Donate to Remove ads

Got a credit card? use our Credit Card & Finance Calculators

Thanks to johnstevens77,Bhoddhisatva,scotia,Anonymous,Cornytiv34, for Donating to support the site

Santander strikes again

Discussing offers, rates and deals on suppliers
gnawsome
Lemon Slice
Posts: 406
Joined: November 6th, 2016, 4:44 pm
Has thanked: 764 times
Been thanked: 71 times

Santander strikes again

#133253

Postby gnawsome » April 19th, 2018, 1:05 pm

A message from Santander,
<At the moment, you don’t need to enter a One Time Passcode (OTP) when paying an existing payee or using your card for online purchases. This is changing, and from February 2018, you may need to enter an OTP to complete your transaction.>
I went to the trouble of going to branch to create a list of 'pay-to' accounts. This notice tells me that was a waste of time. It means that you should not have an account with Santander unless you have a mobile phone and are prepared to allow them to use it.

BobbyD
Lemon Half
Posts: 7814
Joined: January 22nd, 2017, 2:29 pm
Has thanked: 665 times
Been thanked: 1289 times

Re: Santander strikes again

#133272

Postby BobbyD » April 19th, 2018, 2:07 pm

gnawsome wrote:A message from Santander,
<At the moment, you don’t need to enter a One Time Passcode (OTP) when paying an existing payee or using your card for online purchases. This is changing, and from February 2018, you may need to enter an OTP to complete your transaction.>
I went to the trouble of going to branch to create a list of 'pay-to' accounts. This notice tells me that was a waste of time. It means that you should not have an account with Santander unless you have a mobile phone and are prepared to allow them to use it.


BBC consumer protection programmes spend half their time complaining that banks correctly carried out instructions for customers who instructed them to give their money to fraudsters, and the other half complaining when banks defer legitimate transactions due to concerns about fraud. The banks literally can't win.

If you don't have a mobile phone you can get and run one very cheaply. If you have one why would you object to the bank sending you a text message to make sure it is you trying to move your money around?

Loup321
Lemon Slice
Posts: 287
Joined: November 17th, 2016, 9:52 am
Has thanked: 104 times
Been thanked: 145 times

Re: Santander strikes again

#133292

Postby Loup321 » April 19th, 2018, 3:50 pm

I fell foul of this with Tesco a few years ago. I do not need or want a mobile phone, and while there are providers that don't require one I will use alternative providers. Tesco used to be fine with me accessing my ClubcardPlus account on two PCs, but then they decided that as I used a different computer from the last time I logged on, they weren't going to allow it unless they sent me a text message or a letter. The letter used to take 2 weeks to arrive (by which time I'd proabably forgotten which PC I had been using, or what on earth I was trying to accomplish anyway, and had tried logging in from the other PC so the letter was invalid anyway), and I don't have a mobile phone, so I couldn't use their online banking, and ended up closing the account (by writing a letter, because it was the only way they would communicate with me).

Nationwide and HSBC manage by issuing me a security device. Nationwide's requires my card and me to enter my normal PIN, and HSBC's requires a (yet another) security number I have memorized. Halifax telephone me on a number I have set up, in much the same way as HMRC. I just have to remember not to pay a new payee or try and access my tax return before 7.00 am or the whole house is woken up by the telephone!

If someone requires you to have a mobile phone, this should be clear in their terms and conditions. If it is, and you don't have one, you are in breach, but if it is not, they need to find a way to accommodate you. I would suggest that Sandanter have said that you MAY require a One Time Passcode, and your list of accounts you set up in branch should remove this need (for you personally). Wait and see...

My reasons for not having a mobile phone are mine, and are as valid as anyone elses for having a mobile phone.

BobbyD
Lemon Half
Posts: 7814
Joined: January 22nd, 2017, 2:29 pm
Has thanked: 665 times
Been thanked: 1289 times

Re: Santander strikes again

#133307

Postby BobbyD » April 19th, 2018, 4:32 pm

Loup321 wrote:
My reasons for not having a mobile phone are mine, and are as valid as anyone elses for having a mobile phone.


