📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

West Brom BS Security

Options
Should I be concerned by the apparent lack of online banking security on the West Brom BS website?

To login, all you need is account number, date of birth and a 4 digit PIN.
There is no password, memorable information or two factor authentication.



«1

Comments

  • AmityNeon
    AmityNeon Posts: 1,085 Forumite
    1,000 Posts Second Anniversary Photogenic Name Dropper
    edited 14 May at 8:35AM
    If you try to do anything involving account management, SMS (or landline phone call) OTP verification is then required.
  • flaneurs_lobster
    flaneurs_lobster Posts: 6,570 Forumite
    Sixth Anniversary 1,000 Posts Photogenic Name Dropper
    Well I'm concerned, it does seem to be an outlier when considering the dozens of other institutions that hold money for me, I'm not recalling any other that hasn't implemented at least some form of 2FA (or an app protected by the app & device security).

    You might argue that this is of less concern since withdrawals can only be made to authenticated nominated accounts in the same name - but that is not really the point.
  • subjecttocontract
    subjecttocontract Posts: 2,745 Forumite
    Part of the Furniture 1,000 Posts Photogenic Name Dropper
    I agree I can see why you are concerned but, I only have a regular saver with them and the sums of money involved are relatively  small so I think the risks are ok for me. 
  • It doesn't concern me tbh.
  • NanookOfTheNorth
    NanookOfTheNorth Posts: 76 Forumite
    Second Anniversary 10 Posts Name Dropper
    Having two different areas to log in for their WebSave or Savings Portal isnt very user friendly needing different password/PIN, just have one common platform with 2FA etc
  • x44
    x44 Posts: 26 Forumite
    10 Posts
    edited 14 May at 10:20AM
    dosh37 said:
    Should I be concerned by the apparent lack of online banking security on the West Brom BS website?

    To login, all you need is account number, date of birth and a 4 digit PIN.
    There is no password, memorable information or two factor authentication.

    Have a look at GS Marcus's login then....
    All you need is email (hardly secret) and a password and you are in
    The rational is as with others that you can only withdraw to your nominated account so if anyone unauthorised does gain access they cannot themselves get any money to their own accounts.
    Santander I recall just has a username which you can 'save' on your computer and a pin for login
    It is quite possible though that GSMarcus (and probably West Brom/Santander ) are storing cookies on your computer so that if those are not present then some form of 2FA is then used....





  • pafpcg
    pafpcg Posts: 928 Forumite
    Tenth Anniversary 500 Posts Name Dropper
    x44 said:
    dosh37 said:
    Should I be concerned by the apparent lack of online banking security on the West Brom BS website?

    To login, all you need is account number, date of birth and a 4 digit PIN.
    There is no password, memorable information or two factor authentication.

    .....
    It is quite possible though that GSMarcus (and probably West Brom/Santander ) are storing cookies on your computer so that if those are not present then some form of 2FA is then used....
    Definitely true in the case of Santander.

  • Section62
    Section62 Posts: 9,841 Forumite
    1,000 Posts Fourth Anniversary Name Dropper
    pafpcg said:
    x44 said:
    dosh37 said:
    Should I be concerned by the apparent lack of online banking security on the West Brom BS website?

    To login, all you need is account number, date of birth and a 4 digit PIN.
    There is no password, memorable information or two factor authentication.

    .....
    It is quite possible though that GSMarcus (and probably West Brom/Santander ) are storing cookies on your computer so that if those are not present then some form of 2FA is then used....
    Definitely true in the case of Santander.

    Not for just logging in to Santander online banking.  I clear everything from each session, the Santander login process sometimes requires an OTP, but more often than not will allow me through to the accounts page with only user ID + 5-digit security number.

    Once in I don't always need an OTP to make a payment either.

    As for West Brom, I'm on the 'not really an issue' side - the PIN prevents other people seeing what I have in the accounts and accessing other information, and is as 'secure' as any of the PINs on debit cards I have, which (in the right circumstances) could allow access to thousands of pounds.
  • DRS1
    DRS1 Posts: 1,237 Forumite
    Part of the Furniture 1,000 Posts Name Dropper Combo Breaker
    Having two different areas to log in for their WebSave or Savings Portal isnt very user friendly needing different password/PIN, just have one common platform with 2FA etc
    And you cannot transfer direct from one to the other.  To get money from a WebSave account to a West Brom account it has to go out to an external account.
  • allegro120
    allegro120 Posts: 1,896 Forumite
    1,000 Posts Second Anniversary Name Dropper
    dosh37 said:
    Should I be concerned by the apparent lack of online banking security on the West Brom BS website?

    To login, all you need is account number, date of birth and a 4 digit PIN.
    There is no password, memorable information or two factor authentication.
    I think these three provide enough security for viewing your accounts.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 351K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.6K Spending & Discounts
  • 244.1K Work, Benefits & Business
  • 599K Mortgages, Homes & Bills
  • 177K Life & Family
  • 257.4K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.