# RaboDirect Savings Account and their Digipass.



## williamburke (16 Dec 2006)

I'm interest to know of other RaboDirect customers experiences with the online savings account and their Digipass.

I first saw a Digipass four years ago. A friend living in the Netherlands used one to access his Abn Amro account online. It seemed advanced and a great security device.

However, I realise now what a gimmick it is, and a nuisance that seems to be of no benefit to the customer.

I open my RaboDirect Online Savings Account about 18 months ago, and received my Digipass. With other online accounts I access them at work and at home. However, unless you carry the Digipass with you, it's going to be an either/or situation.
I've only made two lodgements to the account, and check the balance a few times.
On Thursday morning I brought the Digipass into work so that I could make a transfer online from my regular bank account to my RaboDirect account. However, when I pressed the orange button the LCD panel remained blank. I tried a number of times but it remaind dead. A little after 9am I filled an online customer query form telling them of my problem and asking them to phone me.
It was 4pm before they contacted me! They then e-mailed me a .pdf form to fill up and fax in, to have a new Digipass mailed out. Neither of the two options to describe the reason for a new Digipass were appropriate to describe the reason why I needed a new one. The form asked for a User Number which I can only assume was the Customer Number. And not only that, despite being told to fax in the form, it's didn't have a fax number on it!

My experience of RaboDirect's technology is that it's blocked me from accessing my account, and when it comes to getting around this, I need to hand write a form, and used dated technology, ie fax machine, to send it in. And phone them again to get the fax number.

I'm flummoxed! When my ACC (ie RaboBank) SSIA matures I won't be leaving it in their accounts for too long.

On the bright side, I did a quick check on this site to discover that the Northern Rock Demand Online Account APR is 15% higher than the APR offered by RaboDirect. So when my new Digipass arrives, instead of using it to lodge money, I'll be using it to close the account and move the balance to Northern Rock.

I'm all in favour of loyalty to banks, so that they are equally loyal to their customers.


----------



## ClubMan (16 Dec 2006)

That's the problem - better security usually means a trade off agaisnt convenience/ease of use.


----------



## williamburke (16 Dec 2006)

ClubMan said:


> That's the problem - better security usually means a trade off agaisnt convenience/ease of use.


Not only that, but should there be a security breach it's pushing the responsibility away from the bank and towards the customer.

Much like EMV/Chip-and-Pin, in the long term it's for the banks benefit.  At present the majority of hits for online and credit card fraud are being absorbed by the banks.  However this will not last much longer and if a customer who is left out-of-pocket challenges the bank in court, the bank will say "well, *we* introduced Digipass to protect against this" or "well, *we* introduced Chip-and-Pin to guard against that"...


----------



## hmmm (16 Dec 2006)

williamburke said:


> Not only that, but should there be a security breach it's pushing the responsibility away from the bank and towards the customer.


It's more than that though - with a bank account with another institution, yes you will get your money back ... eventually. It will take time and a hell of a lot of hassle. I've a Rabo account and I'm happy to use a more awkward solution (most increased security unfortunately is) to transact without having to worry about my money being lifted and me having to spend a lot of time and effort establishing that it wasn't me.

The OPs problem is a process problem, not a technology problem. If you lose your password in another bank, you may equally have process problems getting a new one issued - although obviously Rabo's looks to be a bit of a mess.


----------



## rmelly (16 Dec 2006)

when was the last time you used the digipass? It may be programmed to disable itself after a predetermined period of inactivity for security reasons...check the terms & conditions.


----------



## ClubMan (16 Dec 2006)

Perhaps the battery just died?


----------



## RaboDirect (18 Dec 2006)

RaboDirect introduced the Digipass in Ireland because using static passwords and PIN's is vulnerable to phishing attacks and key stroke logging. Please see [broken link removed] and [broken link removed] for more information about this.

