Strong Customer Authentication - **Now delayed** changes to online verification
Comments
-
Does this apply to Credit Cards, too? I am keeping a few credit cards after switching the current accounts away.0
-
Does this also apply to eg Monzo, Starling or is it desktop banking they are targeting?0
-
Good point - it does encompass these, so I looked up info for MBNA and added them to the list, happy to add others as and when we find the relevant details! Amex and Barclaycard info seems to be published in the context of their roles as payment networks rather issuers, but hopefully there'll be info applicable to cardholders out there somewhere....Does this apply to Credit Cards, too? I am keeping a few credit cards after switching the current accounts away.0 -
Hi esk could I suggest it is made a bit clearer if you are referring in tnis thread to changes to signing into internet banking (many banks currently use passwords, memorable info etc - this will change) or the second scenario of internet shopping eg using your debit (or indeed credit) card to buy something.
For example, the Natwest link above seems to be for shopping, not internet banking sign in.0 -
Two factor authentication involves:Does this also apply to eg Monzo, Starling or is it desktop banking they are targeting?
My understanding is that an app is considered to be the middle of these and therefore, if combined with passwords/PINs, etc, satisfies the requirement, hence the use of apps as a second factor for non-app banks.two or more elements categorised as knowledge (something only the user knows), possession (something only the user possesses) and inherence (something the user is)
So, app-only banks, assuming they also require the use of something the user knows (or is, such as fingerprint/facial recognition), shouldn't need any additional securing.
Happy to be corrected though, I'm not claiming to be an expert!0 -
A fair point - I think that most are aiming not to reinvent the wheel and to use the same or similar approaches to verification for both purchases and logging in to banking, but that's not universal, as the LBG brands offer trusted devices for online banking but this doesn't apply for purchasing.Hi esk could I suggest it is made a bit clearer if you are referring in tnis thread to changes to signing into internet banking (many banks currently use passwords, memorable info etc - this will change) or the second scenario of internet shopping eg using your debit (or indeed credit) card to buy something.
For example, the Natwest link above seems to be for shopping, not internet banking sign in.
However, not all of the banks seem to be making any distinction in what they're publishing, so it's not always clear.
I'll try to think of how to represent this in a reasonably clear way (anyone know how to use tables on here without pasting pictures in from external sources?)0 -
Does this apply to Credit Cards, too? I am keeping a few credit cards after switching the current accounts away.
Credit cards is the area that's concerning me more than debit cards. Joint bank accounts seem to cope properly with 2FA for both of the account holders (that is, OTP is sent to phone of whichever card is being used).
However, it's a different story for credit cards The two I have as main cardholder where my wife is an additional cardholder (Nationwide and Tesco) only support OTP being sent to main cardholder, which is hopeless for the additional cardholder making purchases online. When I enquired, I got the impression nobody had thought of this problem, or maybe just ignored it!
I'd be very pleased for additional or updated information from anyone on this.
One other issue that's arisen for a family member who spends a lot of time abroad is that texts can take a long time (around 1 hour) to arrive, which isn't any use when the OTP expires after 10 minutes!0 -
Doesn't sound very clever! Hopefully they'll publicise their policies on this to help people decide - I didn't see anything explicitly mentioned in any of the pages linked above.Credit cards is the area that's concerning me more than debit cards. Joint bank accounts seem to cope properly with 2FA for both of the account holders (that is, OTP is sent to phone of whichever card is being used).
However, it's a different story for credit cards The two I have as main cardholder where my wife is an additional cardholder (Nationwide and Tesco) only support OTP being sent to main cardholder, which is hopeless for the additional cardholder making purchases online. When I enquired, I got the impression nobody had thought of this problem, or maybe just ignored it!
I'd be very pleased for additional or updated information from anyone on this.
Edit: I take it back, the M&S page states that they support separate mobile numbers per card, not just one per account.
That'll be the time difference from central EuropeOne other issue that's arisen for a family member who spends a lot of time abroad is that texts can take a long time (around 1 hour) to arrive, which isn't any use when the OTP expires after 10 minutes!
I think this is an inherent weakness in relying on mobile phone networks - the banks already have no control over the networks within the UK and sending messages abroad is another degree of separation. There have been numerous other threads about the obsolescence and poor security of SMS but it's effectively the lowest common denominator at the moment - it'll be interesting to see how much more timely app verification is from overseas, for those in a position to make a direct comparison once these measures are in place.0 -
Fairly sure I read somewhere that Coop (and Smile - who probably need to be added to the list, despite being, actually, Coop) were changing to OTP instead of the existing card reader. But they haven't yet. Can't find the info now though - will look for it.
Latest info I have is email from Co-op 4/6/19:
"You can now update your telephone number and email address in the mobile banking, using your fingerprint, passnumber or Face ID (only available on iOS devices) – no need to use your card reader.
We have brought in this feature because in the near future, the way you bank and shop online is changing. To help protect you against fraud, we are strengthening how we use two-factor authentication and changing the way you verify yourself. We will be sending you more info about this soon, but to get prepared, make sure your mobile telephone number and email address are up to date.
Find out more about how you shop and bank online is changing:
https://www.co-operativebank.co.uk/security/two-factor-authentication"0 -
MBNA - trusted device in addition to other options (I guess because they are now part of Lloyds). I can verify this as a result of logging on yesterday and being asked to nominate my current device as 'trusted'. I wonder how many devices you can nominate as trusted, or if indeed there is a limit? Also, I'm unclear whether 'trusted' relates both to online shopping and to accessing the MBNA service online. I suspect just the latter, but it would be good if it covered the former as well.
Edit: just checked the website. Trusted device only applies to online servicing
0
Categories
- All Categories
- 343.2K Banking & Borrowing
- 250.1K Reduce Debt & Boost Income
- 449.7K Spending & Discounts
- 235.2K Work, Benefits & Business
- 608K Mortgages, Homes & Bills
- 173K Life & Family
- 247.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 15.9K Discuss & Feedback
- 15.1K Coronavirus Support Boards