📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

NSI Barbaric security system

Options
124

Comments

  • TheBanker
    TheBanker Posts: 2,237 Forumite
    Part of the Furniture 1,000 Posts Name Dropper Combo Breaker
    mikb said:
    Section62 said:
    Olinda99 said:
    The particular dangerous one is mother's maiden name - in my opinion you should never use the real one.
    Agreed.  The FCA should tell the organisations still using mmn to stop doing so without delay..


    Personally, I can't believe that the FCA allowed it in the first place (or that any banks/financial institutions thought this was a good idea to make this even an issue).
    Using researchable items of data as "security" is a joke. A bad joke. I have a range of "first school", "pet's name", "favourite car brand", "mother's maiden name"  and "where you grew up" answers -- none in common between organisations, because I recognised that this was a _stupid_ security feature.
    The complication comes where terms 41.7 subsection j) says "You agree that _all_ information you submit to us is truthful and accurate ..." -- well, mostly. Apart from the security things.
    And the other complication -- if they are digging into your credit files and cross-referencing with open banking etc. it is possible they are picking up information from _real_ sources. So when they ask about "How many children?" you need to counter with "Actual children, or the number I told you I had?" ...


    The use of mothers maiden name pre-dates the FCA, and probably pre-dates financial services regulation as we know it today. I think it's been around since the early days of telephone banking. 

    These types of questions were more secure in the pre-internet era where the answers were less researchable. 

    I agree though they should not be used any more. 

  • Section62
    Section62 Posts: 9,866 Forumite
    1,000 Posts Fourth Anniversary Name Dropper
    TheBanker said:
    mikb said:
    Section62 said:
    Olinda99 said:
    The particular dangerous one is mother's maiden name - in my opinion you should never use the real one.
    Agreed.  The FCA should tell the organisations still using mmn to stop doing so without delay..


    Personally, I can't believe that the FCA allowed it in the first place (or that any banks/financial institutions thought this was a good idea to make this even an issue).
    Using researchable items of data as "security" is a joke. A bad joke. I have a range of "first school", "pet's name", "favourite car brand", "mother's maiden name"  and "where you grew up" answers -- none in common between organisations, because I recognised that this was a _stupid_ security feature.
    The complication comes where terms 41.7 subsection j) says "You agree that _all_ information you submit to us is truthful and accurate ..." -- well, mostly. Apart from the security things.
    And the other complication -- if they are digging into your credit files and cross-referencing with open banking etc. it is possible they are picking up information from _real_ sources. So when they ask about "How many children?" you need to counter with "Actual children, or the number I told you I had?" ...


    The use of mothers maiden name pre-dates the FCA, and probably pre-dates financial services regulation as we know it today. I think it's been around since the early days of telephone banking. 

    These types of questions were more secure in the pre-internet era where the answers were less researchable. 

    I agree though they should not be used any more. 

    Barclays were using mother's maiden name as a 'security' question in branch for some things in the 1970's.

  • mikb
    mikb Posts: 634 Forumite
    Part of the Furniture 500 Posts Name Dropper
    TheBanker said:
    mikb said:
    Section62 said:
    Olinda99 said:
    The particular dangerous one is mother's maiden name - in my opinion you should never use the real one.
    Agreed.  The FCA should tell the organisations still using mmn to stop doing so without delay..


    Personally, I can't believe that the FCA allowed it in the first place (or that any banks/financial institutions thought this was a good idea to make this even an issue).
    Using researchable items of data as "security" is a joke. A bad joke. I have a range of "first school", "pet's name", "favourite car brand", "mother's maiden name"  and "where you grew up" answers -- none in common between organisations, because I recognised that this was a _stupid_ security feature.
    The complication comes where terms 41.7 subsection j) says "You agree that _all_ information you submit to us is truthful and accurate ..." -- well, mostly. Apart from the security things.
    And the other complication -- if they are digging into your credit files and cross-referencing with open banking etc. it is possible they are picking up information from _real_ sources. So when they ask about "How many children?" you need to counter with "Actual children, or the number I told you I had?" ...


    The use of mothers maiden name pre-dates the FCA, and probably pre-dates financial services regulation as we know it today. I think it's been around since the early days of telephone banking. 

    These types of questions were more secure in the pre-internet era where the answers were less researchable. 

    I agree though they should not be used any more. 

    True. But -- "friends" and family though ... they've never need to research things like that. Or dates-of-birth.

