Questions tagged [banks]
Use for questions about security practices used by banks and other financial institutions.
233
questions
0
votes
1
answer
57
views
BankID and QR codes attacked by man-in-the-middle?
There is a general national login ID system used in the Nordics called BankID.
Very often a user will go to a website that employs the BankID login and click "login with QR". Having done so ...
0
votes
0
answers
28
views
Why is selecting a code in banking app necessary for MFA? [duplicate]
At my old bank, logging in via a browser required that I open their app on my phone and tap a button to authenticate my login.
My new bank is very similar but instead of a single button to click, I ...
0
votes
0
answers
65
views
Modern security implementation: operation token sent to the bank by secure server
This post is related to this post on Android users stack exchange relating to conceiving of a variety of household situations and files and a post related to what immutable storage is which was ...
1
vote
1
answer
156
views
Is 3DS compatible with secure 2FA technologies? (TOTP, WebAuthn)
Is PSD2's Strong Customer Authentication requirement possible to satisfy with secure 2FA solutions, such as TOTP and WebAuthn?
For the purposes of this question, I'm classifying all systems where an ...
1
vote
0
answers
123
views
Are banks significantly reducing security by migrating everyone to mobile banking?
I have noticed a disturbing trend across banks (in the EU). Previously, many banks used 2FA by combining a login/password for an online banking website with a mobile authenticator app. However, many ...
1
vote
0
answers
190
views
Can the IBAN of the initiator of a SEPA direct debit be faked? [closed]
I am living in Germany and when you get a phone call the phone number of the caller on the display can be faked. For example you can get a call from 110 (police phone number) but it's a scam. And that ...
2
votes
1
answer
364
views
Why don't bank verification services use OAuth
I'm going off of this answer, but asking a new question since that's quite old.
It seems to be becoming more common for banks or other "legitimate" institutions to want your banking username ...
0
votes
0
answers
30
views
Bank employees asked random 2 characters of password during verification! [duplicate]
Let me ask to experts how bank BBVA and Santander en España can check dedicated digits of my password during call to their hot line?
They said me that it is verification procedure but I am not sure it ...
0
votes
2
answers
715
views
Is reading off a OTP code over the phone standard practice?
I just called a number that I thought was my bank's and reached a customer service representative that asked me to verbally read to them a one-time passcode that was texted to my phone.
Is this ...
3
votes
1
answer
237
views
How are the bank's "voiceprint" authentication methods secure?
A few years ago, an agent from the bank rang up to say my credit card was compromised. But first they wanted me to confirm who I was. I refused, they were ringing from a private number, they could ...
0
votes
1
answer
205
views
My Bank Enforces A 6 Character Limit On Passwords. Is This Bad? [duplicate]
A bank I (previously) used in Australia forced users to comply with a 6-character limit on every password. Specifically, the rules were:
6 characters exactly, including at least 1 number and letter
...
51
votes
5
answers
6k
views
Should a bank be able to shorten your password without your involvement?
The bank of a friend changed password policy, such that you are limited to 20 characters. However, he used 24 letters before and thus was not able to log in anymore.
He called his advisor, who ...
1
vote
0
answers
134
views
What is the value of no paste text boxes for bank web sites?
HSBC Bank plc (UK) has a OTP system to confirm online payments via SMS. The 6 figure number is sent to the user who enters it into the website. Sometimes the cards registered email address is ...
2
votes
0
answers
261
views
Is using a second hand/grey market phone for banking security a credible risk?
I asked this question in money about telling my bank about using a second hand or grey market mobile phone. The the implication of some of the comments is that any worry is misplaced.
It seems to me ...
3
votes
2
answers
2k
views
Should bank details such as bank bic code, bank swift code, bank cc, bank code be considered as personal data and does it need to be encrypted?
I wanted to understand what elements of financial information need to be protected/encrypted. Understand that information like IBAN, bank account name, bank account number are personal data and need ...