Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@.

Search
  • FIRST POST
    • syncline
    • By syncline 3rd Jan 18, 5:56 PM
    • 17Posts
    • 2Thanks
    syncline
    Online banking that does not allow transfers, only statements?
    • #1
    • 3rd Jan 18, 5:56 PM
    Online banking that does not allow transfers, only statements? 3rd Jan 18 at 5:56 PM
    I'd love to have a current account that offers online statements (and more-or-less real-time transaction and balance data, ideally), but I'd also love to NOT have the ability to transfer money online, for security reasons. The same applies to all other online actions that might cost/lose me a lot of money.

    Do any banks operating in the UK offer this? Especially those that seem to have a better than average security and customer service record, of course.

    To try to address some possible questions/responses up front: I'm aware that other forms of banking are not without risk, and that if somebody gained unauthorized access to just online statements, that would also likely entail other risks. My day job is in IT, so I claim I'm not a know-nothing technophobe. Finally, note that it would not address my reason for wanting this to use a regular online banking account and only use the online statements (unless there are extra offline authentication steps required to upgrade the account to be able to make transfers).
Page 1
    • JuicyJesus
    • By JuicyJesus 3rd Jan 18, 6:51 PM
    • 3,078 Posts
    • 3,225 Thanks
    JuicyJesus
    • #2
    • 3rd Jan 18, 6:51 PM
    • #2
    • 3rd Jan 18, 6:51 PM
    As far as I know, no banks fully prohibit online transfers.

    Realistically a bank with a decent 2FA option should be fine so long as you don't play silly !!!!!!s with the token (e.g. card, PIN and card reader or Secure Key token.)
    urs sinserly,
    ~~joosy jeezus~~
    • gt94sss2
    • By gt94sss2 3rd Jan 18, 7:06 PM
    • 4,045 Posts
    • 1,875 Thanks
    gt94sss2
    • #3
    • 3rd Jan 18, 7:06 PM
    • #3
    • 3rd Jan 18, 7:06 PM
    I haven't used it but Santander offer a option called 'View Only' access which they describe as:

    For your security, you can change online access to your accounts to view-only mode. This means you will be unable to perform transactions on any of your accounts online, but you will still be able to view your balances and transactions.

    If you change your mind later, and want to regain access to Online Banking, contact the Online Banking helpdesk
    However, as JuicyJesus says there are banks with 2 factor authorisation such as HSBC which only allow new payees to be created if you use the Secure Key token.

    Finally, I should say that in the event of unauthorized access/fraud then the bank is responsible for financial losses not you.
    • 18cc
    • By 18cc 3rd Jan 18, 7:53 PM
    • 531 Posts
    • 319 Thanks
    18cc
    • #4
    • 3rd Jan 18, 7:53 PM
    • #4
    • 3rd Jan 18, 7:53 PM
    You could consider a bank like Starling. This does offer real-time transactions (use your debit card and it appears instantaneously) and of course balance and transaction viewing.


    You can make payments of course but since it is a mobile phone app-only bank and uses face and voice ID you might consider it much less likely to be hacked than 'normal' online banking.
    • newatc
    • By newatc 3rd Jan 18, 8:00 PM
    • 248 Posts
    • 281 Thanks
    newatc
    • #5
    • 3rd Jan 18, 8:00 PM
    • #5
    • 3rd Jan 18, 8:00 PM
    HSBC allow that type of account for businesses by setting maximum for transfers (which can be set to zero) but I don't know if their personal accounts have the same facility.
    • Hydro1
    • By Hydro1 4th Jan 18, 11:51 AM
    • 17 Posts
    • 9 Thanks
    Hydro1
    • #6
    • 4th Jan 18, 11:51 AM
    • #6
    • 4th Jan 18, 11:51 AM
    Virgin Money has a fairly basic current account offering only very limited online services, but it may suit your needs:
    https://uk.virginmoney.com/virgin/current-account/essential-current-account.jsp
    • paragon909
    • By paragon909 4th Jan 18, 3:10 PM
    • 1,343 Posts
    • 1,356 Thanks
    paragon909
    • #7
    • 4th Jan 18, 3:10 PM
    • #7
    • 4th Jan 18, 3:10 PM
    TSB savings accounts only allow transfer to current accounts, They don't allow payments to external accounts.

    Maybe try them?
    • syncline
    • By syncline 6th Jan 18, 3:33 PM
    • 17 Posts
    • 2 Thanks
    syncline
    • #8
    • 6th Jan 18, 3:33 PM
    • #8
    • 6th Jan 18, 3:33 PM
    I haven't used it but Santander offer a option called 'View Only' access which they describe as:
    Originally posted by gt94sss2
    Interesting and bang on the question, thank you!

    I do immediately wonder what the procedure for turning that form of protection off again is, since if that is poor my effort would be fruitless. Has anybody reading tried turning this Santander "View Only" feature on and off?

    Also, I recall that Santander has previously ended up at the bottom of Which?'s IT security ranking (I have too few posts to link yet, sorry).

    It's a market for lemons!

    However, as JuicyJesus says there are banks with 2 factor authorisation such as HSBC which only allow new payees to be created if you use the Secure Key token.
    2FA is not what I'm enquiring about in this thread, but...

    Ah, so is this like CPUs that only allow code to read memory from their own address space? Realistically, we can rely on that.

    For those not in the geek world, that was cheap irony from me, referring to the recent Spectre / Meltdown exploit news (I expect these will at least cost every reader of this thread money indirectly, and quite likely cause information you care about to be leaked). Of course you are correct that there does appear to be some real security value in at least some 2FA, although I'm genuinely far from sure about even that: on occasion 2FA has made things worse in the past, and I have no reason to think that will never happen again in future.

    Finally, I should say that in the event of unauthorized access/fraud then the bank is responsible for financial losses not you.
    I've noticed in the past that financial institutions do have a go at pinning the blame on customers and expending some effort not to refund money taken fraudulently - including in cases where only technology was to blame, and the banks were the only ones in a position to fix the problems. In part I can understand their point of view, as SOME of their customers are bound to be fraudsters - but I'd very much prefer not to have to deal with that system!
    • syncline
    • By syncline 6th Jan 18, 3:42 PM
    • 17 Posts
    • 2 Thanks
    syncline
    • #9
    • 6th Jan 18, 3:42 PM
    • #9
    • 6th Jan 18, 3:42 PM
    Virgin Money has a fairly basic current account offering only very limited online services, but it may suit your needs:
    Originally posted by Hydro1
    Thanks for this

    Even having looked at the table of features that says when you have to phone / use the net / go to a "Store" (why not a "Branch"?), I don't think I have the knowledge and experience to be able to assess confidently from that what I might end up missing / regretting if I opened that "Basic" account.

    Can anybody help me with that?
    • syncline
    • By syncline 6th Jan 18, 3:47 PM
    • 17 Posts
    • 2 Thanks
    syncline
    TSB savings accounts only allow transfer to current accounts, They don't allow payments to external accounts.

    Maybe try them?
    Originally posted by paragon909
    Unfortunately I do want to make faster payments transfers to various people/institutions, just not via the bank's website.
    • syncline
    • By syncline 6th Jan 18, 3:54 PM
    • 17 Posts
    • 2 Thanks
    syncline
    Thanks for this

    Even having looked at the table of features that says when you have to phone / use the net / go to a "Store" (why not a "Branch"?), I don't think I have the knowledge and experience to be able to assess confidently from that what I might end up missing / regretting if I opened that "Basic" account.

    Can anybody help me with that?
    Originally posted by syncline
    Perhaps to help clarify what I want:
    • I want to use an account as a "standard" current account,
    • including making direct debit, standing order and faster payments via phone banking,
    • and downloading statements listing transactions in machine readable form,
    • but with no facility to transfer money or set up direct debits or standing orders (etc.) online.
    I wish I was able to write down precisely what I should mean by "standard", but I think I lack the knowledge: that's what I'm now hoping for help with.
    • gt94sss2
    • By gt94sss2 6th Jan 18, 9:39 PM
    • 4,045 Posts
    • 1,875 Thanks
    gt94sss2
    I do immediately wonder what the procedure for turning that form of protection off again is, since if that is poor my effort would be fruitless. Has anybody reading tried turning this Santander "View Only" feature on and off?