...and a companies reasons for deciding that they will require a mobile phone as part of a security protocol are theirs and every bit as valid as any other company which has not made the same decision, yet.

Slarti
Lemon Quarter
Posts: 2941
Joined: November 4th, 2016, 3:46 pm
Has thanked: 640 times
Been thanked: 496 times

Re: Santander strikes again

#133318

Postby Slarti » April 19th, 2018, 5:13 pm

BobbyD wrote:...and a companies reasons for deciding that they will require a mobile phone as part of a security protocol are theirs and every bit as valid as any other company which has not made the same decision, yet.


Not true.

Mobile phones are a very weak form of 2FA as the message is in plain text and not hard to intercept with a Man in the Middle attack. Or so I'm told.


Slarti

BobbyD
Lemon Half
Posts: 7814
Joined: January 22nd, 2017, 2:29 pm
Has thanked: 665 times
Been thanked: 1289 times

Re: Santander strikes again

#133338

Postby BobbyD » April 19th, 2018, 7:11 pm

Slarti wrote:
BobbyD wrote:...and a companies reasons for deciding that they will require a mobile phone as part of a security protocol are theirs and every bit as valid as any other company which has not made the same decision, yet.


Not true.

Mobile phones are a very weak form of 2FA as the message is in plain text and not hard to intercept with a Man in the Middle attack. Or so I'm told.


Slarti


That's not exactly what I said... I'm sure Santander have actually sat down and considered their security set up rather than just googling 'how should we secure our customers accounts', and if they've decided to use mobiles that's their choice, just as not having a mobile is the op's choice. People who don't like it are quite at liberty to move.

Urbandreamer
Lemon Quarter
Posts: 3121
Joined: December 7th, 2016, 9:09 pm
Has thanked: 347 times
Been thanked: 1025 times

Re: Santander strikes again

#133397

Postby Urbandreamer » April 20th, 2018, 7:02 am

As BobbyD said, it's a matter of choice on both sides.

While I am a fan of the Nationwide card reader, they also use to (and probably still do) offer a less secure password and personal data option.
(EDIT) Just checked and yes they do.
https://www.nationwide.co.uk/support/se ... yquestions
After all, while they give out the card readers, who takes them on holiday with them?

People don't have to own a mobile phone or smartphone, but you may find it a hell of a lot easier if you do own a smartphone. I personally found this out when I used the dartford crossing on holiday.

You need internet access to either pay the fee or to find out how to pay the fee (without paying over the internet). You also need to pay by the following midnight and it might be fun finding a post office open on a bank holiday (once you have found a library open to use the internet to find how to pay). I could go on, but you get the idea.

Ps I have accounts with both Santander and Nationwide. Sorry I can't make an argument about which provides the better account or service. While different I can't say that the differences sway me to one rather than the other.

Wmnr
Posts: 42
Joined: November 6th, 2016, 8:36 am
Been thanked: 9 times

Re: Santander strikes again

#133400

Postby Wmnr » April 20th, 2018, 7:42 am

Have you tried giving your landline phone number as the number to send the text to. BT landlines are able to receive text messages and convert them into voicemails, I believe.

bruncher
Lemon Quarter
Posts: 1163
Joined: November 4th, 2016, 12:20 pm
Has thanked: 310 times
Been thanked: 297 times

Re: Santander strikes again

#133443

Postby bruncher » April 20th, 2018, 10:35 am

After all, while they give out the card readers, who takes them on holiday with them?


I do

gnawsome
Lemon Slice
Posts: 406
Joined: November 6th, 2016, 4:44 pm
Has thanked: 764 times
Been thanked: 71 times

Re: Santander strikes again

#133500

Postby gnawsome » April 20th, 2018, 1:04 pm

If you don't have a mobile phone you can get and run one very cheaply. If you have one why would you object to the bank sending you a text message to make sure it is you trying to move your money around?


