TheChief wrote:

if you lose your card

someone finding it is unlikely to guess the PIN within a few attempts
while standing inside the bank

or give it to a friend with the pin you

must be mad ...

Hi all

OK so this might be standard practice but.....

I went into Santander to order a card to replace one I have lost.
This was for a savings account.

The teller asked me to put my SAntander credit card into a reader
and enter my pin number.
Having been authenticated on their system in this way she could
now give me chapter and verse on all my SAntander
accounts.

The worrying part about all this is that she would allow me to
carry out any transaction on any account.


So, if you lose your card or give it to a friend with the pin you
could be presenting more opportunity than you thought.

Phil
--


----Android NewsGroup Reader----
http://usenet.sinaapp.com/

On 9/26/2016 10:14 PM, Andy Burns wrote:
TheChief wrote:

if you lose your card

someone finding it is unlikely to guess the PIN within a few attempts
while standing inside the bank

or give it to a friend with the pin you

must be mad ...

Unwise, perhaps. Mad is perhaps taking it a bit far. Certainly there are
elderly and disabled persons who trust their carers, friends, and family
with cards and PINs.

Those who devise security protocols sometimes seem to be not quite
living in the real world. Two factor authentication is a step in the
right direction.

newshound wrote:

Andy Burns wrote:

TheChief wrote:

give it to a friend with the pin you

must be mad ...

Unwise, perhaps. Mad is perhaps taking it a bit far.

Accepted

Certainly there are elderly and disabled persons who trust their
carers, friends, and family with cards and PINs.

Is it not possible to get these people added officially with their own
card/PIN and suitably low transaction limits?

On 26/09/2016 22:02, TheChief wrote:

So, if you lose your card or give it to a friend with the pin you
could be presenting more opportunity than you thought.


They have the card and the pin so its you.
What else do you think you should need to identify yourself every time
you use the bank?

The thought that you would give your friend the card and pin is worrying.

En el artículo ,
newshound escribió:

Those who devise security protocols sometimes seem to be not quite
living in the real world. Two factor authentication is a step in the
right direction.

Santander's online banking has it. I know, because I use it.

--
(\_/)
(='.'=) Bunny says: Windows 10? Nein danke!
(")_(")

"dennis@home" wrote in message
web.com...
On 26/09/2016 22:02, TheChief wrote:

So, if you lose your card or give it to a friend with the pin you
could be presenting more opportunity than you thought.


They have the card and the pin so its you.

What else do you think you should need to identify yourself every time you
use the bank?

When you are reporting a lost card, they should do more
than that, like asking you the security questions or asking
you about prior transactions on the account.

The thought that you would give your friend the card and pin is worrying.

There is no viable alternative for some who
can't get to the bank or ATM for various reasons.

Mike Tomlinson wrote:

newshound wrote:

Two factor authentication is a step in the right direction.

Santander's online banking has it. I know, because I use it.

I also use it, and in my case it does not have multi-factor ... it does
have a system where they present you with an image and a phrase which
you set, which serves to avoid phishing.

That should not be the case, I'm sure. Sounds to me like a cock up.
Brian

--
----- -
This newsgroup posting comes to you directly from...
The Sofa of Brian Gaff...

Blind user, so no pictures please!
"TheChief" wrote in message
...
Hi all

OK so this might be standard practice but.....

I went into Santander to order a card to replace one I have lost.
This was for a savings account.

The teller asked me to put my SAntander credit card into a reader
and enter my pin number.
Having been authenticated on their system in this way she could
now give me chapter and verse on all my SAntander
accounts.

The worrying part about all this is that she would allow me to
carry out any transaction on any account.


So, if you lose your card or give it to a friend with the pin you
could be presenting more opportunity than you thought.

Phil
--


----Android NewsGroup Reader----
http://usenet.sinaapp.com/

On Monday, September 26, 2016 at 11:25:58 PM UTC+1, Andy Burns wrote:
Mike Tomlinson wrote:

newshound wrote:

Two factor authentication is a step in the right direction.

Santander's online banking has it. I know, because I use it.

I also use it, and in my case it does not have multi-factor ... it does
have a system where they present you with an image and a phrase which
you set, which serves to avoid phishing.

IS that what it does? I've always been slightly baffled by that. If someone's trying to hack your account, they're hardly likely to be deterred by it.

"OK, you got me, I'd have gotten away with it if it weren't for your pesky image/phrase trap".

On 27/09/2016 08:08, Halmyre wrote:
On Monday, September 26, 2016 at 11:25:58 PM UTC+1, Andy Burns wrote:
Mike Tomlinson wrote:

newshound wrote:

Two factor authentication is a step in the right direction.

Santander's online banking has it. I know, because I use it.

I also use it, and in my case it does not have multi-factor ... it does
have a system where they present you with an image and a phrase which
you set, which serves to avoid phishing.

IS that what it does? I've always been slightly baffled by that. If someone's trying to hack your account, they're hardly likely to be deterred by it.

Wrong way round. It's to confirm that you're connected to the *real*
Santander, not some fake website set up to collect your password and
security number.

--
F

Halmyre wrote:

Andy Burns wrote:

it does have a system where they present you with an image and a
phrase which you set, which serves to avoid phishing.

IS that what it does? I've always been slightly baffled by that.

It lets you confirm you've connected to a genuine Santander site (that
knows something *you* set) not someone trying to fool you ...

En el artículo , F
news@nowhere.? escribió:

Wrong way round. It's to confirm that you're connected to the *real*
Santander, not some fake website set up to collect your password and
security number.

*ding*

--
(\_/)
(='.'=) Bunny says: Windows 10? Nein danke!
(")_(")

On 27/09/16 10:47, Andy Burns wrote:
Halmyre wrote:

Andy Burns wrote:

it does have a system where they present you with an image and a
phrase which you set, which serves to avoid phishing.

IS that what it does? I've always been slightly baffled by that.

It lets you confirm you've connected to a genuine Santander site (that
knows something *you* set) not someone trying to fool you ...


Problems happen where users are unable to fathom out the functionality
of different security measures and why they are necessary.

If I was someone granting secure access to somewhere, I'd first set a
few online questions to ask users exactly what they understand about
internet security, secure passwords, 2FA, trusted machines, public
internet, AV, updates etc.... and on that decide whether it's worth
allowing them to sign up, or if access is really necessary, getting them
to pay for hardened biometric reader equipment.

At the moment, the way online security is described to users (i.e.
Google) is quite (but maybe unavoidably) technical and flies over the
heads of most. Yet they are the same folks that then throw toys from the
pram when their non-2FA account gets hacked. Education :-(

--
Adrian C

On 27/09/2016 07:05, Brian Gaff wrote:
That should not be the case, I'm sure. Sounds to me like a cock up.
Brian

The teller was quite insistent and gave me the balance on the savings
account. She also said my wife could access her savings account and
transact on it via her unrelated credit card provided she visited the bank.

I know some posters are claiming that you get what you deserve if you
lose the card and pin. My response would be:
I don't believe that you should be put at any risk of losing funds from
accounts other than the one specifically linked to the lost card.
Also, with sophistication of electronic theft ever increasing, who knows
when pin security will be compromised?

Phil