    Also, I recall that Santander has previously ended up at the bottom of Which?'s IT security ranking (I have too few posts to link yet, sorry).
    Originally posted by syncline
    I doubt many people use the feature - and Santander's website says it can only be turned off if you call them - which I imagine means passing through their telephone security checks (which you seem willing to do for telephone payments etc.)

    As for reports by Which? - apart from the general dubious value of many of their reports - you appear to be referring to a story from 2013 and I am sure much will have changed during that time.


    2FA is not what I'm enquiring about in this thread, but...
    HSBC uses this sort of 2FA hardware key (maybe a different model) though a digital version is also available.

    In short, HSBC/First Direct keys work as follows (taken from here):

    The bank programs the token with a unique encryption key.

    The token will generate a series of characters that are derived from the encryption key, current time, and (optionally) other various factors.

    Since the bank knows the (unique) encryption key, and all other other factors that the token uses, they can reverse-engineer the input to find out who "owns" that token. If the owner of the token matches the owner of the bank account that is being logged-in to, then the login is authentic.
    The code changes about once per minute.

    Santander, by contrast, would send you a SMS code to your registered phone number to verify you if you try and do things like set up a new payee (though obviously with view only access you can't do this)
    Last edited by gt94sss2; 06-01-2018 at 9:43 PM.
    • 18cc
    • By 18cc 7th Jan 18, 8:43 AM
    • 531 Posts
    • 319 Thanks
    18cc
    Not been able to find out if you can do it, but you could ask any bank if it is possible to have a current account and disable internet banking completely ie only have phone banking. The only downside is that you won't be able to access it online of course to print off statements - one of your wishes.

    the only hit via google was for natwest which says 'if you want to disable internet banking please contact our helpdesk'. Maybe it is allowed at other banks as well?
    • eDicky
    • By eDicky 7th Jan 18, 10:14 AM
    • 3,517 Posts
    • 1,697 Thanks
    eDicky
    The Virgin Money Essential account lacks ability to set up transfers, DDs, SOs etc online, but apart from having no overdraft facility is more or less like a 'standard' current account, so it seems to suit your requirements.

    I have one, mainly for the contactless MasterCard with no non-sterling fees, but I would not use it as my main account because of this lack of online facility, that you are looking for. It pays 0.75% interest so I don't mind having some money sitting there without a convenient way to transfer it out.
    • camelot1971
    • By camelot1971 7th Jan 18, 11:07 AM
    • 809 Posts
    • 1,208 Thanks
    camelot1971
    I don't understand why you think phone banking is more secure than online banking?

    Online banking is perfectly secure if you use strong passwords, don't open attachments in emails you aren't expecting and keep your OS up to date.
    • ValiantSon
    • By ValiantSon 7th Jan 18, 8:50 PM
    • 2,013 Posts
    • 1,863 Thanks
    ValiantSon
    Perhaps to help clarify what I want:
    • I want to use an account as a "standard" current account,
    • including making direct debit, standing order and faster payments via phone banking,
    • and downloading statements listing transactions in machine readable form,
    • but with no facility to transfer money or set up direct debits or standing orders (etc.) online.
    I wish I was able to write down precisely what I should mean by "standard", but I think I lack the knowledge: that's what I'm now hoping for help with.
    Originally posted by syncline
    Perhaps First Direct might be an option. If you don't order the secure key (and you do have to actively request it) then the only access you are meant to get to your account online is to view the balance (and possibly statements - First Direct still send paper statements as default every month). All other dealings can be handled through telephone banking. The added bonus of this with First Direct is that your call is answered by a customer service advisor so you are on to dealing with whatever you want to do straight away (this operates 24/7).
    • syncline
    • By syncline 20th Jan 18, 4:59 PM
    • 17 Posts
    • 2 Thanks
    syncline
    I doubt many people use the feature - and Santander's website says it can only be turned off if you call them - which I imagine means passing through their telephone security checks (which you seem willing to do for telephone payments etc.)
    Originally posted by gt94sss2
    I don't have much choice, so yes. Also in its favour: experts such as Ross Anderson of Cambridge university have reported for many years that there has been a real problem with banks denying responsibility for technical security failings that are (only) theirs to remedy. My guess is they'd have a harder time of that with this setup.

    https://www.theguardian.com/money/2015/nov/21/safe-internet-banking-cyber-security-online

    As for reports by Which? - apart from the general dubious value of many of their reports - you appear to be referring to a story from 2013 and I am sure much will have changed during that time.
    Yes. Also I place very little faith in Which?'s knowledge in the first place. As I say, computer security in general, and online banking in particular (re security anyway), is a market for lemons.