I do not understand how the bank sending a text to a mobile phone establishes proof of who you are, any more that is, than by the account being accessed by a normal online login.
I do believe that having a mobile phone and giving out that number opens opportunities for attack that would not otherwise be present. A mobile phone is a confusing device of itself, to use it to control ones cash is best done by those competent to do so - that does not include this octogenarian

gnawsome
Lemon Slice
Posts: 406
Joined: November 6th, 2016, 4:44 pm
Has thanked: 764 times
Been thanked: 71 times

Re: Santander strikes again

#133514

Postby gnawsome » April 20th, 2018, 1:40 pm

Loup321 wrote:If someone requires you to have a mobile phone, this should be clear in their terms and conditions. If it is, and you don't have one, you are in breach, but if it is not, they need to find a way to accommodate you. I would suggest that Sandanter have said that you MAY require a One Time Passcode, and your list of accounts you set up in branch should remove this need (for you personally). Wait and see...

My reasons for not having a mobile phone are mine, and are as valid as anyone elses for having a mobile phone.


I admire your optimism that "they need to find a way to accommodate you." We are all now 'profit centres'. To be so, we have to fit into patterns and that particularly means that we have to accommodate their (ever changing) requirements. They provide for their future requirements by scope to change their Ts&Cs.

Reasons to not have a mobile phone are indeed an individual decision and reasons to not give out any such number too numerous to list.
I very much regret providing my landline number over the years and it has only been by repeated complaints that the %age of nuisance calls has been reduced from 90~95% to the occasional interuption.
Similarly with unwanted 'stuff' thro' the letter box, it was not a simple instuction to Royal Mail, it meant a campaign over several years and repeated submissions before they put it into practice.
I put a large bold sign adjacent to my letter box to tell leafleteers and similar to put nothing here and have followed that up with complaints to councillors. Normal mode - other than normal mail delivery times - is that I block the letterbox.
A man's gotta do....

mc2fool
Lemon Half
Posts: 7812
Joined: November 4th, 2016, 11:24 am
Has thanked: 7 times
Been thanked: 3017 times

Re: Santander strikes again

#133518

Postby mc2fool » April 20th, 2018, 1:44 pm

gnawsome wrote:I do not understand how the bank sending a text to a mobile phone establishes proof of who you are, any more that is, than by the account being accessed by a normal online login.

Because the text includes a randomly generated time limited number that you then have to enter into their website to proceed. See https://en.wikipedia.org/wiki/Multi-factor_authentication

Of course, that doesn't prove who you are, but it makes it more likely than just the normal online login.

Alaric
Lemon Half
Posts: 6033
Joined: November 5th, 2016, 9:05 am
Has thanked: 20 times
Been thanked: 1399 times

Re: Santander strikes again

#133520

Postby Alaric » April 20th, 2018, 1:48 pm

mc2fool wrote:Of course, that doesn't prove who you are, but it makes it more likely than just the normal online login.


It proves you have the phone, or perhaps just the SIM.

https://motherboard.vice.com/en_us/arti ... le-stories

Stompa
Lemon Slice
Posts: 825
Joined: November 4th, 2016, 6:29 pm
Has thanked: 151 times
Been thanked: 208 times

Re: Santander strikes again

#133662

Postby Stompa » April 20th, 2018, 10:58 pm

Whilst I would personally find it a bit of a PITA, I imagine that you could use telephone banking to make payments without the need for OTPs.

arty
Posts: 18
Joined: September 20th, 2017, 10:34 am
Been thanked: 3 times

Re: Santander strikes again

#133669

Postby arty » April 21st, 2018, 5:18 am

Indeed, this is a PITA. I spend a few months a year in Japan, where my mobile doesn't work. With wifi I can do pretty much everything I want, but now they've introduced this I have to faff about calling them, going through security, etc, just to make a simple small transfer.
Funnily enough, I say I'm logged in online, and the security questions they ask are generally things like "how much did you spend in x, on the xth". Bit pointless really.