The majority of banks in Ireland require customers to use the same password/PIN/secret question for logging on. For example, asking you to use the 1st and 3rd digit of an access code is vulnerable to key stroke logging, ie, the fraudster can keep track of your actual key strokes and work out your password. You may be aware that a number of Bank of Ireland recently fell victim to fraud after they received a fake Bank of Ireland email designed to trick the recipient into giving away his/her access codes. 

Why do we use the Digipass? To keep your money and identity secure. 
Our security system is based on the principle of *'two-factor authentication'* which is based on:

(1) Something you know: - your Customer Number and personal PIN code for your Digipass and, 

(2) Something you physically have: - your Digipass which generates a one-time access code that expires every 36 seconds. Your Digipass is also used to authenticate transactions giving a double layer of security. You can now also change your address securely online. 

Your Digipass cannot be used without your PIN making it worthless to somebody else should it be lost or stolen. 

Therefore, if someone gets hold of your Customer Number, they can't access your accounts without having your Digipass & vice versa. The Digipass gives you peace of mind knowing that your financial information is always protected. You can use your Digipass on any computer. 

Uniquely RaboDirect is the only bank in Ireland to give its customers a "No-Fraud Online Guarantee". Please see [broken link removed] for more details. Far from pushing the risk back on to our customers we have taken the lead on ensuring that our customers are fully protected. We have been encouraging the other banks to follow our lead through the Irish Bankers' Federation even though we have chosen not to join the IBF. 

We understand that some people make the trade-off between security and convenience and might not want to use a Digipass. However, given the increasing sophistication of fraudsters we know from our experience (we are Europe's largest online bank) that relying on static passwords and PIN's is outdated and unsecure. It's just not worth the risk. 

Kind regards,
RaboDirect


----------



## lemeister (18 Dec 2006)

williamburke said:


> On Thursday morning I brought the Digipass into work so that I could make a transfer online from my regular bank account to my RaboDirect account.


Surely you don't need your digipass to lodge money into your Rabodirect from another account.  You only need the Rabodirect account details and whatever PIN or password is required by the bank you are transferring the funds from.


----------



## RaboDirect (18 Dec 2006)

lemeister said:


> Surely you don't need your digipass to lodge money into your Rabodirect from another account. You only need the Rabodirect account details and whatever PIN or password is required by the bank you are transferring the funds from.


 
When lodging funds to your RaboDirect account from a third party account you need your RaboDirect account number and sort code. However, some banks place limits on online banking transfers, eg, AIB only allow €5,000 per day to be transferred externally online. You can set up a Rabo Money Mover Facility to get around this - please see [broken link removed] for more details. After you have set up the Money Mover facility on your RaboDirect account you can log on to RaboDirect and withdraw money from a nominated third party account into your RaboDirect acount. 

For example, you create a Money Mover nominating your AIB current account. You log on to your *RaboDirect account *and withdraw €10,000 from your AIB current account and move it your RaboDirect Savings account. You can use it for regular or one-off lodgements to your RaboDirect account. By using this facility you don't need to visit your branch, call your main bank's call centre or be restricted by low daily transfer limits at your main bank. 

And the important part!
When do I start to earn interest when I request a payment using the Rabo Money Mover?
You will start to earn interest on the date you have requested funds to be withdrawn from your nominated external bank account.

Best regards,
RaboDirect


----------



## williamburke (19 Dec 2006)

rmelly said:


> when was the last time you used the digipass? It may be programmed to disable itself after a predetermined period of inactivity for security reasons...check the terms & conditions.


 
Nah, don't think so. It's probably been two months since I had used it. However, there had been a couple of periods of similar duration when I hadn't used it, but it had worked.


----------



## williamburke (19 Dec 2006)

ClubMan said:


> Perhaps the battery just died?


 
Possibly. But surely a battery won't die within the space of 18 months, having been used about a dozen times?  Not in this century anyway.


