Body & Soul0 min ago
Making It Near Impossible
58 Answers
Some organisations/institutions are particularly inclined to make bad choices. Now the news from my bank is that I must be at home whenever I want to log into my online banking, and they say this is by order of the Government's Ombudsman. They are going to insist on me using a "one time password" which they are going to give me by telephone. I don't have and don't want a mobile phone so unless they provide me with one they are insisting I return to base every time I want to do online banking - why not just tell me I have to go to my branch, regardless of where I may be travelling ? If this really is at the Ombudsman's instigation then my opinion of it has sunk lower than it was. What is wrong with a random number generator which has worked and still works very well in the UK and elsewhere ?
They say this is a UK-wide requirement so that should mean everyone is in the same boat, regardless of which bank they use. Can anyone tell me what they mean by one-time password ? Is it one that will only be required once or is it one that becomes invalid in a short time and they will/may go through this nonsense repeatedly, just to make absolutely certain you/I are driven up the wall and/or cannot use online banking. The insistence that this increases security is of course correct - if you make it impossible for people to use the system then it is perfectly secure. Another brilliant scheme dreamt up by incompetents - and it is nonsense to say "Everybody has a mobile", they shouldn't have to and they don't.
They say this is a UK-wide requirement so that should mean everyone is in the same boat, regardless of which bank they use. Can anyone tell me what they mean by one-time password ? Is it one that will only be required once or is it one that becomes invalid in a short time and they will/may go through this nonsense repeatedly, just to make absolutely certain you/I are driven up the wall and/or cannot use online banking. The insistence that this increases security is of course correct - if you make it impossible for people to use the system then it is perfectly secure. Another brilliant scheme dreamt up by incompetents - and it is nonsense to say "Everybody has a mobile", they shouldn't have to and they don't.
Answers
Best Answer
No best answer has yet been selected by KARL. Once a best answer has been selected, it will be shown here.
For more on marking an answer as the "Best Answer", please visit our FAQ.O_G, "I feel your pain" as the saying goes. A couple of years ago my foreign bank announced they were dropping the random number generator in favour of a mobile phone password only. In the end they never did but now have both running in parallel. For "my money" that is one country where the "average Joe" is listened to and shown consideration, not just in banking but lots of other ways - I expect there are others.
I'm with you all the way KARL. The insistence on online working 100% is blackmail - I've just had to provide my bank details to an electricity supplier to get a refund of £75 they charged for power I hadn't used - they first told me they were "paperless" and couldn't send a cheque as I asked. I then asked for a bankers draft (the bank's paper, not theirs) but the same excuse came back, they are not set up to be able to do this, so I had to provide them with my bank details for an online transfer. Needless to say I am now with another provider. But online traffic is wide open to hackers, and you can bet the banks will claim it's the customer's fault when it happens.
Just wait until it becomes compulsory to have a chip implant., driven by the same "do it or we can't serve you" threat we've seen here.
Just wait until it becomes compulsory to have a chip implant., driven by the same "do it or we can't serve you" threat we've seen here.
"So, you want to restrict our personal choices now ?"
Yes, unless you want to pay for the choice. A cheque costs a fortune compared to a faster payments transaction.
As for 2Fa it is the way to go. I use it for everything and it works very well,although I must admit I work in IT in a Bank. If possible use an app. You simply photograph the QR code they give you then it is synced, similar to the RSA tokens we used to use.
The two things I wont use yet as I dont consider the security is good enough are mobile Banking and Touching your card on a reader.
Yes, unless you want to pay for the choice. A cheque costs a fortune compared to a faster payments transaction.
As for 2Fa it is the way to go. I use it for everything and it works very well,although I must admit I work in IT in a Bank. If possible use an app. You simply photograph the QR code they give you then it is synced, similar to the RSA tokens we used to use.
The two things I wont use yet as I dont consider the security is good enough are mobile Banking and Touching your card on a reader.
f-f, Yes, the foreign bank is fine for business there but my normal UK business (at my UK bank) is not.
THECORBYLOON, The device would be one which is able to receive a text and it would have a single line screen (just like a random number generator) but no keypad of any kind - in fact rather similar to the pagers of old. The bank would exclusively contract transmission of the text to a mobile phone operator, the device would have its distinct receiving number, it and its link with the client known only to the bank. What is so complicated - nothing unless you the imagination is missing ?
ymb, My wife and I specifically asked for and got non-contactless cards for all but one or two of your collection where they were/are not available, precisely because we don't wish to get into a discussion about a spurious transaction we don't recognise.
THECORBYLOON, The device would be one which is able to receive a text and it would have a single line screen (just like a random number generator) but no keypad of any kind - in fact rather similar to the pagers of old. The bank would exclusively contract transmission of the text to a mobile phone operator, the device would have its distinct receiving number, it and its link with the client known only to the bank. What is so complicated - nothing unless you the imagination is missing ?
ymb, My wife and I specifically asked for and got non-contactless cards for all but one or two of your collection where they were/are not available, precisely because we don't wish to get into a discussion about a spurious transaction we don't recognise.
