Credit Card without text / passcode?

daivid

lr1277 said:

1) I thought I read on here that some banks still send text messages to landline phones. If that is still possible (though it may not be), can you have your landline phone near your computer so that you receive such a call?

Halifax let me choose between a landline call and a sms to authenticate payments from my current account. For online CC purchases they don’t ask me for secondary verification very often, this may be because I'm always using the same device as purchases do cycle through a verification page but without me having to give any input usually.

born_again

Gerry1 said:

SMS verification should never be used for Strong Customer Authentication because it's inherently insecure; it's only as good as the mobile telco's customer service staff (who may be overseas, low paid or poorly trained), so any apparent security is completely outside the bank's control.  Unfortunately Nationwide, NatWest, Santander, The Co-operative Bank and TSB still use SMS in this way.

Better not to give them your mobile number and use a card reader (e.g. the Barclays PINSentry or Nationwide card reader) which requires you to insert your debit card to generate the One Time Passcode.  Even if your phone and card were both stolen, you'd still be protected because the thief would have to know your card PIN as well.

Some companies e.g. Aqua (New Day) will telephone your landline with the OTP.

Not any more. You get a prompt to open the app & approve the payment.

kaMelo

Gerry1 said:

SMS verification should never be used for Strong Customer Authentication because it's inherently insecure; it's only as good as the mobile telco's customer service staff (who may be overseas, low paid or poorly trained), so any apparent security is completely outside the bank's control.  Unfortunately Nationwide, NatWest, Santander, The Co-operative Bank and TSB still use SMS in this way.

Better not to give them your mobile number and use a card reader (e.g. the Barclays PINSentry or Nationwide card reader) which requires you to insert your debit card to generate the One Time Passcode.  Even if your phone and card were both stolen, you'd still be protected because the thief would have to know your card PIN as well.

Some companies e.g. Aqua (New Day) will telephone your landline with the OTP.

As above, with NatWest I received a code in the app rather than SMS. Had to log into the app to view the code.
Having said that, i agree the card reader method is more secure.

Gerry1

@kaMelo I've just logged into NWB Online Banking and it sent me an SMS verification code.

kaMelo

Gerry1 said:

@kaMelo I've just logged into NWB Online Banking and it sent me an SMS verification code.

The code via the app was in relation to setting up a payee and making a payment rather than just logging in.
I've also just realised this is the credit card thread so my experience is not really relevant to OP's question.

Gerry1

@born_again

Seems that Santander don't agree with you.  I've just logged in via their website and it didn't even send an OTP.  'Which?' are absolutely right to roast the banks about lax security.

born_again

Well they ask me to login to mobile app to approve payments. 🤷‍♀️

Online Purchase & setting up new payments may be different.

Why do you want a OTP to login to online banking? 

Gerry1

born_again said:

Why do you want a OTP to login to online banking? 

@born_again

I want a secure login procedure rather than something that's vulnerable to key loggers etc, but an OTP sent via SMS doesn't fit the bill.

AstonSmith

Gerry1 said:

@born_again

Seems that Santander don't agree with you.  I've just logged in via their website and it didn't even send an OTP.  'Which?' are absolutely right to roast the banks about lax security.

Not only that... their example has an error in it!

"When we ask for your number, please remove the first zero and don't use any spaces (so 07712 123 918 becomes 7712123928)."

🤦‍♂️