----------



## williamburke (19 Dec 2006)

RaboDirect said:


> You can use your Digipass on any computer. Kind regards,
> RaboDirect


 
True, so long as you carry it around with you from one computer to the next. If it was slim like those credit-card calculators it would be fine, slip it into your wallet and you're sorted. However, it's a cheap and chunky gadget.



RaboDirect said:


> Your Digipass cannot be used without your PIN making it worthless to somebody else should it be lost or stolen.
> 
> We understand that some people make the trade-off between security and convenience and might not want to use a Digipass
> 
> ...


My Digipass cannot be used with my PIN, it is worthless to me.
My account is so secure I can't even check my balance 123 hours after I discovered the problem.


----------



## williamburke (19 Dec 2006)

lemeister said:


> Surely you don't need your digipass to lodge money into your Rabodirect from another account. You only need the Rabodirect account details and whatever PIN or password is required by the bank you are transferring the funds from.


 
I need the Digipass to access my Rabodirect account. From there I can use RaboDirect Money Mover to transfer the money.  The two lodgements I have made so are using a cheque via post and RaboDirect Money Mover.
Maybe there are other ways, but I'd like to be able to just to do something as basic as check my balance.


----------



## williamburke (19 Dec 2006)

RaboDirect said:


> After you have set up the Money Mover facility on your RaboDirect account you can log on to RaboDirect and withdraw money from a nominated third party account into your RaboDirect acount.
> 
> Best regards,
> RaboDirect


 
Therein lies the problem. I cannot log into my RaboDirect account.



RaboDirect said:


> You will start to earn interest on the date you have requested funds to be withdrawn from your nominated external bank account.
> 
> Best regards,
> RaboDirect


 
How about the date that I attempted to log into my RaboDirect account? Will I earn interest from that date?
I suppose that given the higher rate I'll get from Nothern Rock I'll have the lost interest recouped in a short time.


----------



## williamburke (19 Dec 2006)

hmmm said:


> The OPs problem is a process problem, not a technology problem. If you lose your password in another bank, you may equally have process problems getting a new one issued - although obviously Rabo's looks to be a bit of a mess.


 
Yep, a mess alright.
RaboDirect seems to have plenty of explantions about the versitility of Digipass. The silence one the other matter speaks volumes.


----------



## darag (19 Dec 2006)

Despite the inconvenience, I'm glad Rabo at least take security seriously.  In contrast, Bank of Ireland's system is a joke.  A few years ago, I had forgotten the digits of phone number they ask for and in fact was only sure of the last 3 digits of my PIN.   Conveniently, I could just hit "reload" on the login page repeatedly until it asked for my birthdate and the digits of the PIN I was sure of.  I emailed them that this was idiotic but got no reply.  Nor has they changed this system during their revamp of the site.

So BoI win on convenience but only through stupidity.  As Clubman said, there is a trade off between security and convenience.  The ultimate in convenience would be to just type in your name and have full access to your account from anywhere.  Personally, I'd rather a secure system like Rabo's.  Having said that, I hate the shape of the digipass - a credit card shaped pass would be far handier.


----------



## hmmm (19 Dec 2006)

williamburke said:


> Yep, a mess alright.
> RaboDirect seems to have plenty of explantions about the versitility of Digipass. The silence one the other matter speaks volumes.


I'm more than happy to take the slight inconvenience of the digipass over traditional measures. (I work in security, not for Rabo) Those who complain about the "hassle" of security measures are usually the first to blame the company when things go wrong.


----------



## williamburke (19 Dec 2006)

I understand the general view of most contributors:
some customers prefer security, some customers prefer convenience.

Me? I just want to access my account, within a short period of time of attempting to do so. 
I was surprised that it took them so long to contact me, and that they couldn't have couriered a new DodgiPass to me that day. Are they not familiar with the concept of backups? Or is that a failure on the operations and/or customer service side?



hmmm said:


> I'm more than happy to take the slight inconvenience of the digipass over traditional measures.


