FNB is dropping email and SMS

[NeonNinja]

what if you didnt lock your phone, and just left it on swipe to unlock?
are you an Id10t then? and deserve to be robbed?

also like @|tera| says, what if your off grid?

Let me explain further. Your phone's security (swipe, finger, face, password) is independent to FNB's security. Even if your phone is unlocked or doesn't have a lock activated, you still need to enter your bank password or fingerprint to authorise any transaction on the FNB app, even if it's R1.

 

[Sinbad]

what if you didnt lock your phone, and just left it on swipe to unlock?
are you an Id10t then? and deserve to be robbed?

also like @|tera| says, what if your off grid?

christ, then they STILL get the ****ing SMS and email. How is the app LESS secure than an SMS app on an unlocked phone?

 

[PsyWulf]

Push today. A year from now they will drop it for doves.

My email account has a 40 character random generated password.

If the password was being regenerated daily sure that would be pretty immune to any form of password harvesting

My banking credentials are encrypted in a password manager with no reset option. It's impossible to retrieve passwords from the manager without the correct password.

So in effect this change is not for or against you since this doesn't seem related to OTP or your cellphone being stolen

At least give balances and important notifications via sms and email.

Imagine being off grid and returning to receive a push that your account was withdrawn without your knowledge.

Not fun times.

Fair

In summary:
You have a slightly valid point regarding not being able to receive some notifications without a failback
The rest is hufflepuff

 

[|tera|]

Thanks Sinbad for the synopsis.
Haven't slept for 3 days.
I think I need a forum break.

 

[Jet-Fighter7700]

you still need to enter your bank password or fingerprint to authorise any transaction on the FNB app, even if it's R1.

so its perfectly secure as long as you dont store your Password to the App on your phone?
so if you have a password manager your safe?

 

[NeonNinja]

so its perfectly secure as long as you dont store your Password to the App on your phone?
so if you have a password manager your safe?

The app doesn't let you store the password (Chrome does though, but still you need the app to authorise the transaction). So you always enter it.

A password manager (an app) I assume needs a password as well? So there's a layer in there.

 

[Jet-Fighter7700]

lets see how the criminals drain your bank account now,
hostages needed to drain your accounts now?

maybe FNB can enable some kind of Panic button on the app now?
so lets you do the transaction, but alerts FNB your under duress.
(maybe even sends out a alert to SAPS)

 

[2023]

It's not a notification. It's an OTP/Authorisation request. Did you read the article?
The scenario you give (in bold) is a LOT more likely to happen with a sim swap or your email account being compromised.

From the article:
“If the customer does not have the FNB App or does not respond to the FNB App push message to approve their online purchase, they will receive the OTP via SMS, App messaging and by logging onto Online Banking messaging,” FNB said.

“Receiving OTP via email is being discontinued in line with the bank’s strategy to discontinue communication via this format for safety measures.”

So, even so, it still gives the SMS OTP which hopefully will go away soon.

So they can still get around it if they really wanted to (like doing a transaction at 3am when they know you won't respond to a notification)?

 

[NeonNinja]

lets see how the criminals drain your bank account now,
hostages needed to drain your accounts now?

maybe FNB can enable some kind of Panic button on the app now?
so lets you do the transaction, but alerts FNB your under duress.
(maybe even sends out a alert to SAPS)

They just severe your thumb...

 

[Grouter]

You need to enter you password in the app, or your fingerprint to authorise any transaction.

No. Not with me. Set up beneficiary, app pops up: "Approve?" Yes. Added. No password asked for, no fingerprint. You just need to come and steal the laptop and the phone and you're good to go.

 

[NeonNinja]

So they can still get around it if they really wanted to (like doing a transaction at 3am when they know you won't respond to a notification)?

The notification needs the owners authorisation, either a password or a finger print. If your password has been compromised that's a whole different story.

 

[Jet-Fighter7700]

They just severe your thumb...

ok, but about my other idea?
duress or hostage situation alerting.

 

[2023]

No. Not with me. Set up beneficiary, app pops up: "Approve?" Yes. Added. No password asked for, no fingerprint. You just need to come and steal the laptop and the phone and you're good to go.

Does your phone need to unlocked first?

 

[Jet-Fighter7700]

No. Not with me. Set up beneficiary, app pops up: "Approve?" Yes. Added. No password asked for, no fingerprint. You just need to come and steal the laptop and the phone and you're good to go.

same with me, just says approve, no password or anything required.

 

[2023]

The notification needs the owners authorisation, either a password or a finger print. If your password has been compromised that's a whole different story.

But if you don't respond to the notification (because they are asleep at 3am), it falls back to sms - back to the problematic systems they are trying to avoid.

 

[Sinbad]

same with me, just says approve, no password or anything required.

Phone needs to be unlocked though right?
This is still no less secure than receiving an SMS - you don't need a password to read your SMSs, right? If your phone is taken, then you're vulnerable. But you're likely to notice this. You're a lot less likely to notice a sim swap or a compromised mail account in time to stop your account being emptied.

 

[Grouter]

Does your phone need to unlocked first?

Mine, yes. Wife: no. Just a password. Let's not go there. I keep telling her.....I showed her how dangerous it is. She's so whatsapp-happy she cursed like a sailor having to unlock her phone all the time.
Perhaps I need to risk another dummy-spit moment and insist she puts a password on her phone. Thanks for reminding me.

 

[NeonNinja]

No. Not with me. Set up beneficiary, app pops up: "Approve?" Yes. Added. No password asked for, no fingerprint. You just need to come and steal the laptop and the phone and you're good to go.

I get adding a beneficiary, what about a transaction to said beneficiary? Can't clearly remember, don't you need app authorisation for that? Plus phone's own security to circumvent.

 

[Grouter]

I get adding a beneficiary, what about a transaction to said beneficiary? Can't clearly remember, don't you need app authorisation for that? Plus phone's own security to circumvent.

Yes, and it just approves it. The problem, as I outlined above, is that my wife refuses to pin-or-password protect her phone....

 

[Sinbad]

Yes, and it just approves it. The problem, as I outlined above, is that my wife refuses to pin-or-password protect her phone....

Get her one with a fingerprint reader?