Internet Banking via a web browser

TheCouchCavalier said:
If you could expand on your statement it would be appreciated?
Click to expand...
What would you like me to expand on?

Very few banks would delegate security to a Authenticator app. That would make it insecure lol.
A digital security key like Capitec did yonks ago and email + number are actually fine.

Many others have stated we have the one of the best Banking systems in the world. Don't stress too much.

https://2fa.directory/int/#banking -> Majority use Email and SMS.
 
I'm more referring to two factor authentication username, password and another channel of authentication such as in app or time based OTP.

Multichannel is always more secure than single channel.

Email and sms are inherently insecure as they are (generally) not encrypted and sms is susceptible to sim swap.
 
TheCouchCavalier said:
I'm more referring to two factor authentication username, password and another channel of authentication such as in app or time based OTP.

Multichannel is always more secure than single channel.

Email and sms are inherently insecure as they are (generally) not encrypted and sms is susceptible to sim swap.
Click to expand...

Everything is susceptible to interference if the 3rd party really wants to rob you.

And the bank will replace any money as long as it wasn’t through your own negligence.

Like I said, if you’re so worried. Give them a hack, they pay handsomely in big bounty’s or jail terms if you aren’t careful.
 
If the security technology exists, why shouldn't it be used? Facebook has it, twitter, Carbonite.

Yet standard bank does not.

They're have been more than a few stories where people were not refunded the money because the nefarious actors knew the login credentials.

For example, there is a key logger on your machine. Your details are captured. Bad actors go to login to your bank. If you have no MFA they login and transfer all your cash. If you do have MFA you get a pop up on your screen asking if you want to complete your login. You say no and your account is locked down.
 
TheCouchCavalier said:
If the security technology exists, why shouldn't it be used? Facebook has it, twitter, Carbonite.

Yet standard bank does not.

They're have been more than a few stories where people were not refunded the money because the nefarious actors knew the login credentials.

For example, there is a key logger on your machine. Your details are captured. Bad actors go to login to your bank. If you have no MFA they login and transfer all your cash. If you do have MFA you get a pop up on your screen asking if you want to complete your login. You say no and your account is locked down.
Click to expand...
Keylogger is your negligence. Not the banks.

As mentioned if you login to internet banking on Standard Bank from a different IP Address it asks you to authenticate again using a OTP.
 
TheCouchCavalier said:
If the security technology exists, why shouldn't it be used? Facebook has it, twitter, Carbonite.

Yet standard bank does not.

They're have been more than a few stories where people were not refunded the money because the nefarious actors knew the login credentials.

For example, there is a key logger on your machine. Your details are captured. Bad actors go to login to your bank. If you have no MFA they login and transfer all your cash. If you do have MFA you get a pop up on your screen asking if you want to complete your login. You say no and your account is locked down.
Click to expand...
omw did you not read what others including myself has said...

Std bank has SMS AND QR Code 2fa authentication...

here is the screenshot

ALSO to use this on your phone your have to authenticate again via bio metrics or password. So whats that 3/4 FA?

1662843931948.png
 
Snyper564 said:
omw did you not read what others including myself has said...

Std bank has SMS AND QR Code 2fa authentication...

here is the screenshot

ALSO to use this on your phone your have to authenticate again via bio metrics or password. So whats that 3/4 FA?

View attachment 1380635
Click to expand...
I did and thanks for that.

But sms is inherently insecure channel susceptible to sim swap.

The qr code is good method however its not present every time you login? Only when from a new device/ip? Or am I mistaken?
 
TheCouchCavalier said:
I did and thanks for that.

But sms is inherently insecure channel susceptible to sim swap.

The qr code is good method however its not present every time you login? Only when from a new device/ip? Or am I mistaken?
Click to expand...
You are mistaken, its also up to the person to turn off SMS.

I use the QR code everytime I log in...
 
TheCouchCavalier said:
Morning all,

Long time reader first time poster.

I have been struggling to understand why Standard Bank does not yet have 2FA on their internet banking log in, most services worth their salt have this feature and some even force it. Sites like Twitter, Carbonite, AWS and even Steam has it's own baked in flavor.

I want to find out from other users that use other banks internet banking, do they offer 2FA either through time-based codes or through some form of app based 2fa?

I also don;t believe that SMS is a secure channel an is susceptible to sim swaps.

Regards,
TCC
Click to expand...
They do, you just have to set it up. I get prompted to authenticate my internet banking often via my cellphone.

Maybe they just dont like you.
 
Std Bank Authenticates you further via your device ID too. Thats a new system setup too.

They block extremely quickly. Try sending money to Luno, look how quickly they like to block. Instant
 
Corelli said:
They do, you just have to set it up. I get prompted to authenticate my internet banking often via my cellphone.

Maybe they just dont like you.
Click to expand...
Thanks for all the feedback, been digging deeper. They have a thing called DigiMe, seems like that might be it.
 
TheCouchCavalier said:
I did and thanks for that.

But sms is inherently insecure channel susceptible to sim swap.

The qr code is good method however its not present every time you login? Only when from a new device/ip? Or am I mistaken?
Click to expand...
It's there everytime if you have the banking app.

Besides creating new beneficiaries , i.e to transfer money, requires an OTP.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X