Which banks do NOT use a card reader for online banking?

RG2015

Daliah said:

RG2015 said:

Daliah said:

eskbanker said:

Daliah said:
ATM, supported biometrics are fingerprint and face recognition. Voice seems to be on its way.

Interesting new ways of getting cash from the hole in the wall?

Nothing terribly new for the Natwest group. They have long allowed ATM withdrawals without card from their own, and I believe from Tesco, ATMs. 

TLAs

ATM or ATM

   

I am sure you are right but I have no idea what you mean.

Eskbanker was picking up on your use of ATM as at the moment and making a humorous comment. 

KxMx

HSBC are introducing changes in that logging onto the app will be possible only through a digital secure key and not the physical secure key.

If you want the latter you won't be able to use the app, only online banking. 

Given how often their app goes down (sometimes for days at a time) I'm not happy about being forced onto a digital secure key in order to keep the app. 

At least currently when the app is down I can still log in to my account via online banking with my physical secure key!

I've no issue with digital only (love Starling as my back up account) IF said digital services are reliable. HSBC app notifications have never worked on my device either despite every single setting being correct and allowing them. 


I never use branch anymore either because HSBC STILL make you use pay in slips at the counter, so archaic, a faff and a waste of paper, I can use the machine with just card but it's only for notes not coins, I always use the Post Office who offer HSBC deposits just with your card.

Reading that back I think I might be in the market for a new main bank after 20 years...

Emmia

KxMx said:

HSBC are introducing changes in that logging onto the app will be possible only through a digital secure key and not the physical secure key.

If you want the latter you won't be able to use the app, only online banking. 

Given how often their app goes down (sometimes for days at a time) I'm not happy about being forced onto a digital secure key in order to keep the app. 

At least currently when the app is down I can still log in to my account via online banking with my physical secure key!

I've no issue with digital only (love Starling as my back up account) IF said digital services are reliable. HSBC app notifications have never worked on my device either despite every single setting being correct and allowing them. 


I never use branch anymore either because HSBC STILL make you use pay in slips at the counter, so archaic, a faff and a waste of paper, I can use the machine with just card but it's only for notes not coins, I always use the Post Office who offer HSBC deposits just with your card.

Reading that back I think I might be in the market for a new main bank after 20 years...

I've personally never found the HSBC (android) app to be down when I want to log into it, and notifications work fine on my 4.5 year old Samsung phone... 

I do miss the balance check feature which allowed you to see the selected balances on your accounts (but nothing else) without logging in, which went a few months ago.

anotheruser

Wouldn't it be easier to list the banks that DO require a card reader?
There's far less of them to have to look through...

KxMx

Having done some digging the lack of notifications on my app may be due to it being on the tablet (I don't need banking on my phone & tablet + secure key never leave home), app will work apparently but not be fully optimised.

Starling works perfectly on same device, notifications so quick I've barely finished sending payment from HSBC before it pops up. 

I'm very unhappy about being forced to choose between online banking only or app + online but only when app working, will give HSBC a chance once I'm forced onto a digital key but if it proves unreliable am going to look for a new bank which offers more than one way to access services online.

Starling is a secondary account so (reliable) digital only is fine, but I'm uneasy about only having one access route to main account which historically IMO isn't as reliable as it needs to be. 

adindas

Daliah said:

ATM, supported biometrics are fingerprint and face recognition. Voice seems to be on its way.

The ultimate argument against the use Biometrics verification:

You could still change the PW,  reset the apps, Secure key/token, change your card detail, etc. There is no way you could change your fingers, your voice, your iris, your face. So once it get cracked you are toast and you will be living in a hole for the rest of your life as you do not know who has got your detail.

Some people have more than a few dozens of bank account, saving accounts so more exposure to fraudsters.

For Some People the Biometrics verification should only be used for a very specific restricted purposes/activities, not for daily activities such as banking. Let alone if it is used in public space, such as ATM.

"watch mission impossible movie" how people could still do that if they mean it.

400ixl

You do realise they don't actually store your fingerprint? They create their own hash of it which is salted to be unique to you and that precise case. It can be deleted at the source and re-creation would not crate the same hash again. Or in the case of the phone app it is typically Google / Apple they trust to do that authentication and you can delete and recreate a new hash whenever you like.

Please don't use movie fiction to create FUD.

Now there are risks where the same company are providing services to multiple companies where you don't necessarily have the level of control or trust. If say the government decided that you needed to use bio-metrics to log into any of their services and they selected the lowest bidder who does not necessarily have the right level of expertise then that would be a concern. So you do have to be selective on who you trust for what and whether you use multi factor.

Many of the banks force multi factor on you anyway where deemed necessary. For example First Direct, you can use biometrics to log in and do select functions. Try to create a new payee and you are forced to get a code which requires the generation via a known password.

There is nothing wrong in using biometrics in daily activities and to suggest otherwise shows a lack of understanding.

zagfles

adindas said:

Daliah said:

ATM, supported biometrics are fingerprint and face recognition. Voice seems to be on its way.

The argument against using Biometrics verification:

You could still change the PW,  reset the apps, Secure key/token, change your card detail, etc. There is no way you could change your fingers, your voice, your iris, your face. So once it get cracked you are toast and you will be living in a hole for the rest of your life as you do not know who has got your detail.

Some people have more than a few dozens of bank account, saving accounts so more exposure to fraudsters.

For Some People the Biometrics verification should only be used for a very specific restricted purposes/activities, not for daily activities such as banking. Let alone if it is used in public space, such as ATM.

"watch mission impossible movie" how people could still do that if they mean it.

Yes I'm sure the technology exists or will exist to easily create a "finger" or a glove which can have someone's fingerprint replicated on it. Or for facial recognition, technology could probably produce a 3-D replica of someone face from a few pictures, it can certainly be done manually, I wonder if you stole a famous person's phone and went to Madame Tussauds you'd be able to unlock it Voice is probably even easier, get a sample of a victim's voice and an application could re-voice a criminal's voice in the victim's voice possibly in real time.

OTOH it's probably unlikely there'll be any technology in the near future that can read the contents of someone's brain, so it's sensible keep the "something you know" element of security alongside the "something you have" for anything that really matters. 

zagfles

400ixl said:

You do realise they don't actually store your fingerprint? They create their own hash of it which is salted to be unique to you and that precise case. It can be deleted at the source and re-creation would not crate the same hash again. Or in the case of the phone app it is typically Google / Apple they trust to do that authentication and you can delete and recreate a new hash whenever you like.

Please don't use movie fiction to create FUD.

Now there are risks where the same company are providing services to multiple companies where you don't necessarily have the level of control or trust. If say the government decided that you needed to use bio-metrics to log into any of their services and they selected the lowest bidder who does not necessarily have the right level of expertise then that would be a concern. So you do have to be selective on who you trust for what and whether you use multi factor.

Many of the banks force multi factor on you anyway where deemed necessary. For example First Direct, you can use biometrics to log in and do select functions. Try to create a new payee and you are forced to get a code which requires the generation via a known password.

There is nothing wrong in using biometrics in daily activities and to suggest otherwise shows a lack of understanding.

You leave a copy of your fingerprint every time you touch anything! You potentially leave a copy of your face every time you go out and are potentially photographed/videoed. Similar for voice every time you speak.  

If an ATM were to rely on fingerprint instead of PIN, criminals could just put card capture devices in an ATM hole, criminal retrieves card and dusts it for fingerprints...

400ixl

As opposed to the camera's they just fit to watch you enter a PIN.

An ATM using bio metrics is something I would be cautious of. If it were using fingerprint and facial recognition together then that would be a pretty strong authentication.