NatWest and RBS to scrap bills cashback - what you need to know

DCFC79

Correct me if I'm wrong but whats the "new" benefit of the 2 accounts, the rewards cancel out the cost of the account so the customer doesn't gain anything.

tg99

Anyone know how straightforward the process is to upgrade from a Select to a Reward Account? (I have the Select account from a previous switch offer but don’t use it.......but if easy to upgrade then may as well do so to get the monthly £5 minus the fee.)

leviathan

eskbanker wrote: »

o either object in principle to using mobile phones or who can't get signals perhaps?

Often cannot get signal. Often indoors when I'm likely to be using the PC website rather than the phone app.
It just seems silly. If I wanted to use my phone I'd be using my phone. When I want to use the website why do I need my phone to make it work? :rotfl:

DragonQ

How annoying! Santander's 123 account would yield under the £5/mo fee in cashback for us. Might just keep the NatWest account for convenience (it's our only joint account and we use it just for bills) - it's still going to offer £24-36/yr for free after all.


The real problem is what to do with the ~£300 sitting in our rewards right now. Their voucher exchange offers are mostly meh.

eskbanker

leviathan wrote: »

Often cannot get signal. Often indoors when I'm likely to be using the PC website rather than the phone app.
It just seems silly. If I wanted to use my phone I'd be using my phone. When I want to use the website why do I need my phone to make it work? :rotfl:

You're presumably aware that it's a regulatory requirement to introduce strong customer authentication, so it'll no longer be possible to continue to simply log in to online banking (for any bank) without an independent means of verification?

Most banks have chosen to use mobile phones with SMS or apps, but some support landlines, more details at https://forums.moneysavingexpert.com/discussion/6021774/strong-customer-authentication-now-delayed-changes-to-online-verification

DragonQ

eskbanker wrote: »

You're presumably aware that it's a regulatory requirement to introduce strong customer authentication, so it'll no longer be possible to continue to simply log in to online banking (for any bank) without an independent means of verification?

Most banks have chosen to use mobile phones with SMS or apps, but some support landlines, more details at https://forums.moneysavingexpert.com/discussion/6021774/strong-customer-authentication-now-delayed-changes-to-online-verification

Yes, and it's really stupid. It'd be a lot easier to steal my phone than it would be to steal my desktop PC. It should be a default option but not compulsory. Will it even be possible to set "trusted devices" after this has been done once?

zagfles

eskbanker wrote: »

You're presumably aware that it's a regulatory requirement to introduce strong customer authentication, so it'll no longer be possible to continue to simply log in to online banking (for any bank) without an independent means of verification?

They have a strange definition of "independant", it seems a mobile phone running a browser or app is "independant" of the same phone handling email/texts!

If I can use the browser or app on my phone, there is no additional authentication I need to go through to read a text or email.

eskbanker

DragonQ wrote: »

Yes, and it's really stupid. It'd be a lot easier to steal my phone than it would be to steal my desktop PC. It should be a default option but not compulsory. Will it even be possible to set "trusted devices" after this has been done once?

zagfles wrote: »

They have a strange definition of "independant", it seems a mobile phone running a browser or app is "independant" of the same phone handling email/texts!

If I can use the browser or app on my phone, there is no additional authentication I need to go through to read a text or email.

I think the point is being missed here!

The legislation concerned has a clear definition:

“strong customer authentication” means authentication based on the use of two or more elements that are independent, in that the breach of one element does not compromise the reliability of any other element, and designed in such a way as to protect the confidentiality of the authentication data, with the elements falling into two or more of the following categories—
(a) something known only by the payment service user (“knowledge”);
(b) something held only by the payment service user (“possession”);
(c) something inherent to the payment service user (“inherence”);

Phone apps are typically viewed as sufficient without needing additional email/SMS verification, as the existence of a registered app is regarded as the possession and its inherent security means that it's inaccessible without knowledge (passwords) or inherence (fingerprints), so stealing a phone is no good unless the thief also has the login details.

For browsers, the sites will only be accessible via knowledge and in this case the SMS or email acts as the possession.

DragonQ

eskbanker wrote: »

I think the point is being missed here!

The legislation concerned has a clear definition:

Phone apps are typically viewed as sufficient without needing additional email/SMS verification, as the existence of a registered app is regarded as the possession and its inherent security means that it's inaccessible without knowledge (passwords) or inherence (fingerprints), so stealing a phone is no good unless the thief also has the login details.

For browsers, the sites will only be accessible via knowledge and in this case the SMS or email acts as the possession.

Fine in theory but so far none of the banks I use will accept email codes (like Steam uses, for example). They all require a phone and some require a mobile, and I cannot always have those with me.


But that isn't what this thread is about so...NatWest huh? What a downer.

zagfles

eskbanker wrote: »

I think the point is being missed here!

The legislation concerned has a clear definition:

Phone apps are typically viewed as sufficient without needing additional email/SMS verification, as the existence of a registered app is regarded as the possession and its inherent security means that it's inaccessible without knowledge (passwords) or inherence (fingerprints), so stealing a phone is no good unless the thief also has the login details.

For browsers, the sites will only be accessible via knowledge and in this case the SMS or email acts as the possession.

But why can't that registered app be on a PC rather than a phone? My PC is more secure than my phone, both physically and logically.