UncleEbenezer
The full Lemon
Posts: 10690
Joined: November 4th, 2016, 8:17 pm
Has thanked: 1459 times
Been thanked: 2965 times

Re: Santander strikes again

#133970

Postby UncleEbenezer » April 22nd, 2018, 8:46 pm

Stompa wrote:Whilst I would personally find it a bit of a PITA, I imagine that you could use telephone banking to make payments without the need for OTPs.

Telephone lines are not normally encrypted. That means your sensitive data (like a password or other identifier) are instantly at much higher risk than sending them over the web.

Of course, a bank could also screw up internally. That's a different risk.

XFool
The full Lemon
Posts: 12636
Joined: November 8th, 2016, 7:21 pm
Been thanked: 2608 times

Re: Santander strikes again

#134364

Postby XFool » April 24th, 2018, 10:54 am

UncleEbenezer wrote:
Stompa wrote:Whilst I would personally find it a bit of a PITA, I imagine that you could use telephone banking to make payments without the need for OTPs.

Telephone lines are not normally encrypted. That means your sensitive data (like a password or other identifier) are instantly at much higher risk than sending them over the web.

Surely that's why they don't ask for a "password"? Rather they ask for: "Letters three and five from your password" etc.

At least they used to. But it's been a long time since I used telephone banking.

UncleEbenezer
The full Lemon
Posts: 10690
Joined: November 4th, 2016, 8:17 pm
Has thanked: 1459 times
Been thanked: 2965 times

Re: Santander strikes again

#134405

Postby UncleEbenezer » April 24th, 2018, 12:27 pm

XFool wrote:
UncleEbenezer wrote:
Stompa wrote:Whilst I would personally find it a bit of a PITA, I imagine that you could use telephone banking to make payments without the need for OTPs.

Telephone lines are not normally encrypted. That means your sensitive data (like a password or other identifier) are instantly at much higher risk than sending them over the web.

Surely that's why they don't ask for a "password"? Rather they ask for: "Letters three and five from your password" etc.

At least they used to. But it's been a long time since I used telephone banking.

Ok, for a related better example, consider when you make a payment by credit or debit card. Online, your card details are secure in transmission. Over the phone they're transmitted in the open. What happens at the far end is out of your control either way.

Not quite the same situation as 'phone banking. I wouldn't feel comfortable without the details in front of me on the screen, but YMMV.

How does your phone banking work? If you're speaking to a human that's one more source of possible error or fraud, while if you're using a keypad to talk to a robot, you've taken out the hurdle of speech recognition and are wide open to mass-surveillence by an eavesdropping 'bot listening to *everything* on a line and collecting sensitive data. Including, over time, your entire password.

swill453
Lemon Half
Posts: 7962
Joined: November 4th, 2016, 6:11 pm
Has thanked: 984 times
Been thanked: 3643 times

Re: Santander strikes again

#134416

Postby swill453 » April 24th, 2018, 12:41 pm

UncleEbenezer wrote:How does your phone banking work? If you're speaking to a human that's one more source of possible error or fraud, while if you're using a keypad to talk to a robot, you've taken out the hurdle of speech recognition and are wide open to mass-surveillence by an eavesdropping 'bot listening to *everything* on a line and collecting sensitive data. Including, over time, your entire password.

Ironically using a mobile phone for phone banking makes it more secure than a landline, and just about as secure as online banking. Either way you have an encrypted communication path, but have to trust the personnel at the bank.

Scott.

GeoffF100
Lemon Quarter
Posts: 4720
Joined: November 14th, 2016, 7:33 pm
Has thanked: 178 times
Been thanked: 1363 times

Re: Santander strikes again

#134439

Postby GeoffF100 » April 24th, 2018, 1:58 pm

Santander (or perhaps it was Abbey National in those days) have been sending me OTPs for many years. I used a cheap PAYG dumb phone for several years, and bought a smart phone when the prices came down.


Return to “Bank Accounts Savings & ISAs”

Who is online

Users browsing this forum: No registered users and 10 guests