Forum Home» Budgeting & Bank Accounts

Strong Customer Authentication - **Now delayed** changes to online verification - Page 2

New Post Advanced Search

Strong Customer Authentication - **Now delayed** changes to online verification

edited 21 August 2019 at 4:38PM in Budgeting & Bank Accounts
293 replies 34K views
2456730

Replies

  • Emily_JoyEmily_Joy Forumite
    467 posts
    100 Posts Second Anniversary
    ✭✭
    Does this apply to Credit Cards, too? I am keeping a few credit cards after switching the current accounts away.
  • 18cc18cc Forumite
    2.1K posts
    ✭✭✭✭
    Does this also apply to eg Monzo, Starling or is it desktop banking they are targeting?
  • eskbankereskbanker Forumite
    14.4K posts
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    ✭✭✭✭✭
    Emily_Joy wrote: »
    Does this apply to Credit Cards, too? I am keeping a few credit cards after switching the current accounts away.
    Good point - it does encompass these, so I looked up info for MBNA and added them to the list, happy to add others as and when we find the relevant details! Amex and Barclaycard info seems to be published in the context of their roles as payment networks rather issuers, but hopefully there'll be info applicable to cardholders out there somewhere....
  • 18cc18cc Forumite
    2.1K posts
    ✭✭✭✭
    Hi esk could I suggest it is made a bit clearer if you are referring in tnis thread to changes to signing into internet banking (many banks currently use passwords, memorable info etc - this will change) or the second scenario of internet shopping eg using your debit (or indeed credit) card to buy something.

    For example, the Natwest link above seems to be for shopping, not internet banking sign in.
  • eskbankereskbanker Forumite
    14.4K posts
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    ✭✭✭✭✭
    18cc wrote: »
    Does this also apply to eg Monzo, Starling or is it desktop banking they are targeting?
    Two factor authentication involves:
    two or more elements categorised as knowledge (something only the user knows), possession (something only the user possesses) and inherence (something the user is)
    My understanding is that an app is considered to be the middle of these and therefore, if combined with passwords/PINs, etc, satisfies the requirement, hence the use of apps as a second factor for non-app banks.

    So, app-only banks, assuming they also require the use of something the user knows (or is, such as fingerprint/facial recognition), shouldn't need any additional securing.

    Happy to be corrected though, I'm not claiming to be an expert!
  • eskbankereskbanker Forumite
    14.4K posts
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    ✭✭✭✭✭
    18cc wrote: »
    Hi esk could I suggest it is made a bit clearer if you are referring in tnis thread to changes to signing into internet banking (many banks currently use passwords, memorable info etc - this will change) or the second scenario of internet shopping eg using your debit (or indeed credit) card to buy something.

    For example, the Natwest link above seems to be for shopping, not internet banking sign in.
    A fair point - I think that most are aiming not to reinvent the wheel and to use the same or similar approaches to verification for both purchases and logging in to banking, but that's not universal, as the LBG brands offer trusted devices for online banking but this doesn't apply for purchasing.

    However, not all of the banks seem to be making any distinction in what they're publishing, so it's not always clear.

    I'll try to think of how to represent this in a reasonably clear way (anyone know how to use tables on here without pasting pictures in from external sources?)
  • etiennegetienneg Forumite
    225 posts
    Seventh Anniversary 100 Posts
    ✭✭
    Emily_Joy wrote: »
    Does this apply to Credit Cards, too? I am keeping a few credit cards after switching the current accounts away.

    Credit cards is the area that's concerning me more than debit cards. Joint bank accounts seem to cope properly with 2FA for both of the account holders (that is, OTP is sent to phone of whichever card is being used).

    However, it's a different story for credit cards The two I have as main cardholder where my wife is an additional cardholder (Nationwide and Tesco) only support OTP being sent to main cardholder, which is hopeless for the additional cardholder making purchases online. When I enquired, I got the impression nobody had thought of this problem, or maybe just ignored it!

    I'd be very pleased for additional or updated information from anyone on this.

    One other issue that's arisen for a family member who spends a lot of time abroad is that texts can take a long time (around 1 hour) to arrive, which isn't any use when the OTP expires after 10 minutes!
  • edited 5 July 2019 at 7:25PM
    eskbankereskbanker Forumite
    14.4K posts
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    ✭✭✭✭✭
    edited 5 July 2019 at 7:25PM
    etienneg wrote: »
    Credit cards is the area that's concerning me more than debit cards. Joint bank accounts seem to cope properly with 2FA for both of the account holders (that is, OTP is sent to phone of whichever card is being used).

    However, it's a different story for credit cards The two I have as main cardholder where my wife is an additional cardholder (Nationwide and Tesco) only support OTP being sent to main cardholder, which is hopeless for the additional cardholder making purchases online. When I enquired, I got the impression nobody had thought of this problem, or maybe just ignored it!

    I'd be very pleased for additional or updated information from anyone on this.
    Doesn't sound very clever! Hopefully they'll publicise their policies on this to help people decide - I didn't see anything explicitly mentioned in any of the pages linked above.

    Edit: I take it back, the M&S page states that they support separate mobile numbers per card, not just one per account.
    etienneg wrote: »
    One other issue that's arisen for a family member who spends a lot of time abroad is that texts can take a long time (around 1 hour) to arrive, which isn't any use when the OTP expires after 10 minutes!
    That'll be the time difference from central Europe ;)

    I think this is an inherent weakness in relying on mobile phone networks - the banks already have no control over the networks within the UK and sending messages abroad is another degree of separation. There have been numerous other threads about the obsolescence and poor security of SMS but it's effectively the lowest common denominator at the moment - it'll be interesting to see how much more timely app verification is from overseas, for those in a position to make a direct comparison once these measures are in place.
  • badger09badger09 Forumite
    8.5K posts
    Ninth Anniversary 1,000 Posts Name Dropper
    ✭✭✭✭
    Zanderman wrote: »
    Fairly sure I read somewhere that Coop (and Smile - who probably need to be added to the list, despite being, actually, Coop) were changing to OTP instead of the existing card reader. But they haven't yet. Can't find the info now though - will look for it.

    Latest info I have is email from Co-op 4/6/19:


    "You can now update your telephone number and email address in the mobile banking, using your fingerprint, passnumber or Face ID (only available on iOS devices) – no need to use your card reader.

    We have brought in this feature because in the near future, the way you bank and shop online is changing. To help protect you against fraud, we are strengthening how we use two-factor authentication and changing the way you verify yourself. We will be sending you more info about this soon, but to get prepared, make sure your mobile telephone number and email address are up to date.

    Find out more about how you shop and bank online is changing:
    https://www.co-operativebank.co.uk/security/two-factor-authentication"
  • edited 5 July 2019 at 5:32PM
    [Deleted User][Deleted User]
    0 posts
    MoneySaving Newbie
    edited 5 July 2019 at 5:32PM
    MBNA - trusted device in addition to other options (I guess because they are now part of Lloyds). I can verify this as a result of logging on yesterday and being asked to nominate my current device as 'trusted'. I wonder how many devices you can nominate as trusted, or if indeed there is a limit? Also, I'm unclear whether 'trusted' relates both to online shopping and to accessing the MBNA service online. I suspect just the latter, but it would be good if it covered the former as well.


    Edit: just checked the website. Trusted device only applies to online servicing :(
Sign In or Register to comment.

Quick links

Essential Money | Who & Where are you? | Work & Benefits | Household and travel | Shopping & Freebies | About MSE | The MoneySavers Arms | Covid-19 & Coronavirus Support