We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Strong Customer Authentication - **Now delayed** changes to online verification
Options
Comments
-
I'm not sure I used activation as an excuse as such. But it was 1,2,3 and I then asked them to just add the number to my account.I'm a bit confused about what actually happened. This is what I originally thought:
1) Installed app
2) Entered information into app to identify yourself
3) Prompted to call Nationwide (as no 2FA options possible)
4) App activation completed over phonecall
5) Mobile number added within app
Or did the app allow you to edit your details after step 2, without NW intervening? Or did NW add the number for you when you used activation of the app as an excuse?
I imagine I could have avoided all this palaver by simply phoning up customer service and getting them to do it. And I would have done just that if it weren't for the fact that it says on their website (in at least two different places) that you can't do it that way.Stompa0 -
So HSBC & First Direct are the only ones to not allow OTP to login. Definitely won't be using them for anything day-to-day then. I like that the Lloyds Group banks (and TSB) allow OTP to a landline too.0
-
So HSBC & First Direct are the only ones to not allow OTP to login. Definitely won't be using them for anything day-to-day then. I like that the Lloyds Group banks (and TSB) allow OTP to a landline too.
The EBA have declared that OTPs do not meet their security requirements for PSD2. Unfortunately, they declared this very late in the day, *after* most banks had already built their 2FA systems using OTPs.
So, expect to see more banks moving away from OTPs.0 -
HSBC and First Direct both use OTP. Specifically they use time-based OTP or TOTP using a device, which is the preferred implementation. You have the choice of activating it through their mobile app or a physical device ("secure key").So HSBC & First Direct are the only ones to not allow OTP to login. Definitely won't be using them for anything day-to-day then. I like that the Lloyds Group banks (and TSB) allow OTP to a landline too.
SMS-based OTP has had its days numbered since 2016, when the NIST pointed out its flaws. Good to see the EBA catching up at last, and eventually the FCA is bound to follow suit. The only reason it has been so widely adopted is it is convenient, but convenience is the enemy of security.0 -
Until security becomes too much, inconvenient & over the top.HSBC and First Direct both use OTP. Specifically they use time-based OTP or TOTP using a device, which is the preferred implementation. You have the choice of activating it through their mobile app or a physical device ("secure key").
SMS-based OTP has had its days numbered since 2016, when the NIST pointed out its flaws. Good to see the EBA catching up at last, and eventually the FCA is bound to follow suit. The only reason it has been so widely adopted is it is convenient, but convenience is the enemy of security.
.0 -
Will Brexit affect rollout ?
.0 -
Not unless this UK government (or a future one) independently chooses to repeal the Payment Services Regulations 2017 and I imagine they'll have somewhat bigger fish to fry....Will Brexit affect rollout ?0
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.6K Banking & Borrowing
- 253K Reduce Debt & Boost Income
- 453.4K Spending & Discounts
- 243.6K Work, Benefits & Business
- 598.3K Mortgages, Homes & Bills
- 176.8K Life & Family
- 256.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards