone app be downloaded and activated before proceeding - there was no other option such as using her Digipass keypad. She now has to ring up FirstDirect to somehow regain access (inevitably, FirstDirect phone lines are busy).

Investigating further, I found that she has no option at ANY stage to choose the login route using the physical keypad. For my account, at the first step, I was given a choice or either using the keypad or the password route; I was able to login using my keypad. Could it be that someone who used the password route the last time they logged-in (a month ago) is directed to a login screen which doesn't give the keypad option?

PS: We don't use smartphones - we use a simple PAYG mobilephone for Santander's OTP text messages.

UPDATE: After 15 mins on the phone explaining the problem, it transpired that the Secure Keypad device had been de-activated! No warning, no nothing! Two weeks to receive a replacement and the FirstDirect operator claimed they don't supply the larger "Accessibility" keypads (so either he or the "Secure Key" website page is wrong!)

If these Secure Keypads deactivate without warning, I suggest I'll not be alone in shouting in blind frustration at my computer over the coming years.....

adindas

pafpcg wrote: »

That's what it says on the website, but in practice.....

My partner has always had difficulty with the tiny physical keypad so has inevitably used the password route to login to online banking. To check that this month's payment to the regular saver was credited this morning, she tried to login but having supplied the passphrase etc, the system demanded that the smartphone app be downloaded and activated before proceeding - there was no other option such as using her Digipass keypad. She now has to ring up FirstDirect to somehow regain access (inevitably, FirstDirect phone lines are busy).

Investigating further, I found that she has no option at ANY stage to choose the login route using the physical keypad. For my account, at the first step, I was given a choice or either using the keypad or the password route; I was able to login using my keypad. Could it be that someone who used the password route the last time they logged-in (a month ago) is directed to a login screen which doesn't give the keypad option?

PS: We don't use smartphones - we use a simple PAYG mobilephone for Santander's OTP text messages.

It happened recently so it might be something to do with Strong Customer Authentication to online verification ??

It might be similar to my personal experience with HSBC as well.
I used to login using the "physical" secure key. But since about a a year ago I stop using it to log in as I could by pass it with memorable information.

But since recently it keep asking me to login with secure key. I still had the secure key so tried to log in with my secure key but it seemed no field to enter the secure code.

I rang them and they informed that my secure key has been unlinked. They were asking to install the apps to get access to digital secure key, I rejected it. They informed me I could still use the Physical secure key for future online banking login but they will need to send me a new one and need to be activated again. I now have had the new physical secure key for about two weeks and I could do logging again using "physical" secure key.

Your op experience might be the same with mine. At least you could try to ring them to explain it.