FNB is dropping email and SMS

[Jamie McKane]

FNB is dropping email and SMS

FNB recently announced a number of major changes to its consumer banking process - including the phasing out of email and SMS notifications.

The latest changes are related to online shopping and the issuing of one-time PINs (OTPs).

 

[|tera|]

Forward. Backwards. Backwards. Backwards.

 

[Sinbad]

Forward. Backwards. Backwards. Backwards.

How so? Email and SMS are not secure.

 

[|tera|]

How so? Email and SMS are not secure.

How is the OTP delivered? Push?
Or doves?

 

[Sinbad]

How is the OTP delivered? Push?
Or doves?

Push notification to app.
App is tied to a device - so a sim swap will not result in the OTPs going to a different phone.

 

[Hamster]

How is the OTP delivered? Push?
Or doves?

Push. What's the problem?

 

[Jet-Fighter7700]

How so? Email and SMS are not secure.

what if your not logged in? what if your phone just got stolen,
and your desperately trying to stop the thieves from withdrawing your life savings.

I can think of dozens of scenarios where this is a disadvantage.

 

[NeonNinja]

what if your not logged in? what if your phone just got stolen,
and your desperately trying to stop the thieves from withdrawing your life savings.

I can think of dozens of scenarios where this is a disadvantage.

You need to enter you password in the app, or your fingerprint to authorise any transaction.

 

[backstreetboy]

Lol they're dropping the ball as well.

 

[NeonNinja]

How so? Email and SMS are not secure.

Exactly what I'm thinking...

 

[Hamster]

But but.... push OTP has been done for years. It's never been a problem. Nobody's life savings have ever been stolen because their phone was stolen.

 

[Hamster]

@rpm - can we have a poll:

1. I don't have a problem with it
2. This is stupid
3. This is stupid and I am a developer who understands the technology and have an informed opinion.

 

[Sinbad]

what if your not logged in? what if your phone just got stolen,
and your desperately trying to stop the thieves from withdrawing your life savings.

I can think of dozens of scenarios where this is a disadvantage.

You don't have to be logged in to receive notifications.
If your phone got stolen, why is it unlocked?
If your phone got stolen, they receive the OTP SMS and email ANYWAY if it's unlocked.

Still not seeing the disadvantage, while protection from sim swap and email account compromise is surely an advantage?

 

[Sinbad]

@rpm - can we have a poll:

1. I don't have a problem with it
2. This is stupid
3. This is stupid and I am a developer who understands the technology and have an informed opinion.

4. I understand the technology, have an informed opinion, and think it's a good idea.

 

[Lupus]

what if your not logged in? what if your phone just got stolen,
and your desperately trying to stop the thieves from withdrawing your life savings.

I can think of dozens of scenarios where this is a disadvantage.

It's a lot harder to steal your lifesavings with the push notification to the app, as you'd need to enter in your password or biometric scanner to open the app to approve.
The OTP would come in via an SMS and bam life savings gone.

 

[My_King]

 

[NeonNinja]

Damn. All these FNB haters have been found out.

 

[|tera|]

Push notification to app.
App is tied to a device - so a sim swap will not result in the OTPs going to a different phone.

Push today. A year from now they will drop it for doves.

My email account has a 40 character random generated password.
My banking credentials are encrypted in a password manager with no reset option. It's impossible to retrieve passwords from the manager without the correct password.

I don't see how it's more secure?
It's notifications.
Drop the OTP from sms and email.
At least give balances and important notifications via sms and email.

Imagine being off grid and returning to receive a push that your account was withdrawn without your knowledge.

Not fun times.

 

[Jet-Fighter7700]

You need to enter you password in the app, or your fingerprint to authorise any transaction.

You don't have to be logged in to receive notifications.
If your phone got stolen, why is it unlocked?
If your phone got stolen, they receive the OTP SMS and email ANYWAY if it's unlocked.

Still not seeing the disadvantage, while protection from sim swap and email account compromise is surely an advantage?

what if you didnt lock your phone, and just left it on swipe to unlock?
are you an Id10t then? and deserve to be robbed?

also like @|tera| says, what if your off grid?

 

[Sinbad]

Push today. A year from now they will drop it for doves.

My email account has a 40 character random generated password.
My banking credentials are encrypted in a password manager with no reset option. It's impossible to retrieve passwords from the manager without the correct password.

I don't see how it's more secure?
It's notifications.
Drop the OTP from sms and email.
At least give balances and important notifications via sms and email.

Imagine being off grid and returning to receive a push that your account was withdrawn without your knowledge.

Not fun times.

It's not a notification. It's an OTP/Authorisation request. Did you read the article?
The scenario you give (in bold) is a LOT more likely to happen with a sim swap or your email account being compromised.

From the article:
“If the customer does not have the FNB App or does not respond to the FNB App push message to approve their online purchase, they will receive the OTP via SMS, App messaging and by logging onto Online Banking messaging,” FNB said.

“Receiving OTP via email is being discontinued in line with the bank’s strategy to discontinue communication via this format for safety measures.”

So, even so, it still gives the SMS OTP which hopefully will go away soon.