Recommendations for alternative bank - HSBC requiring phone app

Section62

booneruk said:

Section62 said:

Versus a credit card-sized device the bank gives you for free?

That's a bit of a flawed comparison. Can you set up a standing order with a card? Cancel a direct debit? View your balance without going anywhere? I can't phone my friend with a credit card, or install social media apps Etc etc.

We're talking specifically about online banking authentication.

Clearly if you want to do mobile banking, or phone friends, or use social media, then it would be sensible to go with the phone option (including any phone you already have which might not meet HSBC's security requirements)

Nasqueron

Section62 said:

Nasqueron said:

clairec666 said:

GeoffTF said:

Nasqueron said:

Banks typically stop access when the system OS is no longer supported by the manufacturer, typically 5-6 years with Apple and better Android devices, one phone every 5-6 years is normal, it happens with all devices as a phone that old isn't secure and is a risk to use

I do not know of any bank that does that. Anyway, security updates just reduce the risk, they do not eliminate it.

No banking apps would install on my last phone, because it was running an old version of Android.

Using a phone over 6 years old is a security risk because the software isn't having security patches, hence banks don't want to risk their software being compromised and yuou losing money, it's akin to leaving all your doors and windows open at home. You can get an Android 14 (full, not Go) phone from Argos for £100 which will have security to at least Feb 2027. A Samsung A15 5G will have 5 years of security updates albeit it's a year old already

So not a new phone every year, but a new £100 phone every 16 months?

Versus a credit card-sized device the bank gives you for free?

I picked a random dirt cheap phone as an example and used a budget one with 5 years support, thank you for reading!

Nasqueron

GeoffTF said:

Nasqueron said:

clairec666 said:

GeoffTF said:

Nasqueron said:

Banks typically stop access when the system OS is no longer supported by the manufacturer, typically 5-6 years with Apple and better Android devices, one phone every 5-6 years is normal, it happens with all devices as a phone that old isn't secure and is a risk to use

I do not know of any bank that does that. Anyway, security updates just reduce the risk, they do not eliminate it.

No banking apps would install on my last phone, because it was running an old version of Android.

A Samsung A15 5G will have 5 years of security updates albeit it's a year old already

The A15 is two years old, so it has security updates for 3 years at most. That is not much if you are expecting a 7 or 8 year life for the phone. The A17 is on sale now. The 4G version costs £169. Here is what a review says:

"The Galaxy A17 4G will receive updates until 2031, i.e. for six years from launch, and new versions of the operating system will be available for this period. However, Samsung restricts this on its website with the addition "up to" and other legal clauses. So you can't fully rely on this great promise."

https://www.notebookcheck.net/Samsung-Galaxy-A17-4G-smartphone-test-Unusually-well-equipped-budget-phone.1146414.0.html

You are paying out a lot of dosh for a shaky promise, and the other manufacturers' promises are worse for reasonably priced phones.

That is now silly - we're into conspiracy that they are lying about the support they advertise, it's in as a caveat as Google might set the hardware restrictions for a newer version of android too high

Or just get a refurb iphone with 4-6 years

Nasqueron

GeoffTF said:

Nasqueron said:

GeoffTF said:

Nasqueron said:

Banks typically stop access when the system OS is no longer supported by the manufacturer, typically 5-6 years with Apple and better Android devices, one phone every 5-6 years is normal, it happens with all devices as a phone that old isn't secure and is a risk to use

I do not know of any bank that does that. Anyway, security updates just reduce the risk, they do not eliminate it.

Except for literally all of them?

Not at all. See the Nationwide footnote here for example:

"To use our banking app, your device must be running Android 7.0 or higher..."

https://www.nationwide.co.uk/ways-to-bank/banking-app/

The last security patch for Android 7.0 was dated August 2019:

https://en.wikipedia.org/wiki/Android_version_history

The last security update for Android 7.0 was more than 6 years ago. Android 7.0 was released in August 2016, so it only received security updates for 3 years. Nationwide is happy for its customers to use 9 year old budget phones with its app. Not many mobile phones survive more than 9 years, so Nationwide is not being very restrictive. It was much the same story for the other banks that I looked at.

As I said, they need a minimum version and it's stated - so if you had Android 6 it won't work - literally what I said, thank you for agreeing!

Nationwide's lack of IT knowledge isn't exactly hidden but First Direct is Android 9 (no support for Go), Lloyds and NatWest are 8, it's still common sense to have a supported version for various reasons. HSBC need 9 as well hence OP is using a phone at least from 2020 if not earlier, full of security holes and a risk 

Rob5342

I think Halifax still let you authorise things with an automated call to a phone number. If you still have a home phone then they might be an option. 

Alternatively Monzo have location based security so you can restrict some things so that they can only be done when your phone is at your home address. 

GeoffTF

Nasqueron said:

GeoffTF said:

Nasqueron said:

GeoffTF said:

Nasqueron said:

Banks typically stop access when the system OS is no longer supported by the manufacturer, typically 5-6 years with Apple and better Android devices, one phone every 5-6 years is normal, it happens with all devices as a phone that old isn't secure and is a risk to use

I do not know of any bank that does that. Anyway, security updates just reduce the risk, they do not eliminate it.

Except for literally all of them?

Not at all. See the Nationwide footnote here for example:

"To use our banking app, your device must be running Android 7.0 or higher..."

https://www.nationwide.co.uk/ways-to-bank/banking-app/

The last security patch for Android 7.0 was dated August 2019:

https://en.wikipedia.org/wiki/Android_version_history

The last security update for Android 7.0 was more than 6 years ago. Android 7.0 was released in August 2016, so it only received security updates for 3 years. Nationwide is happy for its customers to use 9 year old budget phones with its app. Not many mobile phones survive more than 9 years, so Nationwide is not being very restrictive. It was much the same story for the other banks that I looked at.

As I said, they need a minimum version and it's stated - so if you had Android 6 it won't work - literally what I said, thank you for agreeing!

Nationwide's lack of IT knowledge isn't exactly hidden but First Direct is Android 9 (no support for Go), Lloyds and NatWest are 8, it's still common sense to have a supported version for various reasons. HSBC need 9 as well hence OP is using a phone at least from 2020 if not earlier, full of security holes and a risk 

You wrote "Banks typically stop access when the system OS is no longer supported by the manufacturer". That is clearly not true if they are allowing Android 7.0 or even Android 9.0. Look at the table in my Wikipedia link. Actually, it is worse than the table suggests. The table gives the date of the last security patch from Google. Android phone manufacturers usually end support before that. I have recently used apps from Nationwide, Skipton, Tesco and Barclays on a Nokia phone running Android 12 that has not received updates for two years. Google issued a security patch for Android 12 in March 2025, but my phone did not get it. (My risk from using those apps was very low, because of other security measures. My Nokia phone is an Android One phone, which had a guarantee for three years of security updates from its first release. That was more than any other reasonably priced phone at the time.) The banks are evidently happy for their customers to use unsupported phones. If your phone gets hacked, the nightmare situation is having to prove that you followed all the bank's security requirements.