📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

VPN and online banking

Options
2»

Comments

  • JSmith321
    JSmith321 Posts: 78 Forumite
    Eighth Anniversary 10 Posts
    cerebus said:
    JSmith321 said:
    Does online banking allow VPN if VPN uses a different IP addresses each time, especially from abroad. Would the banks not regard this as suspicious and block sign on attempts? 
    Have you by any chance asked the bank in question?

    I.e. getting the answer from the horses mouth , rather than asking a bunch of random strangers on a random tech forum especially when all banks are different and you have failed to tell us the bank in question 

    Most banks outsource their IT so don't know what goes on under the covers in my experience 
  • PRAISETHESUN
    PRAISETHESUN Posts: 4,888 Forumite
    Sixth Anniversary 1,000 Posts Photogenic Name Dropper
    Works fine in my experience, just be careful if there's a mismatch between your VPN location and your physical location.

    Had to call my bank once through my app, and forgot my VPN was set to a location the other side of the world. Made for an awkward conversation when they asked where I was calling from and it didn't match what they were seeing on their end.
  • onomatopoeia99
    onomatopoeia99 Posts: 7,160 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    steviebuk said:
    400ixl said:
    Never had an issue with any of my banking apps or online apps with using a VPN to access, at home or abroad.
    Me neither. 
    It’s much safer doing banking from within a VPN
    Why is it safer?  Do you understand transport layer security?
    But if you're on a "free wifi" you have no idea if they are attempting SSL packet inspection. Most people randomly click yes to stuff so if they push their cert to you for their DPI-SSL, they can now sniff all your TLS traffic. Pretty sure they can't when on a VPN. 
    You mean a self-signed certificate for hbsc.com that any browser will warn you about being a security risk in a very prominent way and the default option on the dialog it displays will be  to "Go back to safety", so to get to the site served by the incorrect certificate you have to select "Advanced" and "Proceed Anyway"?

    I'm not sure anyone asking about a VPN will proceed to a site with a certificate problem through multiple security warning dialogs, so I'm still struggling to see the "improved safety".

    Proud member of the wokerati, though I don't eat tofu.Home is where my books are.Solar PV 5.2kWp system, SE facing, >1% shading, installed March 2019.Mortgage free July 2023
  • Vitor
    Vitor Posts: 659 Forumite
    500 Posts First Anniversary Photogenic Name Dropper
    edited 23 April 2024 at 7:52PM
    VPN's are IMHO oversold as protection that's required by Joe User. Using a café Wi-Fi that controlled by a hacker, there's a possible risk of DNS manipulation to your browser's request for the IP address of bank.co.uk.

    The IP address of hacker's facsimile of the bank site is returned and it captures your login password; however 2FA should defeat hackers using that password.

    If you want to defend against DNS manipulation by encrypting the requests, setting up DNS over HTTPS to Google, Cloudflare, Quad9 and other big DNS services is long term less hassle than a VPN and is free.
  • facade
    facade Posts: 7,611 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    edited 24 April 2024 at 12:20AM
    steviebuk said:
    400ixl said:
    Never had an issue with any of my banking apps or online apps with using a VPN to access, at home or abroad.
    Me neither. 
    It’s much safer doing banking from within a VPN
    Why is it safer?  Do you understand transport layer security?
    But if you're on a "free wifi" you have no idea if they are attempting SSL packet inspection. Most people randomly click yes to stuff so if they push their cert to you for their DPI-SSL, they can now sniff all your TLS traffic. Pretty sure they can't when on a VPN. 
    You mean a self-signed certificate for hbsc.com that any browser will warn you about being a security risk in a very prominent way and the default option on the dialog it displays will be  to "Go back to safety", so to get to the site served by the incorrect certificate you have to select "Advanced" and "Proceed Anyway"?

    I'm not sure anyone asking about a VPN will proceed to a site with a certificate problem through multiple security warning dialogs, so I'm still struggling to see the "improved safety".


    That is very recent, it appeared for me at the weekend.
    Crikey I was sweating when I clicked on "go on then, I'll risk it, what have I got to lose- except my digital identity and all my money?" but I desperately wanted to get into banking to check if I had sent a BACS to the right account- and even after that stress you can't check a BACS anyway, it only says the name you made up yourself for the payee not the account number, the same as the app on the phone.


    I thought it can't be too bad as I have to type a OTP each time to get in.


    Bad show HSBC.

    You can't do anything on the app without multiple pop-ups warning about phishing, crypto scams etc, and above all TRUST NO-ONE, and then they pull a trick like that >:)


    I want to go back to The Olden Days, when every single thing that I can think of was better.....

    (except air quality and Medical Science ;))
  • bob2302
    bob2302 Posts: 558 Forumite
    500 Posts Second Anniversary Name Dropper
    Vitor said:
    VPN's are IMHO oversold as protection that's required by Joe User. Using a café Wi-Fi that controlled by a hacker, there's a possible risk of DNS manipulation to your browser's request for the IP address of bank.co.uk.

    The IP address of hacker's facsimile of the bank site is returned and it captures your login password; however 2FA should defeat hackers using that password.

    If you want to defend against DNS manipulation by encrypting the requests, setting up DNS over HTTPS to Google, Cloudflare, Quad9 and other big DNS services is long term less hassle than a VPN and is free.
    Even if you don't do that, your browser will warn you about the bogus site's certificate.  
  • bob2302
    bob2302 Posts: 558 Forumite
    500 Posts Second Anniversary Name Dropper
    steviebuk said:

    But if you're on a "free wifi" you have no idea if they are attempting SSL packet inspection. Most people randomly click yes to stuff so if they push their cert to you for their DPI-SSL, they can now sniff all your TLS traffic. Pretty sure they can't when on a VPN. 
    You mean a self-signed certificate for hbsc.com that any browser will warn you about being a security risk in a very prominent way and ...

    No, it's a reference to a technique used in corporate networks to inspect encrypted traffic by installing extra certificates on managed hardware. The scam would involve the victim downloading a file and installing it in their browser, while ignoring warnings. Anyone gullible enough for this could equally easily be persuaded to install malware anyway. 

    There is a more serious point about this, that you shouldn't do anything important on an employer's hardware, because a rogue admin might be eavesdropping.   
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 351.1K Banking & Borrowing
  • 253.2K Reduce Debt & Boost Income
  • 453.6K Spending & Discounts
  • 244.1K Work, Benefits & Business
  • 599.1K Mortgages, Homes & Bills
  • 177K Life & Family
  • 257.5K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.