We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
NSI Barbaric security system
Options
Comments
-
mikb said:Section62 said:Olinda99 said:The particular dangerous one is mother's maiden name - in my opinion you should never use the real one.Agreed. The FCA should tell the organisations still using mmn to stop doing so without delay..Personally, I can't believe that the FCA allowed it in the first place (or that any banks/financial institutions thought this was a good idea to make this even an issue).Using researchable items of data as "security" is a joke. A bad joke. I have a range of "first school", "pet's name", "favourite car brand", "mother's maiden name" and "where you grew up" answers -- none in common between organisations, because I recognised that this was a _stupid_ security feature.The complication comes where terms 41.7 subsection j) says "You agree that _all_ information you submit to us is truthful and accurate ..." -- well, mostly. Apart from the security things.And the other complication -- if they are digging into your credit files and cross-referencing with open banking etc. it is possible they are picking up information from _real_ sources. So when they ask about "How many children?" you need to counter with "Actual children, or the number I told you I had?" ...
These types of questions were more secure in the pre-internet era where the answers were less researchable.
I agree though they should not be used any more.
3 -
TheBanker said:mikb said:Section62 said:Olinda99 said:The particular dangerous one is mother's maiden name - in my opinion you should never use the real one.Agreed. The FCA should tell the organisations still using mmn to stop doing so without delay..Personally, I can't believe that the FCA allowed it in the first place (or that any banks/financial institutions thought this was a good idea to make this even an issue).Using researchable items of data as "security" is a joke. A bad joke. I have a range of "first school", "pet's name", "favourite car brand", "mother's maiden name" and "where you grew up" answers -- none in common between organisations, because I recognised that this was a _stupid_ security feature.The complication comes where terms 41.7 subsection j) says "You agree that _all_ information you submit to us is truthful and accurate ..." -- well, mostly. Apart from the security things.And the other complication -- if they are digging into your credit files and cross-referencing with open banking etc. it is possible they are picking up information from _real_ sources. So when they ask about "How many children?" you need to counter with "Actual children, or the number I told you I had?" ...
These types of questions were more secure in the pre-internet era where the answers were less researchable.
I agree though they should not be used any more.
1 -
TheBanker said:mikb said:Section62 said:Olinda99 said:The particular dangerous one is mother's maiden name - in my opinion you should never use the real one.Agreed. The FCA should tell the organisations still using mmn to stop doing so without delay..Personally, I can't believe that the FCA allowed it in the first place (or that any banks/financial institutions thought this was a good idea to make this even an issue).Using researchable items of data as "security" is a joke. A bad joke. I have a range of "first school", "pet's name", "favourite car brand", "mother's maiden name" and "where you grew up" answers -- none in common between organisations, because I recognised that this was a _stupid_ security feature.The complication comes where terms 41.7 subsection j) says "You agree that _all_ information you submit to us is truthful and accurate ..." -- well, mostly. Apart from the security things.And the other complication -- if they are digging into your credit files and cross-referencing with open banking etc. it is possible they are picking up information from _real_ sources. So when they ask about "How many children?" you need to counter with "Actual children, or the number I told you I had?" ...
These types of questions were more secure in the pre-internet era where the answers were less researchable.
I agree though they should not be used any more.True. But -- "friends" and family though ... they've never need to research things like that. Or dates-of-birth.Then again, the meme of using a maiden-name as stupidity security was instilled in me at a young age. Before "memes" existed"Try his first wife's maiden name" from Micro Live ... scroll to "Hacking Incident" and sing the words there to the tune of "Music! Music! Music! (Put Another Nickel In)"
0 -
Section62 said:TheBanker said:mikb said:Section62 said:Olinda99 said:The particular dangerous one is mother's maiden name - in my opinion you should never use the real one.Agreed. The FCA should tell the organisations still using mmn to stop doing so without delay..Personally, I can't believe that the FCA allowed it in the first place (or that any banks/financial institutions thought this was a good idea to make this even an issue).Using researchable items of data as "security" is a joke. A bad joke. I have a range of "first school", "pet's name", "favourite car brand", "mother's maiden name" and "where you grew up" answers -- none in common between organisations, because I recognised that this was a _stupid_ security feature.The complication comes where terms 41.7 subsection j) says "You agree that _all_ information you submit to us is truthful and accurate ..." -- well, mostly. Apart from the security things.And the other complication -- if they are digging into your credit files and cross-referencing with open banking etc. it is possible they are picking up information from _real_ sources. So when they ask about "How many children?" you need to counter with "Actual children, or the number I told you I had?" ...
These types of questions were more secure in the pre-internet era where the answers were less researchable.
I agree though they should not be used any more.0 -
I was asked it when applying for a regular saver earlier this month. It didn't make it into the set of security questions used for online banking. Presumably it was just to be used if I phoned to discuss the application.
0 -
Hi all. Following my complaint to NSI, a manager called me. After listening to my calls, he apologised and upheld my complaint.
I had not needed to contact them since 2014. I had set up a password then and saved it. Password rules changed and the one I had saved was too short. So I was locked out.
Barbaric was how I felt at that stage. I would now say that it was an abuse of process. New rules had been made but no explanation was given.
Telling me I had failed security on my kids and grandparents names was wrong and then taking me to Equifax questions without explaining why...
Reading from here, I have learned a lot more. I understand that those type of questions are no longer safe and have set up new responses. I have had to embrace these new rules but I am still concerned that the majority of the public don't know.
The manager said that both my calls had not been dealt with correctly and should have been managed differently when I had supposedly failed security.
They are sending me £75 for my time and stress caused.
3 -
OP. Are you sure you gave them the correct account number. If there was an error in the number you gave, or the advisor entered it incorrectly, it could be possible that the advisor was looking at the answers to somebody else's security questions, hence why every answer was apparently "wrong".
I have seen this happen before, hence why I am asking.• The rich buy assets.
• The poor only have expenses.
• The middle class buy liabilities they think are assets.
Robert T. Kiyosaki0 -
Ha. Definitely correct account number. That is why the whole situation was so ridiculous and so I called back to try again the next day. I was then asked favourite kids TV prog and kids book. In 2014, I had never set those questions up.
I have had some winnings recently, all sent to my home address. Probably different depts but still...0 -
And in the meantime, most people use their spouse's birthday as their PIN, and have the same PIN across several accounts.1
Confirm your email address to Create Threads and Reply

Categories
- All Categories
- 351.1K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244.1K Work, Benefits & Business
- 599K Mortgages, Homes & Bills
- 177K Life & Family
- 257.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards