Strong Customer Authentication
Options
![[Deleted User]](https://us-noi.v-cdn.net/6031891/uploads/defaultavatar/nFA7H6UNOO0N5.jpg)
[Deleted User]
Posts: 0 Newbie
Currently, to log into my bank account, i have to provide 3 completely different bits of information.
1) User ID
2) 3 Digits from my password.
3) 3 Digits from my security code.
Seems pretty secure to me (Certainly compared to some other banks i've been with!)
Apparently, that's not good enough.
Soon, i will HAVE to tie my account to a phone number.
Apparently, i can install an app to verify my account (but i dont have a smartphone).
Alternatively, i can instead opt to receive an OTP, on my brick.
But,
What if i lose my phone? (or someone steals it!).
What if my phone isn't working? (Dead battery, Operating system crash, washing machine..doh, or just plain broken!).
What if i have no signal?
What if i change my phone number?
What if i forget to pay my phone bill, or don't have funds in my current account to pay the phone bill, get cut off, and i can't then access my account to pay the bill ? (Vicious circle).
What if i decide i no longer want the hassle of a mobile phone?
Seems like a lot of things can go wrong.
Anyone know any banks which will not be requiring a phone to authenticate their account come September 14?
1) User ID
2) 3 Digits from my password.
3) 3 Digits from my security code.
Seems pretty secure to me (Certainly compared to some other banks i've been with!)
Apparently, that's not good enough.
Soon, i will HAVE to tie my account to a phone number.
Apparently, i can install an app to verify my account (but i dont have a smartphone).
Alternatively, i can instead opt to receive an OTP, on my brick.
But,
What if i lose my phone? (or someone steals it!).
What if my phone isn't working? (Dead battery, Operating system crash, washing machine..doh, or just plain broken!).
What if i have no signal?
What if i change my phone number?
What if i forget to pay my phone bill, or don't have funds in my current account to pay the phone bill, get cut off, and i can't then access my account to pay the bill ? (Vicious circle).
What if i decide i no longer want the hassle of a mobile phone?
Seems like a lot of things can go wrong.
Anyone know any banks which will not be requiring a phone to authenticate their account come September 14?
0
Comments
-
-
That's all just one thing (secret information). It does not meet the new regulatory requirement being imposed on banks.DeletedUser wrote: »Currently, to log into my bank account, i have to provide 3 completely different bits of information.
1) User ID
2) 3 Digits from my password.
3) 3 Digits from my security code.
You'd no doubt go through the same sort of process as you would if you'd otherwise been rendered unable to access your account online (e.g. forgotten password, online access locked due to suspicious activity etc). It would be a question for your bank. Since you don't name your bank, nobody here can assist you with the answers to these questions.Soon, i will HAVE to tie my account to a phone number.
Apparently, i can install an app to verify my account (but i dont have a smartphone).
Alternatively, i can instead opt to receive an OTP, on my brick.
But,
What if i lose my phone? (or someone steals it!).
What if my phone isn't working? (Dead battery, Operating system crash, washing machine..doh, or just plain broken!).
What if i have no signal?
What if i change my phone number?
What if i forget to pay my phone bill, or don't have funds in my current account to pay the phone bill, get cut off, and i can't then access my account to pay the bill ? (Vicious circle).
What if i decide i no longer want the hassle of a mobile phone?
Yes, first direct, HSBC, M&S Bank, Barclays, Nationwide, probably others.Anyone know any banks which will not be requiring a phone to authenticate their account come September 14?
Helpful link: https://forums.moneysavingexpert.com/showthread.php?t=60217740 -
Ah! Thankyou kind sir's!
I think i will be looking for an account which allows for authentication via Email, as i can access that on ANY device, not one subject to the potential problems i detailed above.
Once again, thanks!0 -
The regulation is getting delayed by about 18 months apparently.0
-
Really? Source please? I'm ringing my bank today to attempt to clarify excatly what and when they are changing things.0
-
I was thinking the same thing!DeletedUser wrote: »Really? Source please?
I've found this from a European payments trade association, recommending an 18 month delay, but no indication that this has been agreed by anyone: https://www.epsm.eu/wp-content/uploads/2019/07/2019-07-10-EPSM-Press-Release-EPSM-supports-harmonised-migration-plans...-15.pdf
I'll add this to that SCA thread on the banking board, which already includes links to the EBA and FCA statements last month that implied some delay may be sought, but as I understand it negotiations are ongoing....0 -
Makes me laugh, 10 years ago I was paying about £7.99/month on an online game subscription. They were having a lot of problems with hackers gaining access to accounts and then selling account items or even full accounts online.
They implemented a 2 factor authentication system on accounts using a fob to generate a one-time code each time you logged in for a one off payment of £10 for the fob (i think).
The fact that even today firms responsible for peoples life savings don't have this in place - or only apply it if the person owns a smartphone, presumably to save a few quid, don't have this in place is laughable (bordering on negligence). They aren't even THAT expensive in the grand scheme of IT budgets, I've project managed a couple of installations.
Some banks use a card reader style of 2 factor authentication for no extra charge , Barclays and Nationwide, that I know of. However, you'd still need access to the card reader although their mobile apps don't require it.0 -
And First Direct provide a tiny calculater-type thing, but I suspect this may be changing, since it relys (as per masonic's post) on a piece of secret information (PIN) and because there have been requests recently for a mobile phone numberSome banks use a card reader style of 2 factor authentication for no extra charge , Barclays and Nationwide, that I know of. However, you'd still need access to the card reader although their mobile apps don't require it.0 -
That "calculator-type thing" will be fine for online banking. The PIN is just to unlock the device (in the same way as the card reader unlocks the chip on a debit card using a PIN). The device is hard coded with a digital key (used to generate one time codes and "sign" transactions) that is never known to the owner and therefore qualifies as "something you have" rather than "something you know".And First Direct provide a tiny calculater-type thing, but I suspect this may be changing, since it relys (as per masonic's post) on a piece of secret information (PIN) and because there have been requests recently for a mobile phone number
In fact, this and card readers offer better security than one time codes sent to mobile numbers, because mobile numbers are not locked to a single device.
The danger is the mobile phone system is cheaper and easier to implement, and several banks have opted for this low hanging fruit.
The reason for the requests for a mobile phone number is because all banks are now required to verify debit card transactions using 2FA and they cannot use their own internal systems for this so are reverting to one time codes by SMS.0 -
Ok, so the bank said that Phone Authentication is NOT required for logging into the account.
It is ONLY required for transactions, and alterations of important info, ie Home Address, Phone Number etc.
I can live with that.0
This discussion has been closed.
Categories
- All Categories
- 343.3K Banking & Borrowing
- 250.1K Reduce Debt & Boost Income
- 449.7K Spending & Discounts
- 235.4K Work, Benefits & Business
- 608.2K Mortgages, Homes & Bills
- 173.1K Life & Family
- 248K Travel & Transport
- 1.5M Hobbies & Leisure
- 15.9K Discuss & Feedback
- 15.1K Coronavirus Support Boards