Bank account hack without breaking into (stolen) mobile phone

p00hsticks

Ectophile said:

I don't think it's got anything to do with breaking into banking apps.

If you use your card online these days, it's very common to get a text message with a one-time code that you have to enter into the web site.  So someone can go on a spending spree with your card (or even a photograph of both sides of your card) and phone without ever hacking into any apps.

Yes, I think this is it. I've noticed that many banks include the OTP in the first part of the text message such that, if you allow notifications to pop up without unlocking the phone, the OTP is visible without having to unlock the phone.

Chris_Jay

A woman at my bank got really cross with me because I don't have banking on my phone, or keep my bank card in the phone case. She said it was necessary to have my information handy, to which I replied that, in a town with a high level of pickpockets and bag-snatchers, I had no desire to make life easier for the thieves. I suspect she meant that I had made her life harder as she had to find me on the system. Maybe it's an age thing, going back to the early days of checkbook and card, and the strong advice to keep them separate, or perhaps younger people are less cynical than me. Banks normally refund victims of crimes, but I think they're getting a bit tougher now, and if the bank feels that the victim hadn't taken sensible precautions, they may refuse to repay the stolen money.
Take care with your belongings, there's no compassion in street crime. 

Bradden

Chris_Jay said:

A woman at my bank got really cross with me because I don't have banking on my phone, or keep my bank card in the phone case. She said it was necessary to have my information handy, to which I replied that, in a town with a high level of pickpockets and bag-snatchers, I had no desire to make life easier for the thieves. I suspect she meant that I had made her life harder as she had to find me on the system. Maybe it's an age thing, going back to the early days of checkbook and card, and the strong advice to keep them separate, or perhaps younger people are less cynical than me. Banks normally refund victims of crimes, but I think they're getting a bit tougher now, and if the bank feels that the victim hadn't taken sensible precautions, they may refuse to repay the stolen money.
Take care with your belongings, there's no compassion in street crime. 

Did you have your card with you? Just seems odd for someone to tell you where to keep a card.. surely they wouldn't care as long as you have it to hand when needed.

Chris_Jay

Bradden - My card is in one place, and my phone is in another. I suspect that the bank woman was fed up at having to look for me on the computer.

Granadalad

I don't use a banking app on my phone so I'm only reporting what I heard. They cited an example with a Santander customer. I was alarmed enough to amend my lock screen settings.

Browntoa

Me :-

Fingerprint biometric to access the phone 

Fingerprint biometric to access the banking app

Fingerprint biometric data to authorise new Google wallet large payments

2FA activated on all apps , particularly payment apps and Amazon etc.

Not sure that having my phone would allow anyone apart from me to actually do anything as they couldn't access it in the first place.

Half hearted , poorly researched scare story by moneybox in the first place 

km1500

https://www.bbc.co.uk/news/uk-england-london-62809151

Mnoee

km1500 said:

https://www.bbc.co.uk/news/uk-england-london-62809151

I don't think the people going on about security on their personal phone will bother to read it, unfortunately. 

ThumbRemote

Browntoa said:

Me :-

Fingerprint biometric to access the phone 

Fingerprint biometric to access the banking app

Fingerprint biometric data to authorise new Google wallet large payments

2FA activated on all apps , particularly payment apps and Amazon etc.

Not sure that having my phone would allow anyone apart from me to actually do anything as they couldn't access it in the first place.

Half hearted , poorly researched scare story by moneybox in the first place 

Please read the article that km1500 linked to. 

The fraudsters simply install the banking app on a new phone. The 2FA appears on the old phone while still locked. No need to access the phone at all. 

TripleH

The age and version of software on your phone are key.

Before we got banking apps on our phones, we asked a friend who works in cybersecurity what the minimum requirements were for a phone for mobile banking including settings.