Trading 212 Clone / Scam?

ColdIron

Andyb01 said:

Firstly they wanted my bank login username details for an instant transfer - never happening

Sounds like Open Banking. Quite safe and secure, T212 don't see you details, you'll be logging on to your bank

It saves making mistakes with sort code, account no etc and avoids name check/COP issues

Andyb01

They served me a page that asked for my online banking username (not the password) - that's a 'never event' as far as I'm concerned. There was zero option to use a debit card - only instant bank transfer (see above) or payment via bank to their nominated account which failed the name check.

I've worked in cybersec for over thirty years - I know how this stuff works and what bad practice looks like.

Andy

dcs34

Are you aware of Open Banking though?

masonic

It is quite common practice and not a security issue at all.

You may not have heard of Open Banking before, but as a cyber security professional, you'll no doubt be aware of things like OAuth and SAML which work in a similar way and are not considered bad practice.

Clearly if your preference is to deposit via debit card, then the Trading212 Cash ISA is probably not for you and there are others you could consider, but it is not the norm for top paying cash ISA providers to accept debit card deposits.

Johnjdc

masonic said:

It is quite common practice and not a security issue at all.

You may not have heard of Open Banking before, but as a cyber security professional, you'll no doubt be aware of things like OAuth and SAML which work in a similar way and are not considered bad practice.

Clearly if your preference is to deposit via debit card, then the Trading212 Cash ISA is probably not for you and there are others you could consider, but it is not the norm for top paying cash ISA providers to accept debit card deposits.

How does a random punter without technical knowledge differentiate between a clone site popping up "put in your bank details here" and a fraudulent site popping up the same message? I'm with the sceptics here - it's legitimate in this case, but it's a horrible foolish thing to socialise people into treating as normal.

masonic

Johnjdc said:

masonic said:

It is quite common practice and not a security issue at all.

You may not have heard of Open Banking before, but as a cyber security professional, you'll no doubt be aware of things like OAuth and SAML which work in a similar way and are not considered bad practice.

Clearly if your preference is to deposit via debit card, then the Trading212 Cash ISA is probably not for you and there are others you could consider, but it is not the norm for top paying cash ISA providers to accept debit card deposits.

How does a random punter without technical knowledge differentiate between a clone site popping up "put in your bank details here" and a fraudulent site popping up the same message? I'm with the sceptics here - it's legitimate in this case, but it's a horrible foolish thing to socialise people into treating as normal.

The same ways you normally check you have arrived at your bank's app or website. Novice web users might use tools like Trusteer Rapport if they don't feel confident spotting a phishing attack. Use of a password manager is also somewhat helpful where it associates the passwords with a URL. You can also sign in to your bank ahead of time and/or make use of the remember username setting to avoid entering a full set login credentials. Additionally, most banks will not ask for exactly the same information at each login to guard against replay attacks.

In this case, you have the added advantage of being directed to the genuine URL by a FCA authorised firm you have trusted enough to give a lot of personal information already.

There have been tens of millions of payments processed through Open Banking to date. If your scepticism was justified we'd have seen the evidence by now. The Financial Ombudsman would absolutely uphold any complaint where a customer was sent to a malicious website by a firm offering Open Banking services.

nottsphil

Johnjdc said:

masonic said:

It is quite common practice and not a security issue at all.

You may not have heard of Open Banking before, but as a cyber security professional, you'll no doubt be aware of things like OAuth and SAML which work in a similar way and are not considered bad practice.

Clearly if your preference is to deposit via debit card, then the Trading212 Cash ISA is probably not for you and there are others you could consider, but it is not the norm for top paying cash ISA providers to accept debit card deposits.

How does a random punter without technical knowledge differentiate between a clone site popping up "put in your bank details here" and a fraudulent site popping up the same message? 

Why would you need to differentiate between them? Surely you would shun them both!

EDIT I thought John meant 'cloned site'.

Andyb01

I'm familiar with OAuth and SAML, I will confess however that open banking had passed me by - I'll read up on that (I should add I don't work in Financial Services before anyone asks). 😉

I guess my issue is that - as others have said - it superficially presents a similar MO to commonly used scam techniques (asking for bank details) and that's a known red flag.

That makes it easy for the uninitiated to be be put off.

Appreciate all the information from those responding, every day's a learning day...

Andy

qbadger

If you want to deposit by debit card, open and fund their S&S ISA account. You can then move the money from there to the cash ISA.

nottsphil

qbadger said:

If you want to deposit by debit card, open and fund their S&S ISA account. You can then move the money from there to the cash ISA.

Is there no maximum amount that can be paid by debit card? I think  I read one was £2000 but I suppose you could make multiple deposits.