Bank Card security

[XFool]

This is interesting news. TiM, of course, highlights all the negatives:

Banks will soon require text message confirmation for online Visa card purchases in shake-up that will hit ALL internet shoppers

This is Money

In fact Barclaycard have issued me with their 'PINsentry' card reader.

As pointed out in posts above, these readers work on more than one card/bank. I used it to log on to my NW bank account. I tried my other cards - all VISA - and one other credit card failed to Identify using the relevant PIN. So it looks like they work on all cards that have been set up to use a card reader. Or at least, all VISA cards so enabled.

[TheWildshot]

In the Lootman vs AF62 debate I must live in Outer Mongolia? I very much support Lootman's case. I travel extensively (globally) and frequently (monthly) with work and can be away for weeks at a time. Making transactions on the internet is not something unique to me, however having a mobile phone and with a signal is not a guarantee. I'm not a fan of giving a mobile number to any organisation and through GDPR I should have the right to refuse to give my number, even if it is for practical reasons such as knowing I won't have the phone with me when they want to ring.

[JohnB]

Even though I have access to a mobile, its another faff to have to copy codes from the phone. In the same way I log into my bank accounts with passwords rather than creating One Time Passwords on their key fobs. I'm just hoping that the frequency of extra security questions remains low for random sites, and not at all for sites that have my cards registered with them, like Amazon.

I wish people proposing extra security allow for the costs of the extra transaction time for consumers.

[XFool]

Just to recap here - much time was spent on e.g. the irrelevant subject of Verified by Visa.

This two factor authentication applies to ALL banks and online banking/card transactions. Also, it is the two factor that is the point rather than a mobile phone as such, though that is obviously a convenient method for most.

AFAICS There are 3/4 approaches that can be used to obtain the one time code:

1. Text message to mobile (for most people this is convenient)

2. Text message to standard land line phone

3. Sent to email account

4. Card reader machine to generate code locally

Differing banks will doubtless have their own options. For instance, though I have a mobile, Barclaycard does not, AFAIK, have my number. They simply posted me one of their 'PINsentry' card readers.

[TwmSionCati]

all the systems I have used offer options for mobile and landline.

Perhaps, but not all do. Citibank’s offer only the mobile option. (Despite using AQL’s Text-to-Speech service for other texts to landlines!)

Still, as you point out, there’s no money in catering for country bumpkins who live in Not-Spots. So, being one such, I switched my account, to TSB, which offers a TtS service to my landline.

Still, there’s the FCA’s Policy Statement PS18/24 (December 2018): “account providers must satisfy us that their methods of access do not directly or indirectly dissuade customers from using the services of payment initiation service providers (PISPs), account information service providers (AISPs) and card-based payment instrument issuers (CBPIIs) ...” [p. 10]

TSC

[XFool]

This is interesting news. TiM, of course, highlights all the negatives:

Banks will soon require text message confirmation for online Visa card purchases in shake-up that will hit ALL internet shoppers

This is Money

Same method as used by HMRC with online accounts.

I am not surprised the 'Verified by Visa' system is being replaced. It used to irritate me and I never used it as intended, just used a one time password which I never bothered to remember. Had to start again from scratch every time. Eventually 'V by V' switched to asking for the same card details you had just entered for the merchant. So I imagine everyone else was doing the same thing.

A curious twist on this.

I renewed my car insurance a day or so ago over the Internet. Paying by Visa Barclaycard I was faced with the 'New' Visa security check. Funny! It looked remarkably like the old 'Verified by Visa' to me, with the addition of asking for my email address. As usual with this guff I just made up a one time password which I made no attempt to record or remember. Doesn't everyone?

So whatever happened to the brand new 3 Factor authentication via Text message or the Barclaycard PINsentry machine I was sent?

That article in the OP dates from July 2018