Security of banking on phones.
Psychophysiological entity
Thread Starter
Security of banking on phones.
After some flaffing about I got the Barclays App going for my Android Samsung. The detailed procedure for approval was huge and included the use of my card reading code generator thingie and also TXT codes. Impressive. However, the password to enter the accounts is only five, must be numerical, digits.
With these five figures I can see several accounts and no doubt manipulate my funds. Haven't had to do that yet and not sure I will.
Given how secure the PC's access is, just how is this acceptable?
With these five figures I can see several accounts and no doubt manipulate my funds. Haven't had to do that yet and not sure I will.
Given how secure the PC's access is, just how is this acceptable?
Join Date: Apr 2002
Location: UK
Posts: 98
Likes: 0
Received 0 Likes
on
0 Posts
I'm sure Barclays have assessed the security risks involved.
To start with most phones are locked, and perhaps the app enforces this as a policy if a PIN/security code/fingerprint lock is not already enabled.
The app is also tied to your phone, so your account cannot be accessed from another phone unless you go through the same "huge" approval procedure for that device - which, as you discovered, requires several authentication factors.
I expect that further authentication will be required if you want to move money to an account that is not yours.
Finally, there may be additional covert security measures in place that I'm not going to speculate on in a public forum.
I would expect that Barclays will act honourably in the event of fraud resulting from genuine, normal use of the app.
To start with most phones are locked, and perhaps the app enforces this as a policy if a PIN/security code/fingerprint lock is not already enabled.
The app is also tied to your phone, so your account cannot be accessed from another phone unless you go through the same "huge" approval procedure for that device - which, as you discovered, requires several authentication factors.
I expect that further authentication will be required if you want to move money to an account that is not yours.
Finally, there may be additional covert security measures in place that I'm not going to speculate on in a public forum.
I would expect that Barclays will act honourably in the event of fraud resulting from genuine, normal use of the app.
I do not trust mobile phone security for banking. However, both my daughters do and regard it as very convenient.
I would quite like the facility to load my phone with some money that I could "spend" - say £100 or so. That would limit my risk if I could find a risk free way of downloading it, and adding to it every now and then. (Think of the credit carried on an Oyster card). However, the security would continue to be an issue.
I would quite like the facility to load my phone with some money that I could "spend" - say £100 or so. That would limit my risk if I could find a risk free way of downloading it, and adding to it every now and then. (Think of the credit carried on an Oyster card). However, the security would continue to be an issue.
Psychophysiological entity
Thread Starter
I like the idea of a limited mobile spend. Right now mine is unlimited and I all but swallow the phone when I go out. A grand would be a good spendy limit.
I've got a 5 figure screen lock and 5 figure entry into the bank, but that of course doesn't equal 5 X 5.
One of my other banks wrote me a formal letter this week saying I hadn't logged in for fifty-odd days. Would I like a written statement? I logged in, but won't again as such letters are the only ones I get these days.
I've got a 5 figure screen lock and 5 figure entry into the bank, but that of course doesn't equal 5 X 5.
One of my other banks wrote me a formal letter this week saying I hadn't logged in for fifty-odd days. Would I like a written statement? I logged in, but won't again as such letters are the only ones I get these days.
Join Date: Apr 1998
Location: Mesopotamos
Posts: 5
Likes: 0
Received 0 Likes
on
0 Posts
Having worked for them Ericsson retards building mobile networks for their clients and seen corruption first hand, I wouldn't trust any mobile network with my finances regardless of the bells and whistles they put on it.
.
I wouldn't trust any phone system with my money, and especially not Android -too many security holes. Apple may be a bit better in this regard, but not enough for me to want to use it.
I've been an android user for many years and much prefer it to ios, but secure enough for banking? Nope.
I've been an android user for many years and much prefer it to ios, but secure enough for banking? Nope.
Same for computers I guess ?
I use computer banking, my domestic one uses my cellphone to send a text code to insert on their site, but I presume that my details are there to see by every passing 5 yr.old who chooses to hack my computer. International ones use a variety of the funny clicking gadgets to provide a code number, or insertion of my debit card into their card reader thing. (just how do those things work, they aren't Internettedly connected to the bank in any way ? No, don't try to tell me, someone once did and I lost them after the first sentence. )
When I have to phone them I have to remember the name of my first dog, or first car, or my grandfathers' middle name. I was recently telephoned unexpectedly by a bank, so not knowing if this was a scam or not I asked for the caller to give me the name of his first dog. He was not amused, but turned out to be genuine anyway.
Mrs. ExS recently opened an account with KiwiBank, an upstart outfit in NZ, they frequently send her statements and the like by e-mail, detailing all her names, account no. balance and other personal data. Bank security ? She has asked them to stop, but they say " no problem, we know best "or words to that effect.
World's Gone Mad.
I use computer banking, my domestic one uses my cellphone to send a text code to insert on their site, but I presume that my details are there to see by every passing 5 yr.old who chooses to hack my computer. International ones use a variety of the funny clicking gadgets to provide a code number, or insertion of my debit card into their card reader thing. (just how do those things work, they aren't Internettedly connected to the bank in any way ? No, don't try to tell me, someone once did and I lost them after the first sentence. )
When I have to phone them I have to remember the name of my first dog, or first car, or my grandfathers' middle name. I was recently telephoned unexpectedly by a bank, so not knowing if this was a scam or not I asked for the caller to give me the name of his first dog. He was not amused, but turned out to be genuine anyway.
Mrs. ExS recently opened an account with KiwiBank, an upstart outfit in NZ, they frequently send her statements and the like by e-mail, detailing all her names, account no. balance and other personal data. Bank security ? She has asked them to stop, but they say " no problem, we know best "or words to that effect.
World's Gone Mad.
Psychophysiological entity
Thread Starter
Mmm . . . was in a car dealership today and in a mindbogglingly stupid moment went into Barclays site to check on funds. It was an open network.
I realised in a nanosecond, but of course, the damage may well have been done.
Also, having to have a secure phone as suggested above is a pain. Barclays is the only real danger . . . erm, isn't it?
They give me Kaspersky for the phone as well, but given the problems I've had with them, I'm not that confident. Phone soft probem was sorted by them fairly quickly, but now the PC's cover is just stopping, requesting an update of definitions, and demanding a re-boot before resuming. I've had enough.
(The Rivetess has exactly the same problem - different address, computer, and install of Kaspersky.)
I realised in a nanosecond, but of course, the damage may well have been done.
Also, having to have a secure phone as suggested above is a pain. Barclays is the only real danger . . . erm, isn't it?
They give me Kaspersky for the phone as well, but given the problems I've had with them, I'm not that confident. Phone soft probem was sorted by them fairly quickly, but now the PC's cover is just stopping, requesting an update of definitions, and demanding a re-boot before resuming. I've had enough.
(The Rivetess has exactly the same problem - different address, computer, and install of Kaspersky.)