Mobile app banking Vs Desktop online banking

RumRat

CoastingHatbox said:

From a security and a privacy perspective, I can't imagine anything worse than relying on my phone to make payments.

And yet it makes the world go round with millions of people having moved away from any other form of payment without any problems.
Years of mobile banking without any problems would indicate that it's far more secure than your paranoia suggests.
I take it that you don't pay for anything with your bank card either? That would make no sense with the phone being more secure than that method with nothing personal given to the merchant.
You are entitled to your own opinion and payment methods, but, with cash being so yesterday and more and more merchants insisting on tap and go, at some stage you will succumb, eventually.....  

John_Gray

RumRat said:

Personally, I can't see any need for printed statements in this day and age. They used to just build up in a draw and get dumped every few months...

From what you say you've never been the executor for anybody's will recently!  For this it is ever-so-useful to have printed statements available.  Yes, you can get them from the financial institution - eventually - but a printed statement gives you balances, payments, financial company's address, account number and so on, immediately accessible.

Neil49

John_Gray said:

RumRat said:

Personally, I can't see any need for printed statements in this day and age. They used to just build up in a draw and get dumped every few months...

From what you say you've never been the executor for anybody's will recently!  For this it is ever-so-useful to have printed statements available.  Yes, you can get them from the financial institution - eventually - but a printed statement gives you balances, payments, financial company's address, account number and so on, immediately accessible.

Just download and save them every month but just print off what you need when you need it. 

JustAnotherSaver

Depending on what i want to do i will opt for one over the other.

If i just need to quickly check my balance or see if a payment went through or whatever then fine enough i'll check it on the phone.

If i'm doing anything that requires transferring around various banks then i'll use the desktop. It's infinitely easier and quicker.

As for setting up standing orders and cancelling them then i'm not sure i can even do this through my app. I'm sure i had a look at it one time and couldn't see how to do it so for this i also use the PC.

As for paying for things then obviously i don't use a PC. It depends on the situation. If i'm in the supermarket then again it's much easier to get my wallet, take out my Nectar card, scan than, take out the Amex card, beep that than open up my phone, scroll to the Nectar app, wait on it loading up, hang on its taking its time, i'll just be a minute, then navigate to the car, beep it, press contactless on the display, press power on my phone, press power again, wait for the contactless thing to tell me it's ready to take payment, i go to beep it but it took that long that now it's saying payment not taken so i have to press power again on my phone, beep it again, ok it's worked this time.

Wallet...2 cards, done.

RumRat

John_Gray said:

RumRat said:

Personally, I can't see any need for printed statements in this day and age. They used to just build up in a draw and get dumped every few months...

From what you say you've never been the executor for anybody's will recently!  For this it is ever-so-useful to have printed statements available.  Yes, you can get them from the financial institution - eventually - but a printed statement gives you balances, payments, financial company's address, account number and so on, immediately accessible.

As you say, useful to the executor, but not, at all, necessary.

CoastingHatbox

RumRat said:

CoastingHatbox said:

From a security and a privacy perspective, I can't imagine anything worse than relying on my phone to make payments.

And yet it makes the world go round with millions of people having moved away from any other form of payment without any problems.
Years of mobile banking without any problems would indicate that it's far more secure than your paranoia suggests.
I take it that you don't pay for anything with your bank card either? That would make no sense with the phone being more secure than that method with nothing personal given to the merchant.
You are entitled to your own opinion and payment methods, but, with cash being so yesterday and more and more merchants insisting on tap and go, at some stage you will succumb, eventually.....  

On what basis do you assert that a phone is more secure than a bank card? There is so much more surface area to exploit with a phone. A bank card doesn't connect itself to open WiFi networks. Doesn't require firmware updates. Does not run software produced by very many third parties.

To tell the truth, my main bank card stays in a safe, at home. I carry a debit card for a second current account which has a fixed amount of cash in it and no overdraft facility. I routinely make payments on a credit card because of the protection afforded by the Consumer Credit Act. Those protections do not necessarily apply to a mobile banking app.

It is possible to connect a phone to a computer and clone its contents, including the apps running in memory. This is exactly what hackers do in order to reverse engineer them and find security holes and exploits. Yes the phones are encrypted, so that raises the bar. But there is evidence that the FBI have round a way to decrypt phones (details are sketchy) and that probably means others are not far behind. It wasn't that long ago that the Shadow Brokers liberated a suite of NSA hacking tools for Windows, so who knows if/when the tools used by the FBI to defeat mobile phone encryption will find their way into the public domain in the future?

Also, there's this: https://www.wired.com/story/146-bugs-preinstalled-android-phones/. No doubt there is a degree of journalistic sensationalism behind the headline, but in any given week or month new exploits emerge. In the last couple of weeks news has broken about a vulnerability called "zero click" used to hack Al Jazeera journalists. Unfortunately this kind of news doesn't often hit mainstream media.

Additionally, I do my online banking at home, on my home network. On that network I run software that many hackers would use, to find vulnerabilities. It generates a report and gives an impression as to how secure/insecure the network is. I run a proper firewall with an Intrusion Prevention Service. It identifies and blocks suspicious traffic. I have a 'canary' on the network which is a bit like a honeypot. It looks like a very insecure file server and it generates a notification when someone tries to access it. I can't say that it is totally in secure, but I trust it more than I do other networks. I have found my Android phone will use the cellular network in some circumstances when mobile data is switched off, so I couldn't even trust that the banking app is using my network and not the mobile providers network.

