Platform safety and smartphones

Albermarle

masonic said:

It is worth remembering that all device security fails when an assailant is willing to use force to get what they want from you. In that scenario it is advisable to be compliant. So it is worth giving some consideration to what your device will present to them if they force you to let them into it. Analogous to not walking around with a wallet stuffed with banknotes.

I can not disagree that this scenario could happen, but I can not recall any media reports of that happening ( may have missed them)  Most phones are just flogged for their black market value, or maybe hacked in some basic way if the user had been very careless in how they were set up. Or in the scenario above a forced transfer from ones current account.
Seems unlikely a thief would be interested ( or understand/recognise) a pension app, and as said in a previous post, at worst money would be transferred to your current account in 3 working days. So not much use unless you were kidnapped, which for Mr&Mrs  average seems unlikely.

Probably a lot easier and safer just to defraud people with a scam call from 'Microsoft'

Then where does it end ? No banking apps on your phone?

It is a balance of risks vs rewards. It is certainly worth thinking about and taking basic precautions, but not getting too paranoid about the whole thing ( not saying you are paranoid  )

DiamondLil

When I upgraded my cell phone, I kept the previous model, took out a £4.90 per month sim only with Lebara and now take this with me when going out.

Of course, being old helps in that I have only ever used, and continue to use, my cell phone for emergency calls when outside.

And now, I rather like not having to log on to the pc every time I need to check the budget.

22225

Thanks everyone. Yes basically I downloaded the dodl app saves ago. It was just recently I started thinking, well what happens when I have 30k plus in my isa? Because I'm always forgetting my passwords, but its never a problem because they just send you a text message or an email. My email opens automatically. Plus its normally on a tab I have left open. So all that isnt v sensible is it?? But as you say, phones are more secure than laptops. So what should i do? It's ok when you have £500 in an isa but not so good when it becomes more.

I will ask my husband to help me with those other measures eg sim PINS etc.

There was a case in the news a month or so ago about a woman losing all her savings (6k) after someone stole her phone. And then she couldnt resolve it quickly through her bank because she did all her banking through her phone online so they wouldn't communicate with her.

The other aspect of fund longevity I'm less worried about.

Thanks a lot.

400ixl

zagfles said:

Biometrics aren't that secure. What if you get drunk, or have your drink spiked etc, and someone holds your finger to the phone. Unlocks the phone, and probably gives access to banking apps, most banking apps on phones don't seem to use 2FA, just the fingerprint will do. 

Also you leave a copy of your fingerprints everywhere you go, after all crimes are solved that way. Your phone will have your fingerprints all over it. I'm sure it'd be possible to dust for fingerprints and 3-D print a partial finger with your fingerprint. 

No way I'd trust an app on a portable device which you can access with just one factor eg a fingerprint for anything serious. Or which uses a second factor which is really the same factor eg a text to the phone or an authenticator app which relies on just a fingerprint to access it. 

Far far less likely that those scenario's will occur than someone observing your PIN and stealing your phone. Like in the 100,000:1+ likelihood.

Whilst mobile banking apps allow single authentication login, they usually require a second factor to do anyhting substantial like set up a new payee.

masonic

Albermarle said:

masonic said:

It is worth remembering that all device security fails when an assailant is willing to use force to get what they want from you. In that scenario it is advisable to be compliant. So it is worth giving some consideration to what your device will present to them if they force you to let them into it. Analogous to not walking around with a wallet stuffed with banknotes.

I can not disagree that this scenario could happen, but I can not recall any media reports of that happening ( may have missed them)  Most phones are just flogged for their black market value, or maybe hacked in some basic way if the user had been very careless in how they were set up. Or in the scenario above a forced transfer from ones current account.
Seems unlikely a thief would be interested ( or understand/recognise) a pension app, and as said in a previous post, at worst money would be transferred to your current account in 3 working days. So not much use unless you were kidnapped, which for Mr&Mrs  average seems unlikely.

Probably a lot easier and safer just to defraud people with a scam call from 'Microsoft'

Then where does it end ? No banking apps on your phone?

