FNB is dropping email and SMS

eg2505

Honorary Master
Joined
Mar 12, 2008
Messages
21,517
How so? Email and SMS are not secure.
what if your not logged in? what if your phone just got stolen,
and your desperately trying to stop the thieves from withdrawing your life savings.

I can think of dozens of scenarios where this is a disadvantage.
 

NeonNinja

Neon Resident
Joined
Nov 22, 2009
Messages
22,178
what if your not logged in? what if your phone just got stolen,
and your desperately trying to stop the thieves from withdrawing your life savings.


I can think of dozens of scenarios where this is a disadvantage.
You need to enter you password in the app, or your fingerprint to authorise any transaction.
 

Hamster

Resident Rodent
Joined
Aug 22, 2006
Messages
36,604
But but.... push OTP has been done for years. It's never been a problem. Nobody's life savings have ever been stolen because their phone was stolen.
 

Sinbad

Honorary Master
Joined
Jun 5, 2006
Messages
74,649
what if your not logged in? what if your phone just got stolen,
and your desperately trying to stop the thieves from withdrawing your life savings.

I can think of dozens of scenarios where this is a disadvantage.
You don't have to be logged in to receive notifications.
If your phone got stolen, why is it unlocked?
If your phone got stolen, they receive the OTP SMS and email ANYWAY if it's unlocked.

Still not seeing the disadvantage, while protection from sim swap and email account compromise is surely an advantage?
 

Lupus

Honorary Master
Joined
Apr 25, 2006
Messages
29,662
what if your not logged in? what if your phone just got stolen,
and your desperately trying to stop the thieves from withdrawing your life savings.

I can think of dozens of scenarios where this is a disadvantage.
It's a lot harder to steal your lifesavings with the push notification to the app, as you'd need to enter in your password or biometric scanner to open the app to approve.
The OTP would come in via an SMS and bam life savings gone.
 

SpaceIgniter

Master of Messengers
Joined
Mar 31, 2006
Messages
24,129
Push notification to app.
App is tied to a device - so a sim swap will not result in the OTPs going to a different phone.
Push today. A year from now they will drop it for doves.

My email account has a 40 character random generated password.
My banking credentials are encrypted in a password manager with no reset option. It's impossible to retrieve passwords from the manager without the correct password.

I don't see how it's more secure?
It's notifications.
Drop the OTP from sms and email.
At least give balances and important notifications via sms and email.

Imagine being off grid and returning to receive a push that your account was withdrawn without your knowledge.

Not fun times.
 

eg2505

Honorary Master
Joined
Mar 12, 2008
Messages
21,517
You need to enter you password in the app, or your fingerprint to authorise any transaction.
You don't have to be logged in to receive notifications.
If your phone got stolen, why is it unlocked?
If your phone got stolen, they receive the OTP SMS and email ANYWAY if it's unlocked.

Still not seeing the disadvantage, while protection from sim swap and email account compromise is surely an advantage?
what if you didnt lock your phone, and just left it on swipe to unlock?
are you an Id10t then? and deserve to be robbed?

also like @|tera| says, what if your off grid?
 

Sinbad

Honorary Master
Joined
Jun 5, 2006
Messages
74,649
Push today. A year from now they will drop it for doves.

My email account has a 40 character random generated password.
My banking credentials are encrypted in a password manager with no reset option. It's impossible to retrieve passwords from the manager without the correct password.

I don't see how it's more secure?
It's notifications.
Drop the OTP from sms and email.
At least give balances and important notifications via sms and email.

Imagine being off grid and returning to receive a push that your account was withdrawn without your knowledge.

Not fun times.
It's not a notification. It's an OTP/Authorisation request. Did you read the article?
The scenario you give (in bold) is a LOT more likely to happen with a sim swap or your email account being compromised.

From the article:
“If the customer does not have the FNB App or does not respond to the FNB App push message to approve their online purchase, they will receive the OTP via SMS, App messaging and by logging onto Online Banking messaging,” FNB said.

“Receiving OTP via email is being discontinued in line with the bank’s strategy to discontinue communication via this format for safety measures.”

So, even so, it still gives the SMS OTP which hopefully will go away soon.
 
Top