Cash ISA - Trading 212

bobfredbob

I don't recall which third-party was used, it has been a while.  My experience was similar to the OP's: a notice saying it was going to redirect to their trusted third-party (a company I'd never heard of), that then requested I enter banking details.

I can imagine explaining it to elderly friends that for this particular website you ignore your browser warning that you've never visited this website before, you ignore the warnings that you've never heard of this company, and also ignore the warnings you've previously been given that you must not enter your credentials on any website other than your bank...  Instead, you trust the text that says, "trusted", since scammers would never ever have that on their website.

Maybe when I last did it there wasn't the "use app" option, or perhaps it already knew it wasn't integrated to my bank's app.

Perhaps it is generational: I would not be signing up for tens of different accounts just to pay at a local takeaway.  Every intermediary is one additional attack vector.  But, lots of people do sign up for tens of apps without any concern, and I can see that for some it can be more convenient.

noh

bobfredbob said:

........... and also ignore the warnings you've previously been given that you must not enter your credentials on any website other than your bank...  

Your login details are entered on your banks website, if using a browser, or in their app if using a mobile device.

Exodi

bobfredbob said:

Perhaps it is generational: I would not be signing up for tens of different accounts just to pay at a local takeaway.  Every intermediary is one additional attack vector.  But, lots of people do sign up for tens of apps without any concern, and I can see that for some it can be more convenient.

I agree it may be generational, but again I think you're misinterpreting the process, because no-one is 'signing up for tens of different [payment intermediary] accounts'... did you sign up for TrueLayer? They just facilitate the payment so every business (like my local Chinese takeaway) isn't required to develop in-house software to process online payments. Effectively all businesses will be integrated with a third-party payment solution, whether you realise it or not (e.g. Shopify, Stripe, TrueLayer, etc).

I really dislike the stereotype you're painting where 'younger people' are seemingly careless about privacy, when this forum is regularly presented with what equates to irrational paranoia typically by older people (refusing to provide ID when opening a bank account, asking how to disable contactless payments, buying separate devices to keep their banking apps on, etc).

Would you refuse to complete the transaction if they had used PayPal as their payment handler? TrueLayer is not a random company and aside from the financial companies already mentioned, they're used by Revolut, Wise, Plum, Freetrade, or if you're hungry, Just Eat, Papa Johns, etc. Stripe just announced a partnership with TrueLayer which means tens of thousands more companies will soon be offering TrueLayer as an option.

I'm not a technical expert, but I think the potential of an intermediary being an 'additional attack vector' is very slim. The most obvious reason being that they don't have access to your bank details as you authenticate directly with your bank... and as they are limited by the open-banking API, the only way they could try take a lot of money is by requesting you allow them to do so in your banking app.