It is a balance of risks vs rewards. It is certainly worth thinking about and taking basic precautions, but not getting too paranoid about the whole thing ( not saying you are paranoid  )

An example in the media would be https://www.bbc.co.uk/news/uk-england-manchester-45612105

There was a thread a while back in the bank accounts forum where someone had been kidnapped and forced to unlock their phone, give their assailants all of the security details needed to get into banking apps and then was held hostage for a period of time while they drained the accounts. (Edit: This is the forum thread in question: https://forums.moneysavingexpert.com/discussion/6507572/money-not-refunded-by-bank-after-i-was-mugged )

If enough money is at stake, things could end up going further.

Not a likely scenario, but one that is avoidable and one I have taken the decision to avoid by having no trace of financial accounts with serious amounts of money in them on my phone.

zagfles

400ixl said:

zagfles said:

Biometrics aren't that secure. What if you get drunk, or have your drink spiked etc, and someone holds your finger to the phone. Unlocks the phone, and probably gives access to banking apps, most banking apps on phones don't seem to use 2FA, just the fingerprint will do. 

Also you leave a copy of your fingerprints everywhere you go, after all crimes are solved that way. Your phone will have your fingerprints all over it. I'm sure it'd be possible to dust for fingerprints and 3-D print a partial finger with your fingerprint. 

No way I'd trust an app on a portable device which you can access with just one factor eg a fingerprint for anything serious. Or which uses a second factor which is really the same factor eg a text to the phone or an authenticator app which relies on just a fingerprint to access it. 

Far far less likely that those scenario's will occur than someone observing your PIN and stealing your phone. Like in the 100,000:1+ likelihood.

And what good would that do - I think all banking apps require something else like a biometric or passwords to get into the app. So someone "observing your PIN and stealing your phone" wouldn't be able to access your accounts. Someone using your finger would. 

I use biometric to unlock the phone, but use passwords/passcode if I'm doing anything serious like logging into a bank account, usually using a web browser not an app. And when I do that, I'll make sure nobody is looking, eg I'll do it in a hotel room. Beside which the accounts I log into only require certain digits of the password/code, so even if someone did see everything, they wouldn't get the whole passcode and it'd be useless to them. 

Albermarle

masonic said:

Albermarle said:

masonic said:

It is worth remembering that all device security fails when an assailant is willing to use force to get what they want from you. In that scenario it is advisable to be compliant. So it is worth giving some consideration to what your device will present to them if they force you to let them into it. Analogous to not walking around with a wallet stuffed with banknotes.

I can not disagree that this scenario could happen, but I can not recall any media reports of that happening ( may have missed them)  Most phones are just flogged for their black market value, or maybe hacked in some basic way if the user had been very careless in how they were set up. Or in the scenario above a forced transfer from ones current account.
Seems unlikely a thief would be interested ( or understand/recognise) a pension app, and as said in a previous post, at worst money would be transferred to your current account in 3 working days. So not much use unless you were kidnapped, which for Mr&Mrs  average seems unlikely.

Probably a lot easier and safer just to defraud people with a scam call from 'Microsoft'

Then where does it end ? No banking apps on your phone?

It is a balance of risks vs rewards. It is certainly worth thinking about and taking basic precautions, but not getting too paranoid about the whole thing ( not saying you are paranoid  )

An example in the media would be https://www.bbc.co.uk/news/uk-england-manchester-45612105

There was a thread a while back in the bank accounts forum where someone had been kidnapped and forced to unlock their phone, give their assailants all of the security details needed to get into banking apps and then was held hostage for a period of time while they drained the accounts. (Edit: This is the forum thread in question: https://forums.moneysavingexpert.com/discussion/6507572/money-not-refunded-by-bank-after-i-was-mugged )

If enough money is at stake, things could end up going further.

Not a likely scenario, but one that is avoidable and one I have taken the decision to avoid by having no trace of financial accounts with serious amounts of money in them on my phone.