//...precisely because we don't wish to get into a discussion about a spurious transaction we don't recognise.//
Karl, I think you're being over pessimistic about card problems. I have been using credit and debit cards for getting on for forty years. I have been using contactless versions for almost as long as they've been available. I rarely use cash. About the only time I use it is for a cash tip in a restaurant where I want to be sure the server gets the cash, for a taxi when cards are not an option and for my barber who does not take card payments. I use my contactless card for just about every small purchase. In all that time I have had just one disputed payment. That was nothing to do with contactless cards but stemmed from a rogue staff member at my local railway ticket office who was cloning cards. The disputed payment was cancelled by my making one free phone call.
Well, david:
//I don't have, and don't want a mobile phone. They are intrusive and annoying.//
Keep it in your pocket, switched off if you don't want to be troubled.
//They constantly need re charging.//
I charge mine once or twice a week, overnight.
// They are also very antisocial.//
Not if you keep them switched off in your pocket.
Karl, I think you're being over pessimistic about card problems. I have been using credit and debit cards for getting on for forty years. I have been using contactless versions for almost as long as they've been available. I rarely use cash. About the only time I use it is for a cash tip in a restaurant where I want to be sure the server gets the cash, for a taxi when cards are not an option and for my barber who does not take card payments. I use my contactless card for just about every small purchase. In all that time I have had just one disputed payment. That was nothing to do with contactless cards but stemmed from a rogue staff member at my local railway ticket office who was cloning cards. The disputed payment was cancelled by my making one free phone call.
Well, david:
//I don't have, and don't want a mobile phone. They are intrusive and annoying.//
Keep it in your pocket, switched off if you don't want to be troubled.
//They constantly need re charging.//
I charge mine once or twice a week, overnight.
// They are also very antisocial.//
Not if you keep them switched off in your pocket.
NJ, pessimistic or not, we suffer no discernible inconvenience by not having contactless. Actually, I came across claims that there are people who have portable readers and can obtain a "payment" by passing close enough to a card in a pocket/wallet, handbag, etc. I do not have a first hand account of a sufferer but I do have an acquaintance who thinks he may be a sufferer (unexplained charge which was refunded). That is/was enough for us to get rid of a feature we have no need for. It is simply a matter of choice with peace of mind being a bonus.
marvel said //We are with Barclays and each have a card reader. So easy to use, hope they don't change the system.//
I received an e-mail yesterday from Barclays saying that the additional security measures to be put in place will allow you to log on using the card CVV code (3 digits on back of card) or one-time texted code.
As someone who rarely uses a mobile, I’ll be using the card CVV code.
I received an e-mail yesterday from Barclays saying that the additional security measures to be put in place will allow you to log on using the card CVV code (3 digits on back of card) or one-time texted code.
As someone who rarely uses a mobile, I’ll be using the card CVV code.
One issue with card readers is that you are pretty helpless if you try to use it and find the battery has gone or it ha stopped working, which happened to mine after a few years, and I had to wait a week for a replacement.
I don't mind the text verification code except one of my banks (Santander) insists on giving me what seems an unnecessarily long collection of about 10 letters and numbers so it's easy to mistype.
I'm not convinced how safe it is though- if someone had logged into my account through all the password stages they could just as easily have taken my phone as well
I don't mind the text verification code except one of my banks (Santander) insists on giving me what seems an unnecessarily long collection of about 10 letters and numbers so it's easy to mistype.
I'm not convinced how safe it is though- if someone had logged into my account through all the password stages they could just as easily have taken my phone as well
Karl, if you bought the cheapest of cheap mobile phone you would still be you. You would be in charge of it, it cannot control you. It is not essential that you hook into social media and selfies. You really don’t have to look at it every few minutes. You don’t need to tweet, Instagram, tindr or Facebook. Your emails will still be waiting for you on your pc when you get home. It is nothing to be frightened of, it won’t change you nor bankrupt you. You are allowed to keep it switched off. It could save you a lot of hassle when your car breaks down or you have an accident. It would make internet banking a whole heap easier. Go on, spend a tenner a dip your toe in to the strange new world.
barry, You miss the point entirely, I have no fear of mobiles (and accusing me of it does not intimidate) but I am averse to being told I have to become a customer of a third party before the bank will allow me to access my account, not least when there are perfectly acceptable alternatives available plus the measure is at least a seriously questionable improvement in security. Your post reminds me of a discussion I had with a friend quite a few years ago about mobile phones, it ended with her saying I was refusing to take part in the game. Yes, said I - she at least got it: The question of mobile or no mobile is, for the vast majority of people, as much or mostly one of being like the rest and fitting in, that is where fear comes into it (have I missed a call/text). If I lived exclusively among women, 90% or more of child bearing age, I would still feel no compulsion to be seen to buy sanitary products. I similarly feel absolutely no need to carry on me a mobile phone - 99.9% of the time I basically have no use for it at all.
I empathise up to a point with the OP. A few weeks ago I tried to set up a standing order with my Bank Santander to a different Bank using my laptop, as usual. I was taken through the initial stages until I got a message saying I now need to download the 'App' onto my phone to allow me to do this. Apart from the fact I have no idea the reasoning behind this, I am adamant I will not download my bank details onto my phone for obvious reasons.
Karl, your premise is all twisted. The banks are not making you log on only at home they are making you authenticate that it's you on every computer you use the first time you use it, a one time code will be sent to your mobile phone and you must enter it. After that, that computer will be recognized. You refuse to have a mobile phone so you opt out of that system and forgo the benefits. This is your choice not the bank's imposition.