    Then again, the meme of using a maiden-name as stupidity security was instilled in me at a young age. Before "memes" existed :)

    "Try his first wife's maiden name" from Micro Live ... scroll to "Hacking Incident" and sing the words there to the tune of "Music! Music! Music! (Put Another Nickel In)"



  • Kim_13
    Kim_13 Posts: 3,442 Forumite
    Tenth Anniversary 1,000 Posts Name Dropper Photogenic
    Section62 said:
    TheBanker said:
    mikb said:
    Section62 said:
    Olinda99 said:
    The particular dangerous one is mother's maiden name - in my opinion you should never use the real one.
    Agreed.  The FCA should tell the organisations still using mmn to stop doing so without delay..


    Personally, I can't believe that the FCA allowed it in the first place (or that any banks/financial institutions thought this was a good idea to make this even an issue).
    Using researchable items of data as "security" is a joke. A bad joke. I have a range of "first school", "pet's name", "favourite car brand", "mother's maiden name"  and "where you grew up" answers -- none in common between organisations, because I recognised that this was a _stupid_ security feature.
    The complication comes where terms 41.7 subsection j) says "You agree that _all_ information you submit to us is truthful and accurate ..." -- well, mostly. Apart from the security things.
    And the other complication -- if they are digging into your credit files and cross-referencing with open banking etc. it is possible they are picking up information from _real_ sources. So when they ask about "How many children?" you need to counter with "Actual children, or the number I told you I had?" ...


    The use of mothers maiden name pre-dates the FCA, and probably pre-dates financial services regulation as we know it today. I think it's been around since the early days of telephone banking. 

    These types of questions were more secure in the pre-internet era where the answers were less researchable. 

    I agree though they should not be used any more. 

    Barclays were using mother's maiden name as a 'security' question in branch for some things in the 1970's.

    I was asked it when opening a Regular Saver in 2013, having had no previous accounts with them.
  • masonic
    masonic Posts: 27,281 Forumite
    Part of the Furniture 10,000 Posts Photogenic Name Dropper
    edited 27 January at 8:07PM
    I was asked it when applying for a regular saver earlier this month. It didn't make it into the set of security questions used for online banking. Presumably it was just to be used if I phoned to discuss the application.
  • Cathygpie
    Cathygpie Posts: 18 Forumite
    Fourth Anniversary 10 Posts
    Hi all. Following my complaint to NSI, a manager called me. After listening to my calls, he apologised and upheld my complaint. 

    I had not needed to contact them since 2014. I had set up a password then and saved it. Password rules changed and the one I had saved was too short. So I was locked out.

    Barbaric was how I felt at that stage. I would now say that it was an abuse of process. New rules had been made but no explanation was given.

    Telling me I had failed security on my kids and grandparents names was wrong and then taking me to Equifax questions without explaining why...

    Reading from here, I have learned a lot more. I understand that those type of questions are no longer safe and have set up new responses. I have had to embrace these new rules but I am still concerned that the majority of the public don't know. 

    The manager said that both my calls had not been dealt with correctly and should have been managed differently when I had supposedly failed security. 

    They are sending me £75 for my time and stress caused. 


  • vacheron
    vacheron Posts: 2,192 Forumite
    Part of the Furniture 1,000 Posts Name Dropper Photogenic
    OP. Are you sure you gave them the correct account number. If there was an error in the number you gave, or the advisor entered it incorrectly, it could be possible that the advisor was looking at the answers to somebody else's security questions, hence why every answer was apparently "wrong". 

    I have seen this happen before, hence why I am asking. 
    • The rich buy assets.
    • The poor only have expenses.
    • The middle class buy liabilities they think are assets.
    Robert T. Kiyosaki
  • Cathygpie
    Cathygpie Posts: 18 Forumite
    Fourth Anniversary 10 Posts
    Ha. Definitely correct account number. That is why the whole situation was so ridiculous and so I called back to try again the next day. I was then asked favourite kids TV prog and kids book. In 2014, I had never set those questions up. 

    I have had some winnings recently, all sent to my home address. Probably different depts but still...
  • boingy
    boingy Posts: 1,916 Forumite
    1,000 Posts Second Anniversary Name Dropper
    And in the meantime, most people use their spouse's birthday as their PIN, and have the same PIN across several accounts.
  • Olinda99
    Olinda99 Posts: 2,042 Forumite
    1,000 Posts Third Anniversary Name Dropper
    boingy said:
    And in the meantime, most people use their spouse's birthday as their PIN, and have the same PIN across several accounts.
    how else are you going to remember it !
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 351.1K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.6K Spending & Discounts
  • 244.1K Work, Benefits & Business
  • 599K Mortgages, Homes & Bills
  • 177K Life & Family
  • 257.4K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.