Hmm food for thought. Thanks.
Although I think the risk vs reward is still in favour of apps on the phone for current accounts/ low value savings accounts/ credit cards. Maybe apps showing you have X hundred thousand pounds in Pensions/ISA’s are not such a good idea, just on the very slight chance something totally unexpected should happen.
Having gone 60 years plus with nothing more than having a car radio nicked, and living in a low crime area, I suppose one gets a bit blasé about personal violence and are more focused on IT security/ scams .

Eco_Miser

ColdIron said:

22225 said:

Also I access the platforms on my phone. If I end up having lots of money in there, and someone steals my phone I could lose my life savings

In most cases all they could do (assuming they had your security details)  is sell your investments and then 3 days or so later transfer the cash to your nominated account

Could they not change the nominated account to one they control?

Or it is likely that with the phone in their possession they already have control of the nominated account, so on the fourth day they could drain the transferred investment proceeds.

masonic

Eco_Miser said:

ColdIron said:

22225 said:

Also I access the platforms on my phone. If I end up having lots of money in there, and someone steals my phone I could lose my life savings

In most cases all they could do (assuming they had your security details)  is sell your investments and then 3 days or so later transfer the cash to your nominated account

Could they not change the nominated account to one they control?

Or it is likely that with the phone in their possession they already have control of the nominated account, so on the fourth day they could drain the transferred investment proceeds.

In most cases changing nominated account details requires extra security, a further delay before a withdrawal could be made, and/or a requirement for the account to be in the name of the customer. The customer would usually be able to raise the alarm before investment sales could settle.

zagfles

Albermarle said:

masonic said:

Albermarle said:

masonic said:

It is worth remembering that all device security fails when an assailant is willing to use force to get what they want from you. In that scenario it is advisable to be compliant. So it is worth giving some consideration to what your device will present to them if they force you to let them into it. Analogous to not walking around with a wallet stuffed with banknotes.

I can not disagree that this scenario could happen, but I can not recall any media reports of that happening ( may have missed them)  Most phones are just flogged for their black market value, or maybe hacked in some basic way if the user had been very careless in how they were set up. Or in the scenario above a forced transfer from ones current account.
Seems unlikely a thief would be interested ( or understand/recognise) a pension app, and as said in a previous post, at worst money would be transferred to your current account in 3 working days. So not much use unless you were kidnapped, which for Mr&Mrs  average seems unlikely.

Probably a lot easier and safer just to defraud people with a scam call from 'Microsoft'

Then where does it end ? No banking apps on your phone?

It is a balance of risks vs rewards. It is certainly worth thinking about and taking basic precautions, but not getting too paranoid about the whole thing ( not saying you are paranoid  )

An example in the media would be https://www.bbc.co.uk/news/uk-england-manchester-45612105

There was a thread a while back in the bank accounts forum where someone had been kidnapped and forced to unlock their phone, give their assailants all of the security details needed to get into banking apps and then was held hostage for a period of time while they drained the accounts. (Edit: This is the forum thread in question: https://forums.moneysavingexpert.com/discussion/6507572/money-not-refunded-by-bank-after-i-was-mugged )

If enough money is at stake, things could end up going further.

Not a likely scenario, but one that is avoidable and one I have taken the decision to avoid by having no trace of financial accounts with serious amounts of money in them on my phone.

Hmm food for thought. Thanks.
Although I think the risk vs reward is still in favour of apps on the phone for current accounts/ low value savings accounts/ credit cards. Maybe apps showing you have X hundred thousand pounds in Pensions/ISA’s are not such a good idea, just on the very slight chance something totally unexpected should happen.
Having gone 60 years plus with nothing more than having a car radio nicked, and living in a low crime area, I suppose one gets a bit blasé about personal violence and are more focused on IT security/ scams .

I use apps for a couple of credit cards, for other stuff I rarely have the need to access them while away from home, even on a long holiday. Stuff like pensions, ISAs etc, I've never had the need to access while away from home. 

Aside from the security issues, having access to stuff like investments from a phone with just a tap of the finger can encourage some very unhealthy behaviour, such as checking the value every day. I know someone who does this and can guarantee he'll be in a mild panic today as the markets have gone down a bit! Even though they're well up over a year.