    HSBC uses this sort of 2FA hardware key (maybe a different model) though a digital version is also available.

    In short, HSBC/First Direct keys work as follows (taken from here):

    The code changes about once per minute.
    Sounds like TOTP, which is obsolete technology as far as desktop web browsing goes (superceded by U2F) - except that it doesn't claim to implement the de facto standard Google TOTP protocol. If so, it carries a risk of poor implementation (which is a very common cause of IT security failures).

    Santander, by contrast, would send you a SMS code to your registered phone number to verify you if you try and do things like set up a new payee (though obviously with view only access you can't do this)
    If you're doing *only* phone banking I think SMS notifications, though hardly terribly secure, are probably useful as long as you don't rely on them completely (people re-registering phones in order to commit fraud is a common problem).
    • syncline
    • By syncline 20th Jan 18, 5:02 PM
    • 17 Posts
    • 2 Thanks
    syncline
    Not been able to find out if you can do it, but you could ask any bank if it is possible to have a current account and disable internet banking completely ie only have phone banking. The only downside is that you won't be able to access it online of course to print off statements - one of your wishes.
    Originally posted by 18cc
    Because my question is *about* accessing statements online, I would politely suggest that you read the question again (even reading the title should do it?).

    the only hit via google was for natwest which says 'if you want to disable internet banking please contact our helpdesk'. Maybe it is allowed at other banks as well?
    Yes, it is. I don't know any bank that does not, in fact (I'm not saying they don't exist).
    • syncline
    • By syncline 20th Jan 18, 5:05 PM
    • 17 Posts
    • 2 Thanks
    syncline
    I don't understand why you think phone banking is more secure than online banking?

    Online banking is perfectly secure if you use strong passwords, don't open attachments in emails you aren't expecting and keep your OS up to date.
    Originally posted by camelot1971
    http://www.cl.cam.ac.uk/~rja14/banksec.html
    http://www.daemonology.net/blog/2018-01-17-some-thoughts-on-spectre-and-meltdown.html

    As I say, I don't believe at all that phone banking is without risk: the issue is more of 1. banks blaming customers for IT security failings under their control, 2. greater fragility of internet banking at present.
    Last edited by syncline; 20-01-2018 at 5:09 PM. Reason: add link re spectre
    • syncline
    • By syncline 20th Jan 18, 5:20 PM
    • 17 Posts
    • 2 Thanks
    syncline
    Perhaps First Direct might be an option. If you don't order the secure key (and you do have to actively request it) then the only access you are meant to get to your account online is to view the balance (and possibly statements - First Direct still send paper statements as default every month). All other dealings can be handled through telephone banking. The added bonus of this with First Direct is that your call is answered by a customer service advisor so you are on to dealing with whatever you want to do straight away (this operates 24/7).
    Originally posted by ValiantSon
    I will find out and report back here.

    I would guess they only provide access to balance that way, though. Plus, First Direct, why can't I restrict myself to statements-only with 2FA? I'd rather not have my statements leaked to fraudsters (mostly because that's useful info for the fraudsters).
Welcome to our new Forum!

Our aim is to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

4,047Posts Today

8,021Users online

Martin's Twitter
  • RT @LaraLewington: ...and mine suggested I'd achieved a lifelong ambition of being sawn in half by a magician - at our wedding. Wasn't. Don?

  • We are working on it - I think BA has behaved awfully on this. Those flight were no obviously a glitch. It should? https://t.co/8pvtXtUEqi

  • RT @thenicolabryant: Absolutely. We need mental health and financial health as advocated my @MartinSLewis , to be taught in schools. So muc?

  • Follow Martin