We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Recommendations for alternative bank - HSBC requiring phone app

1234568

Comments

  • flaneurs_lobster
    flaneurs_lobster Posts: 8,080 Forumite
    Sixth Anniversary 1,000 Posts Photogenic Name Dropper
    phillw said:
    born_again said:
    How did they get passed phone security?
    Phones aren't that secure, there is software that works with many phones to get passed the lock screen.

    There is probably a way past the security on the banking apps too.

    Really? I'd like you to give the source of your information, pretty sure that if this was true then it would be of interest to the banks and other institutions that think biometrics and passwords/codes on smartphones are pretty solid.
  • GeoffTF
    GeoffTF Posts: 2,334 Forumite
    1,000 Posts Fourth Anniversary Photogenic Name Dropper
    flaneurs_lobster said:
    phillw said:
    born_again said:
    How did they get passed phone security?
    Phones aren't that secure, there is software that works with many phones to get passed the lock screen.

    There is probably a way past the security on the banking apps too.

    Really? I'd like you to give the source of your information, pretty sure that if this was true then it would be of interest to the banks and other institutions that think biometrics and passwords/codes on smartphones are pretty solid.
    https://www.bbc.co.uk/programmes/m002jsqv
  • booneruk
    booneruk Posts: 829 Forumite
    Seventh Anniversary 500 Posts Name Dropper
    edited 5 November at 1:24PM
    GeoffTF said:
    flaneurs_lobster said:
    phillw said:
    born_again said:
    How did they get passed phone security?
    Phones aren't that secure, there is software that works with many phones to get passed the lock screen.

    There is probably a way past the security on the banking apps too.

    Really? I'd like you to give the source of your information, pretty sure that if this was true then it would be of interest to the banks and other institutions that think biometrics and passwords/codes on smartphones are pretty solid.
    https://www.bbc.co.uk/programmes/m002jsqv
    [I had a brief skim through the transcript] So the phones were unlocked when they were stolen, and the banking app didn't put up any more barriers for the crim after that point. Surely the banks refunded since the customer was not at fault (the apps should have asked for at least a pin on launch EDIT: the victims may have been shoulder surfed for the pins. This is why you should use fingerprint unlocks).

    Sim swap fraud can be seriously limited by not using SMS for OTP codes. SMS 2FA needs to die.

    All my banking apps ask for a fingerprint even if my phone is unlocked. My phone is also set to lock if it detects sudden movement (like having the phone grabbed by a moped crim). I also don't use SMS codes, and I fully expect my bank to refund me if all this was bypassed somehow by a crim.

    I'm comfortable with banking on my phone.
  • flaneurs_lobster
    flaneurs_lobster Posts: 8,080 Forumite
    Sixth Anniversary 1,000 Posts Photogenic Name Dropper
    booneruk said:

    [I had a brief skim through the transcript] So the phones were unlocked when they were stolen, and the banking app didn't put up any more barriers for the crim after that point. Surely the banks refunded since the customer was not at fault (the apps should have asked for at least a pin on launch EDIT: the victims may have been shoulder surfed for the pins. This is why you should use fingerprint unlocks).
    ....and why your banking app passcodes should not be the same as your lock screen passcode (or your SIM card unlock code because you've locked that too, of course).
  • GeoffTF
    GeoffTF Posts: 2,334 Forumite
    1,000 Posts Fourth Anniversary Photogenic Name Dropper
    edited 5 November at 2:15PM
    flaneurs_lobster said:
    GeoffTF said:
    flaneurs_lobster said:
    phillw said:
    born_again said:
    How did they get passed phone security?
    Phones aren't that secure, there is software that works with many phones to get passed the lock screen.

    There is probably a way past the security on the banking apps too.

    Really? I'd like you to give the source of your information, pretty sure that if this was true then it would be of interest to the banks and other institutions that think biometrics and passwords/codes on smartphones are pretty solid.
    https://www.bbc.co.uk/programmes/m002jsqv
    I've just read the transcript of that programme.

