Banking Apps

[Simon]

Obviously I'm not asking for details, but does anyone here use banking apps, as opposed to online banking via a website?

I just tried the one for my bank, and usually I have to log in, then pass a second level of security before I can access my account, but with the app, after the initial login, the first line of security, ie the user name and password, seems to be bypassed as it's stored by the app, so you just log in with your 'memorable word' from then on. 

I kind of feel that this is less secure than having two levels of security, but maybe I'm behind the times?  Are the apps more secure than using a traditional banking website?

[zappaDPJ]

Are the apps more secure than using a traditional banking website?

I'd say the Barclays app I use is more secure because it uses biometric data (my finger print) as a login. It's also far more convenient. I can browse all my accounts, pay bills or transfer money in seconds, from any location. I've been using it for a number of years without any issues.

[MisterW]

I kind of feel that this is less secure than having two levels of security, but maybe I'm behind the times?  Are the apps more secure than using a traditional banking website?

I've used one for a while now. I assume the apps store the first level security details highly encrypted on the device and send those over the https link when you run the app. One could argue that is better than typing them in to a conventional website as it can't be subject to keystroke logging. My banking app (and I assume others) will give you quick read access for balances without entering further details. If I actually want to login then it requires 3 random digits from a 6 digit pin. 

[Clive]

I've tried downloading the banking apps but I don't have any devices that are compatible with them.  I suppose they might work on Mrs Clive's iPad.   

[Gary]

I se both Loyds and NatWests apps, both work well and are secured by biometrics (FaceID) on my iPhone Xs 256 GB and 12.9" 1TB iPad Pro, the apps are slightly different between phone and tablet, I prefer the iPad versions but both work well. I never log in on a computer any more.

[nowster]

Nationwide's one either uses a fingerprint or three randomly chosen digits from your six digit PIN.

[sparky]

I assume the apps store the first level security details highly encrypted on the device and send those over the https link when you run the app. One could argue that is better than typing them in to a conventional website as it can't be subject to keystroke logging.

This is what a friend of mine was told when he queried the security of the mobile phone app at his local Barclays branch.

[Simon]

Yeah, see, I don't use any security to unlock my phone, as it becomes a hindrance when I'm in and out of my phone all day.  Also, without wishing to sound complacent or to tempt fate, in my usual environment, I don't really have to worry about it being stolen.  I wonder if the bank would ask what additional security was used in the event of a fraud, or the phone falling into the wrong hands?

[zappaDPJ]

If your phone requires biometric data to unlock it or to use a bank app then there's no problem if it's stolen. I believe that still applies to some extent if your phone is protected by a numeric password because you only get so many attempts to unlock it before it gives you a time out. If you don't use any of that protection then you are probably less protected in the event of a theft. To what degree I can't say.

[Gary]

Yeah, see, I don't use any security to unlock my phone, as it becomes a hindrance when I'm in and out of my phone all day.  Also, without wishing to sound complacent or to tempt fate, in my usual environment, I don't really have to worry about it being stolen.  I wonder if the bank would ask what additional security was used in the event of a fraud, or the phone falling into the wrong hands?

That's where biometrics comes in so handy, just using a thumb or looking at your phone to unlock the phone and app is fast and very secure. I don't think you can set up the banking apps to not have a security code anyway which should cover you, but they could always say you have not taken enough precautions with your main devices security I guess. I think its good practice to have good security anyway. Yes it may be a hindrance but after you get used to it its easy. I don't exactly get out a lot myself maybe more soon in my electric wheelchair, but I still use full biometrics as if someone robbed my phone i have so much data on it I know its protected and I can remote wipe it, or if they try to many times it will erase itself.

[Technical Ben]

Yeah, see, I don't use any security to unlock my phone, as it becomes a hindrance when I'm in and out of my phone all day.  Also, without wishing to sound complacent or to tempt fate, in my usual environment, I don't really have to worry about it being stolen.  I wonder if the bank would ask what additional security was used in the event of a fraud, or the phone falling into the wrong hands?

I use Samsung's "secure folder" to have fingerprint access to the app. So unless I've that second used it (has like a 30 second time out or something), they cannot even open the app. After that both Apps use fingerprint or pin/pin random numbers. Some apps are great, some banks scary. 

[nowster]

Mobile phone fingerprint access makes use of a separate security chip that connects to the fingerprint reader, and can store secrets in the chip that can only then be retrieved with a successful fingerprint match.

If it's any good, the secret data will never leave the chip once set, but will be used to sign a challenge request to authenticate it to the banking service.

[Simon]

I've set the phone up now with Smart Lock, which locks it unless I'm at home or in the car, and requires a PIN to unlock it when I'm not.