FNB is dropping email and SMS

NeonNinja

Neon Resident
Joined
Nov 22, 2009
Messages
25,259
what if you didnt lock your phone, and just left it on swipe to unlock?
are you an Id10t then? and deserve to be robbed?

also like @|tera| says, what if your off grid?
Let me explain further. Your phone's security (swipe, finger, face, password) is independent to FNB's security. Even if your phone is unlocked or doesn't have a lock activated, you still need to enter your bank password or fingerprint to authorise any transaction on the FNB app, even if it's R1.
 

Sinbad

Honorary Master
Joined
Jun 5, 2006
Messages
81,189
what if you didnt lock your phone, and just left it on swipe to unlock?
are you an Id10t then? and deserve to be robbed?

also like @|tera| says, what if your off grid?
christ, then they STILL get the ****ing SMS and email. How is the app LESS secure than an SMS app on an unlocked phone?
 

PsyWulf

Honorary Master
Joined
Nov 22, 2006
Messages
16,650
Push today. A year from now they will drop it for doves.

My email account has a 40 character random generated password.
If the password was being regenerated daily sure that would be pretty immune to any form of password harvesting

My banking credentials are encrypted in a password manager with no reset option. It's impossible to retrieve passwords from the manager without the correct password.
So in effect this change is not for or against you since this doesn't seem related to OTP or your cellphone being stolen

At least give balances and important notifications via sms and email.

Imagine being off grid and returning to receive a push that your account was withdrawn without your knowledge.

Not fun times.
Fair

In summary:
You have a slightly valid point regarding not being able to receive some notifications without a failback
The rest is hufflepuff
 

Jet-Fighter7700

Honorary Master
Joined
Mar 12, 2008
Messages
31,697
you still need to enter your bank password or fingerprint to authorise any transaction on the FNB app, even if it's R1.
so its perfectly secure as long as you dont store your Password to the App on your phone?
so if you have a password manager your safe?
 

NeonNinja

Neon Resident
Joined
Nov 22, 2009
Messages
25,259
so its perfectly secure as long as you dont store your Password to the App on your phone?
so if you have a password manager your safe?
The app doesn't let you store the password (Chrome does though, but still you need the app to authorise the transaction). So you always enter it.

A password manager (an app) I assume needs a password as well? So there's a layer in there.
 

Jet-Fighter7700

Honorary Master
Joined
Mar 12, 2008
Messages
31,697
lets see how the criminals drain your bank account now,
hostages needed to drain your accounts now?

maybe FNB can enable some kind of Panic button on the app now?
so lets you do the transaction, but alerts FNB your under duress.
(maybe even sends out a alert to SAPS)
 

2023

Honorary Master
Joined
Jan 22, 2012
Messages
10,696
It's not a notification. It's an OTP/Authorisation request. Did you read the article?
The scenario you give (in bold) is a LOT more likely to happen with a sim swap or your email account being compromised.

From the article:
If the customer does not have the FNB App or does not respond to the FNB App push message to approve their online purchase, they will receive the OTP via SMS, App messaging and by logging onto Online Banking messaging,” FNB said.

“Receiving OTP via email is being discontinued in line with the bank’s strategy to discontinue communication via this format for safety measures.”

So, even so, it still gives the SMS OTP which hopefully will go away soon.

So they can still get around it if they really wanted to (like doing a transaction at 3am when they know you won't respond to a notification)?
 
  • Like
Reactions: 3WA

NeonNinja

Neon Resident
Joined
Nov 22, 2009
Messages
25,259
lets see how the criminals drain your bank account now,
hostages needed to drain your accounts now?

maybe FNB can enable some kind of Panic button on the app now?
so lets you do the transaction, but alerts FNB your under duress.
(maybe even sends out a alert to SAPS)
They just severe your thumb...
 

Grouter

Executive Member
Joined
Sep 7, 2007
Messages
5,667
You need to enter you password in the app, or your fingerprint to authorise any transaction.
No. Not with me. Set up beneficiary, app pops up: "Approve?" Yes. Added. No password asked for, no fingerprint. You just need to come and steal the laptop and the phone and you're good to go.
 

NeonNinja

Neon Resident
Joined
Nov 22, 2009
Messages
25,259
So they can still get around it if they really wanted to (like doing a transaction at 3am when they know you won't respond to a notification)?
The notification needs the owners authorisation, either a password or a finger print. If your password has been compromised that's a whole different story.
 

2023

Honorary Master
Joined
Jan 22, 2012
Messages
10,696
No. Not with me. Set up beneficiary, app pops up: "Approve?" Yes. Added. No password asked for, no fingerprint. You just need to come and steal the laptop and the phone and you're good to go.

Does your phone need to unlocked first?
 

Jet-Fighter7700

Honorary Master
Joined
Mar 12, 2008
Messages
31,697
No. Not with me. Set up beneficiary, app pops up: "Approve?" Yes. Added. No password asked for, no fingerprint. You just need to come and steal the laptop and the phone and you're good to go.
same with me, just says approve, no password or anything required.
 

2023

Honorary Master
Joined
Jan 22, 2012
Messages
10,696
The notification needs the owners authorisation, either a password or a finger print. If your password has been compromised that's a whole different story.

But if you don't respond to the notification (because they are asleep at 3am), it falls back to sms - back to the problematic systems they are trying to avoid.
 

Sinbad

Honorary Master
Joined
Jun 5, 2006
Messages
81,189
same with me, just says approve, no password or anything required.
Phone needs to be unlocked though right?
This is still no less secure than receiving an SMS - you don't need a password to read your SMSs, right? If your phone is taken, then you're vulnerable. But you're likely to notice this. You're a lot less likely to notice a sim swap or a compromised mail account in time to stop your account being emptied.
 

Grouter

Executive Member
Joined
Sep 7, 2007
Messages
5,667
Does your phone need to unlocked first?
Mine, yes. Wife: no. Just a password. Let's not go there. I keep telling her.....I showed her how dangerous it is. She's so whatsapp-happy she cursed like a sailor having to unlock her phone all the time.
Perhaps I need to risk another dummy-spit moment and insist she puts a password on her phone. Thanks for reminding me.
 

NeonNinja

Neon Resident
Joined
Nov 22, 2009
Messages
25,259
No. Not with me. Set up beneficiary, app pops up: "Approve?" Yes. Added. No password asked for, no fingerprint. You just need to come and steal the laptop and the phone and you're good to go.
I get adding a beneficiary, what about a transaction to said beneficiary? Can't clearly remember, don't you need app authorisation for that? Plus phone's own security to circumvent.
 

Grouter

Executive Member
Joined
Sep 7, 2007
Messages
5,667
I get adding a beneficiary, what about a transaction to said beneficiary? Can't clearly remember, don't you need app authorisation for that? Plus phone's own security to circumvent.
Yes, and it just approves it. The problem, as I outlined above, is that my wife refuses to pin-or-password protect her phone....
 
Top