I am not saying that phones are bad or insecure either. Online security is not a binary true or false thing. Some things are more secure than others. And when you have multiple applications or services on a device, sometimes it comes down to how secure the least secure application or service is.

What I am saying is there is a certain risk factor using mobile phones and the convenience of mobile banking does not, for me, make that extra risk worth while. If my bank account is compromised (and it is a big if), I will want to know how it has happened. My phone is one place I don't have to look.

RumRat

Oh dear. You do have it bad, but, if what you do makes you feel safer, then I'm not trying to persuade you to do anything else.
However, rather than me typing out the explanation, give this article a read (one of many that can be found), it's for others and not to change your mind... Why Apple and Google Pay are the safest ways to spend – Which? News
The only tip I would give anyone is to never, ever, glean any tech knowledge from the mainstream newspapers....They have you reading one side on Monday and the other on Tuesday...None of it containing any real facts, as you say, full of 'journalistic sensationalism'.
The main security risk of any system is the human using it. Lack of common sense and a general state of gullibility account for the vast majority of banking fraud. 
There's no going back now, the Genie is well and truly out of the bottle. The mobile banking revolution will not be stopped, just look at the success of the online only banks, it's what people want.

CoastingHatbox

RumRat said:

Oh dear. You do have it bad, but, if what you do makes you feel safer, then I'm not trying to persuade you to do anything else.
However, rather than me typing out the explanation, give this article a read (one of many that can be found), it's for others and not to change your mind... Why Apple and Google Pay are the safest ways to spend – Which? News
The only tip I would give anyone is to never, ever, glean any tech knowledge from the mainstream newspapers....They have you reading one side on Monday and the other on Tuesday...None of it containing any real facts, as you say, full of 'journalistic sensationalism'.
The main security risk of any system is the human using it. Lack of common sense and a general state of gullibility account for the vast majority of banking fraud. 
There's no going back now, the Genie is well and truly out of the bottle. The mobile banking revolution will not be stopped, just look at the success of the online only banks, it's what people want.

Apple's 'secure element' has an exploit that cannot be patched (because requires a hardware change to resolve). Nearly every attempt at creating a 'secure enclave' in a processor or some other piece of hardware for handling secrets or signatures has been found to be exploitable.

The one good thing about contactless payment is that you would have to compromise a cloud service as well as a phone to well and truly exploit it. That does raise the bar and bad actors typically go after low hanging fruit, which is where your comment, "Lack of common sense and a general state of gullibility account for the vast majority of banking fraud" comes in.is

Of course, I'm involved with the development of software and the support of web applications and services and the infrastructure that they run on. So what do I know?

Edit:
List of Google Android Common Vulnerabilities and Exposures: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=google+android

List of Apple iOS Common Vulnerabilities and Exposure: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Apple+iOS

[Deleted User]

never understood why people so passionate about open source, linux (and now this unheard of lineageOS) and against anything closed that Microsoft, google or apple do never seem to get any traction in the mainstream to create something that is "so called better" than what any of those companies have ever done.

It feels more like a hobby/niche area that does not have any scale. 

RumRat

CoastingHatbox said:

RumRat said:

Oh dear. You do have it bad, but, if what you do makes you feel safer, then I'm not trying to persuade you to do anything else.
However, rather than me typing out the explanation, give this article a read (one of many that can be found), it's for others and not to change your mind... Why Apple and Google Pay are the safest ways to spend – Which? News
The only tip I would give anyone is to never, ever, glean any tech knowledge from the mainstream newspapers....They have you reading one side on Monday and the other on Tuesday...None of it containing any real facts, as you say, full of 'journalistic sensationalism'.
The main security risk of any system is the human using it. Lack of common sense and a general state of gullibility account for the vast majority of banking fraud. 
There's no going back now, the Genie is well and truly out of the bottle. The mobile banking revolution will not be stopped, just look at the success of the online only banks, it's what people want.

Err this thread is about the security mobile banking versus online banking; the article you have linked to is exclusively about contactless payments with mobile devices. As an aside, Apple's 'secure element' has an exploit that cannot be patched (because requires a hardware change to resolve). Nearly every attempt at creating a 'secure enclave' in a processor or some other piece of hardware for handling secrets or signatures has been found to be exploitable.

The one good thing about contactless payment is that you would have to compromise a cloud service as well as a phone to well and truly exploit it. That does is raise the bar and bad actors typically go after low hanging fruit, which is where your comment, "Lack of common sense and a general state of gullibility account for the vast majority of banking fraud" comes in.

Of course, I'm involved with the development of software and the support of web applications and services and the infrastructure that they run on. So what do I know?

Edit:
List of Google Android Common Vulnerabilities and Exposures: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=google+android

List of Apple iOS Common Vulnerabilities and Exposure: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Apple+iOS

Err, because you asked "On what basis do you assert that a phone is more secure than a bank card?"... 
Yes, it's going to be an ongoing battle within tech and the individual needs to be savvy and aware, but, mobile banking is working for the majority and your concerns don't put me off in anyway.
I'm in the process of changing banks as my current one is lagging behind a bit. The majority of my tap and go payments are done with chip enabled ring connected to a credit card. Only occasionally do I use the phone for payments. However, all of my interactions with the bank, direct debits, payments in/out and reading statements are done via the phone app.
Historically, there has always been something, cheque fraud, card swipe fraud, counterfeit monies etc. etc. So, glass half full for me when it comes to mobile banking, a definite bonus compared with the alternatives. 
I don't really care if someone doesn't want to use mobile or PC based banking. It works for me and it's kept my money safe for years, so, onward and upward..