Strong Customer Authentication - **Now delayed** changes to online verification

masonic

Ergates wrote: »

Such methods include?

Card readers and fobs that produce one-time codes and can be used to sign transactions.

Ergates

masonic wrote: »

Card readers and fobs that produce one-time codes and can be used to sign transactions.

Which are *other things* you have to carry around with you any time you want to use your banking app. Not exactly inconvenience free.

masonic

Ergates wrote: »

Which are *other things* you have to carry around with you any time you want to use your banking app. Not exactly inconvenience free.

If you have an app on your smartphone, you don't need the devices. They are for people who don't have smartphones (or prefer to use a device). Banks should offer both options (HSBC and First Direct do - either digital secure key in their app, or physical secure key).

Ergates

masonic wrote: »

If you have an app on your smartphone, you don't need the devices. They are for people who don't have smartphones (or prefer to use a device). Banks should offer both options (HSBC and First Direct do - either digital secure key in their app, or physical secure key).

That was my point. All of the additional methods of authentication involve some degree of inconvenience for the customer.

masonic

Ergates wrote: »

That was my point. All of the additional methods of authentication involve some degree of inconvenience for the customer.

If you don't have a smartphone, app based authentication is the most inconvenient. If you don't have a mobile, SMS based authentication is just as bad. To those people other forms of authentication are more convenient.

But if your point is you can't have security without inconvenience, then I am right with you. Convenience is the enemy of security.

The way that banks can implement these changes without major inconvenience to customers is to offer a range of options - some are doing this and some are not.

db2016

at the end of the day,



its a good thing!



people saying passwords and memorable info is secure - thats the thing, for it to me memorable it needs to be something you know, and this is easily known by others - social engineering its called, if i know enough about you, i can probably know your birth town, your mothers maiden name, first pet etc.



not many people make theses up / change them from their ACTUAL true first pet etc.


also keyloggers could be used, yes but unlikely, this would require access to the PC used. it's more likely to happen at an office though. not someones home (unless regular access by someone with a bad intent).



also keyloggers DO have legit uses of course. just to point this out. its like a knife, they are harmlessly used by most, for non illegal purposes, but of course can be used for bad.

Froggitt

Amex Credit Card

New regulations will change the way you shop and access your online account. To keep your experience simple and secure, ensure we have your current mobile number and the mobile numbers for your Supplementary Cardmembers - in case we need to send either of you a verification code to confirm a purchase or login to your Online Account.

Radnorsaver

The missing info page under First Direct is https://www1.firstdirect.com/help/secure-key/

Radnorsaver

1st Direct: I have been told by the bank that you can have only one of the security keys at a time (either physical or digital).

colsten

Yorkshire Building Society

From 8th September, when you log in, make a payment or manage your account online, you’ll need to undertake an extra step to confirm that it’s really you. This may not happen on every transaction you make though. When it does, we’ll send you a code via text message if you have a mobile phone or an automated call if you have a landline.