    Nowhere does it mention software that bypasses a phone's lock screen.

    There's no mention of any method of getting past banking app security.

    The cases mentioned talk about stealing phones that are already unlocked or which have been "shoulder-surfed" to obtain the passcode.

    There's mention of a crypto wallet being emptied but no mention of how (any) access controls have been bypassed.

    A person has to decide if they want the convenience of banking apps and the steps they should take to keep the phone and data safe from theft.

    You have decided against, fair enough, but please don't alarm people with hearsay rather than facts.
    If you listen to the program, you will hear it said by a credible witness that an unlocked phone can have its banking apps drained in minutes, and a locked phone just takes longer. He did not give details for obvious reasons. Nonetheless there are statistics for mobile banking fraud:
    35,661 cases in the first half of this year with a loss of £43 million. That is an average £1,206 lost per fraud. £43 million is not enough to worry the banks too much. There are also statistics for mobile phone thefts:
    64,244 phone thefts last year. That is about the same as the number of mobile banking frauds. Nonetheless, not all mobile banking frauds will be the result of stolen phones, and not all stolen phones will be hacked. The risks do not appear to be large considering the number of mobile phones in use, but I would not want to have large sums of money accessible from a mobile phone that is in harms way. I would not put it past Mr Putin to be interested in disrupting the British banking system.
  • GeoffTF
    GeoffTF Posts: 2,334 Forumite
    1,000 Posts Fourth Anniversary Photogenic Name Dropper
    edited 5 November at 2:32PM
    Here is the relevant part of the transcript:
    "WAIGHT: I’m Richard Waight. I’m a Detective Superintendent within
    the City of London Police. I head up investigation within the Specialist Operations Directorate.
    In terms of, groups work together, so you’ll certainly have the people on the street who will snatch
    the phone, and then there’ll be the next tier up groups that are focused on the realisation of that
    asset. Some of that will be the actual realisation of selling the phone itself, but obviously there are
    other elements who are looking at how they can exploit what’s within it – the bank accounts that
    people can access, and of course then getting hold of the money.
    GOLDBERG: I wanted to know, are unlocked phones really a gift to
    phone thieves seeking money on banking apps?
    WAIGHT: Certainly criminals will often focus on a phone that’s open;
    it makes it easier for them. Putting it in simple terms, if it’s unlocked, they’ve got faster access to
    those accounts. That can be almost instantaneous when you’re looking at the removal of money
    from bank accounts. That’s well within the 24 hours."
  • flaneurs_lobster
    flaneurs_lobster Posts: 8,080 Forumite
    Sixth Anniversary 1,000 Posts Photogenic Name Dropper
    Point me to the bit where it says "there is software that works with many phones to get passed the lock screen".
  • GeoffTF
    GeoffTF Posts: 2,334 Forumite
    1,000 Posts Fourth Anniversary Photogenic Name Dropper
    edited 5 November at 3:13PM
    flaneurs_lobster said:
    Point me to the bit where it says "there is software that works with many phones to get passed the lock screen".
    Richard Waight said: "if it’s unlocked, they’ve got faster access to those accounts." That implies that they can still get access if the phone is locked, but it takes longer. He did not say how it is done. It could involve specialist hardware, specialist software or both. (I did not claim that only specialist software was used. Someone else said that was possible for many phones.)
  • booneruk
    booneruk Posts: 829 Forumite
    Seventh Anniversary 500 Posts Name Dropper
    edited 5 November at 3:44PM
    The important thing is, after all this implication and maybe - did any customer lose their money? Only negligence should cause a bank to refuse.

    Let's not forget if you lose your wallet stuffed with notes, that's it, gone.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 352.6K Banking & Borrowing
  • 253.8K Reduce Debt & Boost Income
  • 454.5K Spending & Discounts
  • 245.7K Work, Benefits & Business
  • 601.6K Mortgages, Homes & Bills
  • 177.7K Life & Family
  • 259.6K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 37.7K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture