Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@.

Search
Page 3
    • Radnorsaver
    • By Radnorsaver 7th Jul 19, 3:56 PM
    • 23 Posts
    • 6 Thanks
    Radnorsaver
    For your info the HSBC info is here: https://www.hsbc.co.uk/help/security-centre/simple-safe-secure/
    • jonnygee2
    • By jonnygee2 7th Jul 19, 4:24 PM
    • 1,482 Posts
    • 1,554 Thanks
    jonnygee2
    Monzo - OTP in use for some purchases?
    Monzo send a push message through the app which asks you to type in your card pin.

    This is their implementation of 3DS. Some Monzo staff comments on this thread confirming this will be continued for SCA https://community.monzo.com/t/strong-customer-authentication/68224/3
    • However
    • By However 8th Jul 19, 8:05 AM
    • 31 Posts
    • 13 Thanks
    However
    Co-op Credit Card & 2FA
    I've got a Co-op credit card (used to be Town & Country Building Society so I've had it a long time - since the 1980s I guess) and nothing else with them. Yet I've received messages on a flyer and on my latest statement saying I must update my contact details to 'pay for my online shopping' - using a card reader (which they are replacing) and a debit card. I have neither because I don't have a current account or a banking account or a personal account or whatever they call them - I have a credit card account and that's all. They also say I won't be able to use my Verified by Visa passcode - but I don't have one of those either and everything has worked perfectly well online for years without one.

    I can only contact Co-Op by phone (because any other way needs me to Login to Internet Banking and I can't) and they're too busy to answer.

    Does this mean I shall no longer be able to use the card online? Or has the Co-op forgotten they have customers who don't have a current personal banking account?

    Confused at whether I'm affected or not, and confused at what I supposed to have to do or not. Any insights?



    Next step will be to consider whether it's worth the effort.
    • Browntoa
    • By Browntoa 8th Jul 19, 8:20 AM
    • 35,408 Posts
    • 41,494 Thanks
    Browntoa
    I'm assuming via the app

    https://www.co-operativebank.co.uk/help-and-support/mobile-banking
    I'm the Board Guide of the Referrers ,Telephones, Pensions , Shop Don't drop ,over 50's , Boost your income and Discount Code boards which means I volunteer to help get your forum questions answered and keep the forum runnning smoothly .However, please remember, board guides don't read every post. If you spot an inappropriate or illegal post please report it to forumteam@moneysavingexpert.com Any views are mine and not the official line of MoneySavingExpert.
    • eskbanker
    • By eskbanker 8th Jul 19, 8:55 AM
    • 10,829 Posts
    • 13,397 Thanks
    eskbanker
    Does this mean I shall no longer be able to use the card online? Or has the Co-op forgotten they have customers who don't have a current personal banking account?

    Confused at whether I'm affected or not, and confused at what I supposed to have to do or not. Any insights?
    Originally posted by However
    As per the link in post #1, you'll have to authenticate (some) online card transactions either via their app or by text or email. Updating contact details can be done by phone or in branch if online isn't an option for you....
    • 18cc
    • By 18cc 9th Jul 19, 9:20 AM
    • 1,623 Posts
    • 1,194 Thanks
    18cc
    You could add NS&I to the list although I can't find out anything about what their plans are for e.g. logon or indeed making payments from Direct Saver etc
    • eskbanker
    • By eskbanker 9th Jul 19, 9:49 AM
    • 10,829 Posts
    • 13,397 Thanks
    eskbanker
    You could add NS&I to the list although I can't find out anything about what their plans are for e.g. logon or indeed making payments from Direct Saver etc
    Originally posted by 18cc
    As I understand it, the SCA requirements within PSD2 apply specifically to Payment Service Providers, i.e. institutions via which payments can be made to third parties - I don't believe that NS&I, and other savings providers without credit/debit cards or unfettered Faster Payments capabilities (such as most building societies), are within scope, but could be wrong!
    • db2016
    • By db2016 9th Jul 19, 4:13 PM
    • 152 Posts
    • 363 Thanks
    db2016
    +1 for barclays, the pinsentry reader i had got binned once they had it on the app,



    i mainly log in the app with my fingerprint (galaxy s10+) or every so often it doesnt let me do that for security and use a 5 digit code.



    havent logged into the desktop site for a good few months but the pinsentry app / reader lets you generate the codes for doing so.
    • Maverock
    • By Maverock 18th Jul 19, 2:02 AM
    • 40 Posts
    • 9 Thanks
    Maverock
    Monzo send a push message through the app which asks you to type in your card pin.

    This is their implementation of 3DS. Some Monzo staff comments on this thread confirming this will be continued for SCA https://community.monzo.com/t/strong-customer-authentication/68224/3
    Originally posted by jonnygee2

    And how can you tell it is the bank asking for your pin number!?
    • Zanderman
    • By Zanderman 18th Jul 19, 5:40 AM
    • 2,353 Posts
    • 5,247 Thanks
    Zanderman
    And how can you tell it is the bank asking for your pin number!?
    Originally posted by Maverock
    Because it is sent through the app?
    • Keith18002
    • By Keith18002 18th Jul 19, 9:16 AM
    • 1 Posts
    • 1 Thanks
    Keith18002
    Santander OTP
    Just had an email from Santander telling me in the future I will have to use OTP or their mobile app. I do all my online banking from home where I have poor internet and no mobile phone signal. Have tried to get an OTP by driving 2 miles up the road but it has timed out by the time I return. Registration for the app requires OTP, the same thing applies.
    • 2gins
    • By 2gins 19th Jul 19, 12:12 PM
    • 1 Posts
    • 0 Thanks
    2gins
    I've just had a 'secure key' pushed to me by my bank, I don't understand the use of these new secure keys at all and this seems as good a place as any to ask: What's the point?


    I'm glad the banks are taking security and fraud seriously and I certainly don't want any undue risks taken with my money/banking but this just seems like a total farce. Currently if anyone wishes to access my online banking they need to know my username, an 8-character passcode and the answer to a security question, which seems pretty secure to me. I have other banks for other things and they are so secure I usually can't log on myself.



    Now with this secure key I have to either go into the app and generate a OTP or do the same via a device I will need to keep with me, logically in my wallet or (if I were a lady or that way inclined) in a handbag. So suppose I lose my handbag or get mugged, or have my phone stolen?


    A would be thief would only have to crack the 4 - digit pin to get into my phone, then they just need the single password to generate the OTP for either app or pocket device.


    How is this any more secure than the current multi-factor authentication? It just looks like a load of hassle for no gain, this online stuff was supposed to make stuff easier but I'm seriously thinking about binning off internet banking and going back to the 1990s relying on ATMs and telephone banking.


    [/rant]


    TLDR, secure keys don't seem any more secure than two-factor authentication and it's all a lot of fuss for no gain.
    • eskbanker
    • By eskbanker 19th Jul 19, 12:27 PM
    • 10,829 Posts
    • 13,397 Thanks
    eskbanker
    Currently if anyone wishes to access my online banking they need to know my username, an 8-character passcode and the answer to a security question, which seems pretty secure to me.

    [...]

    A would be thief would only have to crack the 4 - digit pin to get into my phone, then they just need the single password to generate the OTP for either app or pocket device.

    How is this any more secure than the current multi-factor authentication? It just looks like a load of hassle for no gain, this online stuff was supposed to make stuff easier but I'm seriously thinking about binning off internet banking and going back to the 1990s relying on ATMs and telephone banking.

    [/rant]

    TLDR, secure keys don't seem any more secure than two-factor authentication and it's all a lot of fuss for no gain.
    Originally posted by 2gins
    Perhaps I'm misunderstanding what you're saying but "username, an 8-character passcode and the answer to a security question" isn't multi-factor authentication!

    Multi-factor authentication, in the context of this exercise, entails more than one of:
    (a) something known only by the payment service user ("knowledge");
    (b) something held only by the payment service user ("possession");
    (c) something inherent to the payment service user ("inherence");

    Your three elements are all within the first of these and therefore don't count as strong customer authentication, so this is why SCA involves possession of apps or codes or card readers, to be used in conjunction with knowledge of passwords, PINs, etc.
    • 18cc
    • By 18cc 19th Jul 19, 2:22 PM
    • 1,623 Posts
    • 1,194 Thanks
    18cc
    In some ways it may seem that having to enter a username password and some bit of memorable information would be quite secure - and of course indeed it is particularly if if what you use is unguessable

    the problem is that if anyone gets hold of them (for example by putting a keylogger on your PC or or other means) then they have complete access to a bank account

    that is why in addition to those you need to have something physical from now on - for example a secure key or or a card reader code generator or something like that

    this means that even if someone does manage to intercept your logon details they still cannot get on unless they also get hold of your your security device
    • Doc N
    • By Doc N 19th Jul 19, 3:02 PM
    • 7,000 Posts
    • 19,847 Thanks
    Doc N
    Just had an email from Santander telling me in the future I will have to use OTP or their mobile app. I do all my online banking from home where I have poor internet and no mobile phone signal. Have tried to get an OTP by driving 2 miles up the road but it has timed out by the time I return. Registration for the app requires OTP, the same thing applies.
    Originally posted by Keith18002
    "What's changing

    You already enter your security details to gain access to Online Banking, for example your Personal ID and Security Number, Registration Number or 5-digit PIN.

    The new regulation asks us to add an additional check to confirm it’s you. You can do this one of the following two ways:


    By having our personal mobile banking app. When you log on to Online Banking you’ll be referred to the mobile app, which will simply ask you to use your fingerprint, face or Security Number as the additional check that it’s you. You can then continue to use Online Banking as you normally do.


    By using One Time Passcode (OTP). If you don’t have a smart phone, we’ll send an OTP to your mobile phone as the additional check that it’s you.

    Whichever way you choose, we’re only using the mobile banking app or the OTP to help confirm it’s you. You can continue to use your personal Online Banking as normal once the check has been completed."



    I agree with you - this is going to make online banking with Santander even more of a pain in the neck than it is already.

    Banking via an app may be fine for occasional transactions, but if you're doing any serious reconciliation work with an account it's hopeless.

    I see apps as a backward step in many ways but we're being forced onto it by banks too lazy to find other ways of dealing with security.
    • 18cc
    • By 18cc 19th Jul 19, 4:32 PM
    • 1,623 Posts
    • 1,194 Thanks
    18cc
    You know sometimes some of these replies make me quite angry

    just pause for a moment and think what you are doing. you are accessing your bank account in a few seconds at anytime of the day or night 365 days a year and have the ability to check balances, make payments, set up standing orders - whatever you want

    is it too much to ask that you go through a bit of enhanced security before you do that

    you would be the first to come on here whinging if some fraudster got access to your account and drained all the money
    • Doc N
    • By Doc N 19th Jul 19, 6:32 PM
    • 7,000 Posts
    • 19,847 Thanks
    Doc N
    You know sometimes some of these replies make me quite angry

    just pause for a moment and think what you are doing. you are accessing your bank account in a few seconds at anytime of the day or night 365 days a year and have the ability to check balances, make payments, set up standing orders - whatever you want

    is it too much to ask that you go through a bit of enhanced security before you do that

    you would be the first to come on here whinging if some fraudster got access to your account and drained all the money
    Originally posted by 18cc
    I think you're forgetting a couple of points:

    1 There are various ways of achieving the required levels of security. Some banks are doing it without major inconvenience to the customers they need to stay in business. Some aren't - and they'll be the losers, at least in terms of a customer base.

    2 Unless you've been grossly negligent (quite a high bar) it's the bank that carries the responsibility for any money taken from your account - not you.
    • masonic
    • By masonic 19th Jul 19, 6:40 PM
    • 12,165 Posts
    • 9,782 Thanks
    masonic
    Presumably this will create an opportunity for companies using open banking. I for one would like read-only access to my account information without the hassle of going through 2FA.
    • londoninvestor
    • By londoninvestor 19th Jul 19, 6:54 PM
    • 1,224 Posts
    • 1,083 Thanks
    londoninvestor
    Perhaps I'm misunderstanding what you're saying but "username, an 8-character passcode and the answer to a security question" isn't multi-factor authentication!
    Originally posted by eskbanker
    This is quite true - but the banks do have themselves partly to blame if they get that kind of response.

    Much of the reason why some customers believe that "mother's maiden name", "memorable place", "first school you attended" etc makes them more secure, is that the banks themselves have spent years telling them that it does!
    • eskbanker
    • By eskbanker 20th Jul 19, 12:12 AM
    • 10,829 Posts
    • 13,397 Thanks
    eskbanker
    Banking via an app may be fine for occasional transactions, but if you're doing any serious reconciliation work with an account it's hopeless.
    Originally posted by Doc N
    You seem to be missing the significance of some of the text you quoted:
    By having our personal mobile banking app. When you log on to Online Banking youíll be referred to the mobile app, which will simply ask you to use your fingerprint, face or Security Number as the additional check that itís you. You can then continue to use Online Banking as you normally do.
    Originally posted by Doc N
    In other words, there's no need to do any 'banking via an app', the app is used purely as a means of authentication and then once logged in you can use online banking as before (i.e. not on the app)....
Welcome to our new Forum!

Our aim is to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

82Posts Today

2,490Users online

Martin's Twitter