Last week we ordered a new security code generator from our UK bank we were told we were responsible for any customs duty. One was delivered last Friday and just left in our post box.
This morning another was delivered by hand via the post. The postman said you are not going to like this and charged us 9 euros for the package. As I was expecting another delivery we did not read the package properly until the postman had left. It was another card reader and it’s value declared on the package was £6.23. (The last weeks one was £5.) does anyone know where they get this charge from and why it’s application seems to be random.
I don’t understand this, my banks, and others, keep the generators themselves and send me the code for me to read and repeat. Is that not the same thing?
The calculator as I call it. They’re all made exactly the same as part of regulations so in theory any bank in the EU that still uses them should take any card from any other bank whatever the logo says, but I know for example the Barclays one has extra features so I’m not sure how true that is in practice.
Banks are replacing them with in-app confirmation so they’re becoming obsolete. Codes by SMS are considered insecure so this is a better option (just about), they’ll ask you to put your card in, put in the PIN, and it will generate a code you have to put in, which will mean you will have to both have the physical card, and know the PIN for it, to get the required code.
That’s why the calculators and SMS still exists at the moment I’d assume. But otherwise I am not sure what the plans are. Perhaps it will just be a matter of liability, customers without smartphones will just have to agree that any losses occurred through fraud or such are not on the bank but them and can continue to receive codes another way, but I’m not sure whether that’s legal or not. I imagine that given you can buy a new smartphone for 80€ these days (still not a small sum for people living on very little money I appreciate), and the world is awash with organisations who will help people get up to scratch with how to use them for free, it will likely become a case of ‘you’re making a lifestyle choice not to have one, so that’s on you’ in future unless you have a significant disability based reason why it’s not possible. I’m not sure @david_spardo, it’s certainly an interesting question, I know a few people in this area who I generally avoid discussing their work with as people who work in bank fraud departments are understandably cagey about what they do lol, but perhaps I’ll ask them!
But isn’t a contract required to operate them? At the moment I have a monthly deal with Leclerc’s that can be abandonned at any moment by simply stopping payment. Don’t even need to give notice.
Not at all, no. I have not looked at the phone I will link to below in detail but I see no reason why the phone there wouldn’t take your existing SIM card. If you didn’t pay as you said, you just wouldn’t be able to make calls or texts just as is the case like your current phone, there would be no difference. You could just connect to your home Wi-Fi or such and the rest of the phone (apps etc) should work as normal. But as I say as an Apple user so Xiaomi phones are not something I know much about, but I understood they were just Android (Google) phones so should be able to run banking apps etc.
Ours is completely different to that. It doesn’t need the card at all, and you don’t enter your pin. It relies on a code generated from a combination of the time of day, a code embedded into the device when it was sent and a local code devised by ourselves. It seems to me that it should be extremely secure.
Indeed it does, and unless you’re Jeff Bezos or Bernard Arnault a remarkable amount of overkill security theatre. Sounds like Fort Knox would be significantly easier to get into, but if it works, it works and that’s what matters! Definitely better than getting an SMS when anyone can just nick the SIM card.
It’s a standard charge - LaPoste charge something like 8 euros for the pleasure, you must have gotten lucky with the one from last Friday. If it’s from the bank for your account, I would have thought it was non-commercial item? If it has a tracking number, you should be able to track it and pay the customs online first, and save most of the costs via La Poste, although it’s clearly not in their interests that you do this.
My old postman was a very friendly people person. The new younger one is always miserable, like his girlfriend just dumped him or his dog has just died. The only time his eyes lit up and he smiled was when he came to extract 9 euros from me about a month ago.
This all started when I tried to access our bank account. Normally my wife does all the banking but we decided it would be a good idea for me to know how to do it.
First thing my pass code was rejected and the account locked after three tries. So I called the bank help centre and after passing security it turns out I have never logged my mobile with the bank so I do this and then apparently I need a card reader although she said once they sent me one I could use my wife’s !!!
Very strange a 9 Euro standard charge, who gets the money the French post office or Douane or perhaps it is a small Douane charge and a large post office admin charge.
I used one of these to get access to my bank account and was very happy using it for many years. You tap in your pin number, use the green button, up pops a one-off random number to place in the relevant box on the bank’s website, and Bob’s your uncle.
Not now! Discontinued - had to download and install an HSBC app on my smartphone. Always apprehensive now, using the new method. The random code generated on the smartphone is quite often a previous random number and not a current one due to what seems to be a slow response between the smartphone and the bank website.
Tap in the wrong code on the website and an ominous message appears threatening to prevent you from accessing your bank account if you do it again, requiring you to ring up and go through a host of questions to verify who you are to get access back again.
It’s not the physical SIM card that they’re after. There’s a type of attack called SIM swapping. It involves an attacker phoning your mobile phone provider and impersonating you in order to get your phone number assigned to a different SIM card, i.e. one which they already have possession of.
In an ideal world, the mobile phone companies would do all the due diligence that you’d expect before transferring a phone number to a different SIM card. The reality is that they don’t (or there are employees who are knowingly facilitating this) as this happens relatively frequently.
This report by the EU’s cyber security agency is a few years old now, but according to them over half of the 48 phone companies they investigated had allowed fraudulent SIM swapping to take place in the previous 12 months, and 12 of those had allowed it to happen more than 10 times, and 6 had allowed it to happen over 50 times!
I know other people have been making helpful suggestions but I thought I’d just add my two-pennorth to possibilities.
I have 2 UK bank accounts, one of which will send a text with the code to my (non-smart) phone with email if the phone isn’t available and the other sends a text to the phone with the card-reader option if the phone isn’t available. Like others, I have a couple of spares of the card-readers!
I also have 2 French bank accounts and my partner has one with a different bank. All three like people to use the smart phone option but one of them has given me a personal (fixed) code to use in combination with the text they send to my phone. The other two use a device called a digipass as an alternative which acts a wee bit like the phone app in that you point it at the screen and it verifies the QR code there.
There are always alternatives @David_Spardo (And I can tell you which banks use which if you are interested!)
Was that because you needed a new one? I am still very happily using my old “secure key” and am happily ignoring the messages from HSBC to change to a phone app.
(And I can tell you which banks use which if you are interested!)