Egg Money warning

Started by Rik, May 18, 2010, 11:26:08

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Rik

The Telegraph reports that:

QuoteBank customers who use popular online budgeting tools may be left high and dry if their accounts are emptied by fraudsters.

The tools, such as Egg Money, lovemoney.com and First Direct's Internet Plus service, require users to input their bank passwords to keep track of balances on all their accounts and make sure that they are not overdrawn.

These sites, known as aggregator services, have become increasingly popular with savers who are trying to make the most of their money in a low-interest rate environment by moving it around. Similar services are also being developed as 'apps' on customers' mobile phones.

However, several banks have now made it clear in their terms and conditions that customers would not be compensated if they are victims of fraud while using these sites.

A spokesman for Barclays said that customers would not be covered by the bank's online fraud guarantee, which ordinarily means that if the customer falls victim to online fraud on their account the loss will be covered.

"It's not for us to answer the question on whether these types of sites are safe, as we don't run any aggregator services," the spokesman said. "Some customers who may wish to use an account aggregation service need to be satisfied that they are receiving the same level of protection for their money as Barclays offers. Since Barclays has no control of these sites we are unable to provide our online fraud guarantee to customers who use these services."

NatWest has a similar clause in its terms and conditions. It states that "if you pass on your security details to an account aggregation service provider, you will be in breach of your terms and conditions and may be liable for any unauthorised transactions".

I can't say I'm surprised, I certainly wouldn't use one of these services.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Simon

Me neither.  I don't even access banking without a wired connection. 
Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

Rik

Same here, or at least my own dongle.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Simon

I certainly wouldn't trust a phone to access secure sites.
Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

Bill

Quote from: Simon on May 18, 2010, 11:28:23
Me neither.  I don't even access banking without a wired connection. 

I don't mind using a wireless connection... but for no longer than necessary, and mine is pretty well screwed down!
Bill
BQMs-  IPv4  IPv6

Rik

I think Simon was thinking more of phones and free wi fi, Bill.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Bill

Quote from: Rik on May 18, 2010, 11:41:10
I think Simon was thinking more of phones and free wi fi, Bill.

So no calling the bank on a DECT phone... I don't know what Simon has got, but that would be tricky here :P
Bill
BQMs-  IPv4  IPv6

Rik

 ;D

What's a phone call?
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Simon

I was thinking of phones, and free wifi, but I do usually do my banking on the main wired PC at home too. 
Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

Simon

I've also often wondered how secure it is, tapping your credit card or bank account number into a phone, when you need to call them?
Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

kinmel

We discussed this very problem 2 years ago
Alan  ‹(•¿•)›

What is the date of the referendum for England to become an independent country ?

Simon

Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

Rik

Alan was sceptical, Seb was happy, the rest of us were more concerned with financial programs.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Rik

Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Bill

Quote from: Rik on May 18, 2010, 12:29:47
Good memory, Alan.  :thumb:

I hate posters with a good memory  :evil:
Bill
BQMs-  IPv4  IPv6

kinmel

Quote from: Bill on May 18, 2010, 12:39:02
I hate posters with a good memory  :evil:

I never forget anything unimportant and never remember the important bits, Pat claims it's deliberate  ;)
Alan  ‹(•¿•)›

What is the date of the referendum for England to become an independent country ?

Simon

I'm just surprised the outcome wasn't who made the best sausages.  ;D
Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

Rik

It was pre-DR, Simon. ;D
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Simon

It wasn't pre-food discussions though, was it?  ;)
Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

Rik

Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

pctech

Most of these services use Microsoft's ActiveX technology so the credentials are stored on your PC so if its compromised and the encryption is broken, you've had it.

I did ask about the FD one when I joined hoping they'd say it was all done server side but alas no.

Best avoided.


Rik

Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Technical Ben

Sorry Rik. The news story is far to ambiguous to make a decision. What are they talking about or complaining about? Online banking? Terms and conditions? Fraud?
Lets get a few facts straight.
All banks will cover you for fraud as long as you keep your details safe and do the best to avoid fraud. This would include using security and virus scanner software if using online banking.
All banks will have secure online banking. Including their own mobile banking.
Terms and conditions will not cover you if you give out your password and login details.

However, if you enter your account details and numbers and passwords in another website, then no, the bank will not be happy.
Why not just enter the amounts your saving etc, no need for account numbers.
I use to have a signature, then it all changed to chip and pin.

Rik

Aren't you agreeing with the story, Ben? Essentially, if you register your login details with a third party, you won't be covered in the event of fraud.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

pctech

There is an American service called Mint (nothing to do with the RBS credit card) that aggregates these details but it is all done on heavily encrypted servers on a firewalled network which sounds like a better idea if you really want to use a service such as this.

Not sure if its available over here yet.

I would prob use the FD one if it was server side and had proper guarantees, there is no real reason why it cant be done, I just think the banks want to offer the service but want a get out of 'oh your AV or firewall wasn't up to date'

Bit like chip and PIN really, our banks are so tight that at least initially they wouldn't pay the extra for credit and debit cards that supported encryption on the data path between the chip and the reader so the PIN was sent in the clear.




Rik

Our banks aren't tight, Mitch, they're just penny pinching. ;)
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Glenn

Miserly is more apt, I think
Glenn
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Rik

You're being generous, Glenn. :)
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

pctech

Apologies if my choice of phrase isn't 100%

I have a subnet induced headache at the minute.

Rik

Does paracetamol work for them? ;)
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

pctech

Sure does when it kicks in.

I tell ya, once have passed the exam in October I intend to go out and get more drunk than I have been ever.



Rik

Let me know where to come and collect you. :)
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Lance

Quote from: pctech on May 18, 2010, 16:39:01
Bit like chip and PIN really, our banks are so tight that at least initially they wouldn't pay the extra for credit and debit cards that supported encryption on the data path between the chip and the reader so the PIN was sent in the clear.


But the pin is stored on the card itself so why would it be sent over the data path?
Lance
_____

This post reflects my own views, opinions and experience, not those of IDNet.

Technical Ben

Like I said Rik. I'm not sure what they are getting at in the article. Having never heard of a aggregate service either. So I don't know what it is to agree or disagree with. Just DO NOT give your details out to third parties. Even if they are offering financial help. (By that I mean personal or sensitive data. You have to give some stuff in all aspects of life, but not your passwords or pins etc!)
I use to have a signature, then it all changed to chip and pin.

Rik

The aggregate services are people like Egg Money, who will store your other account information so you can access any financial institution you do business with from the one site. A recipe for disaster, imo.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Technical Ben

Oh, yes. Now I get it. Sounds very dangerous.
If it is going to be legitimate, it needs to be done via the originating bank. I don't quite see a market for third party online banking systems, but then I suppose it's no different from cash machines. The answer? Don't have more than one bank account!  :solved:
I use to have a signature, then it all changed to chip and pin.

Rik

Too simple for us sophisticates, Ben. ;)
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

zappaDPJ

I must admit aggregate services are not something I'm fully up to speed with but I don't understand how they are able to work if you use a PINsentry system to log into your bank. Regardless you might as well leave your money pegged out on the clothesline if you choose to risk that kind of service with your details I would have thought.
zap
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

pctech


zappaDPJ

Then every on-line banking facility should use that system, problem solved!  :laugh:
zap
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Rik

Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.