Fintech iPad apps

Making it impossible for someone else to access your account is exactly what you’d expect from a modern bank :+1:

1 Like

Id expect a modern ‘fintech’ bank to authorise me within minutes, not hours. Imagine using NatWests new face ID tech to authorise payments except you need to wait 3 hours for a human to compare your pictures… :grimacing: It’s not a good look when you cant login to your bank because the bank doesn’t have the technology or the people to let you in.

Anyway as promised here’s the NatWest/RBS iPad app layout (for the main screen at least) gives you some idea

2 Likes

This might come across as disingenuous, but it’s a serious point:

That’s exactly what you have to do with the neobanks when you want to send a large or out of character payment.

Whereas a traditional bank would likely block your transfer and ask you to speak to the fraud team (annoying), they would request you call them. Even at peak times, you would be able to speak to someone within an hour and they would immediately make a decision while you were on the phone. Ultimately, you would be allowed to put your payment through if it was genuine. This isn’t an “instant” process, but it’s likely to be quicker than the neobanks.
It’s also arguably easier; there’s no need for Proof of ID selfies.

This is an area that neobanks will need to improve.

2 Likes

As an aside (sorry for diverting the topic, please don’t moderate me out of existence), but…

Does anyone else’s NatWest show “Morning/Afternoon/Evening, NAME” (with the name in all caps)? It’s very jarring, I wonder why they do that?

Yes, but you can change it in the app settings.
I believe it’s under Personal Greeting.

I’ve changed it to my name in normal sentence case, much nicer!

2 Likes

The screenshots in the App Store show it as lower case.

I think it might depend on the branch you signed up at though.

I had a few barclays accounts made through different branches and some would format my name slightly differently which would show up in app and on the card. Was quite annoying.

Edit: ignore my theory, @seb’s answer is probably the right one!

1 Like

Oh my God, thank you, that has been driving me mad for MONTHS.

Happy to help, I put up with it for about 2 months after opening my account with them before I discovered the option, so I know how you feel!

Not with quite the same easy step-by-step instructions as you though!

I admit, it was just off the top of my head - I was too lazy to look properly.

1 Like

Thanks, I would like your post but I’m out of likes/reactions again.

So please accept this reciprocal thumbs-up instead!

:+1:

I’m out of likes too! I learned you can still use the other reactions once you run out!

1 Like

People don’t have to login to their starling account all the time though. Presumably most people only have to do it when they replace their phone. Hardly a serious inconvenience.

It certainly doesn’t bother me knowing the security benefits.

I’m not sure what the security benefits there are here. Could you shed some light?

I’d ideally liked to be logged in on both my iPad and iPhone and use interchangeable without delay.

As long as you’re authorising a new log in from one of your devices, that still meets the 2FA requirement. Making you wait doesn’t add any extra layer of security as far as I know. If Starling are touting this as a security thing, then that’s just a case of security theatrics IMO, which I absolutely detest.

3 Likes

Yes, most people do only do it when they replace their phone.

So what about if you get mugged, or drop your phone in a multi-storey or otherwise catastrophically and immediately lose access to their phone?

You might then want to get back up and running by buying a new phone, or using an old device as a stopgap. Login required, only you have to wait for access. This could be a major issue if it’s your only device.

The problem is mitigated by having a secondary device like an iPad or even iPod touch, but lots of people don’t. It may also not be convenient to use the backup device when out and about, if it only has Wifi and no cellular data, etc. Being able to approve the new device from an existing device is a great idea.

1 Like

When you look at fraud it’s easy to get around the 2FA of other banks. SIM swap fraud is one example. There have also been many cases where people give their text code or card generator code to a fraudster. The login method of starling prevent these and many other types of fraud. When I was with Santander it was just a username, password and a text code. Yes that is definitely less secure than the starling method. You probably wouldn’t even bother trying to access a starling account if you were a fraudster.

If you sign up to an app only bank then you have to accept if anything happens to your phone then you’re in trouble but I presume the situations you’re describing are rare. Let’s be honest most people can’t survive five minutes without a phone these days so I presume you’ll get one quickly anyway.

That it does. But it’s the act of verifying the login from the startling app that mitigates those risks, not the delay.

I’d personally like to see banks adopt the use of authentication apps as a successor to SMS, because these can be installed and setup on any number of devices, which would help mitigate the issue @seb described.

Another way is to just trust any device you’ve already authenticated from another authenticated device like Apple do. So any device with Starling installed can authenticate any other device you’re trying to sign into. This is security without theatrics. A delay won’t make it any less or more secure.

2 Likes

Maybe the delay can be improved in future. Next time I have to login I’ll see how long it takes.

1 Like

This was my whole point in the first place: you would and could get a new phone immediately as it is so difficult to live life without one, only Starling would then block your app access so you couldn’t manage your finances.

Despite knowing all of your security information, going through all the processes correctly, they are neither automated nor fast so waiting for a person to unlock your account would be a problem.

This isn’t an argument for “more security”, in a double-down style, it’s actually an argument for better user education.

There is a risk to two-factor SMS codes, through SIM-swap fraud. I accept that.
Code-generating card readers are extremely secure, if used correctly, although I personally dislike them as I find them inconvenient and prefer app-based solutions for general use. However, there is nothing wrong with the approach that Barclays use (for example) of allowing both software-based and physical code generators. If I need to install the app on a new phone with them, I can dig out my physical reader to authorise it. This is very useful and better than Starling’s approach.

I resent an authoritarian approach where the logic is “some people are stupid, so you can’t do this for your own protection”. If people give out their 2FA codes to any random stranger then they frankly deserve to be defrauded (not that I’m pro-fraudster, just that you can only protect the stupid to a certain extent, otherwise everybody suffers).

Banks paying out for cases of fraud where the customer has done everything wrong shouldn’t be required, if nothing else people might be a bit more careful and think twice if they didn’t seem to think that the bank will refund them no matter what.

I agree with you on this, but my point is that if customers are extremely stupid in the sense that they ignore bank warnings, they are “asking for it”. I’m not blaming victims who were genuinely conned through difficult to detect or elaborate means, or vulnerable customers (where I do feel that the bank approach ought to be closer to a preemptively protective one).

It is the responsibly of the banks to educate their customers, in the same way the police do community outreach to help the public prevent crime.

I also don’t quite agree with the window analogy. Giving out 2 factor codes is akin to inviting a convicted burglar into your house, then announcing to them that they are going to be out for the next 6 hours and will they be OK in the house on their own? Then being surprised that they steal your valuables.

TL;DR - Banks give clear anti-fraud advice like “don’t share this code with anyone, even us”. If a customer then does, unless there are special circumstances in their case, it is their “fault”.

3 Likes