 
I can understand different that customers laying priorities with different features, eg convenience vs security, etc.
Personally I've never been a victim of financial fraud of any kind so I'm definitely steering towards the convenience side. I imagine that those that have would be paranoid and security would be a very important feature.



hmmm said:


> Those who complain about the "hassle" of security measures are usually the first to blame the company when things go wrong.


 
That's an interesting fact!


----------



## ClubMan (19 Dec 2006)

I agree with _darag/hmmm _on the security versus convenience issue above and the tendancy some of those who prioritise the latter complaining and blaming the financial institution when the former is compromised as a result. 

Similarly do people who expect a new digipass to be couriered over to them immediately realise that such a service would presumably have a knock on impact on charges and/or returns?


----------



## darag (19 Dec 2006)

> I was surprised that it took them so long to contact me, and that they couldn't have couriered a new DodgiPass to me that day. Are they not familiar with the concept of backups? Or is that a failure on the operations and/or customer service side


Sorry William but I think you're being a bit unreasonable here.

Would you expect your bank to use a courier if you needed a replacement ATM card?  Would you not expect to have to file SOME paperwork or have some security involved to request a replacement card?  Mostly I've been forced to call into my branch to pick up a replacement ATM card.

Their only sin, that I can make out is that it took them until 4 o'clock to get back to you.  Not great but I've had far slower responses from many companies including banks.


----------



## williamburke (20 Dec 2006)

darag said:


> Sorry William but I think you're being a bit unreasonable here.
> 
> Would you expect your bank to use a courier if you needed a replacement ATM card? Would you not expect to have to file SOME paperwork or have some security involved to request a replacement card? Mostly I've been forced to call into my branch to pick up a replacement ATM card.
> 
> Their only sin, that I can make out is that it took them until 4 o'clock to get back to you. Not great but I've had far slower responses from many companies including banks.


 
Funny you should mention it but about three years ago the Cirrus aspect of my Bank of Ireland card expired, making the ATM card invalid.  I was issued a new card and asked them to courier it to me.  It wasn't as if I'd lost the card, I figured.  This was refused so I arranged to have it delivered to my nearest Bank of Ireland branch for collection.  As I'd just started working in Clonskeagh I'd a quick look at their website for the nearest branch... Clonkseagh... and then arranged to have it delivered there. A day later I phoned and phoned and phoned the Clonskeagh branch to find out where exactly it was.  After so many efforts and not being able to get thru', I phoned the Donnybrook branch to find out where the Clonskeagh branch was.  It was closed down!  No mention of that on the website... no redirection of the phone call... and delivery of my ATM card to a branch that no longer existed!

Incidentally, RaboDirect don't have branches so it's not as if I can call in anywhere to collect the DodgiPass.

No sign of it in today's post either.
But I do have an e-mail from Northern Rock:  "Your new account has been opened".

I've had a spate of bad customer service lately (restaurants/furniture delivery/etc).  Hopefully RaboDirect's the end of that for the time being.  Looks like my luck has changed with Northern Rock.


----------



## RaboDirect (20 Dec 2006)

To provide some clarity on a number of issues raised re the Digipass:

*1. Why can't it be smaller, it's too chunky etc.* 
The company that supplies the Digipass, Vasco, do have a credit card size device, a bit like a slimline calculator. Unfortunately it is not robust enough and gets damaged leading to a high replacement rate. Vasco are also trialling incorporating the Digipass functionality into mobile phones but this isn't as straightforward a solution and needs to be tested a lot more before we would consider using it. 

*2. Digipass died/dead battery.*
We did have a problem with a small batch of Digipasses in the early days. All Digipasses are tested before they are sent to customers but some of the faulty Digipasses worked initially and then died. This was out of our control but we endeavoured to replace them as quickly as we could. 

*3. Process*
If you forget your PIN code your Digipass we cannot issue a replacement PIN over the phone as this represents a potential security risk. For example, you would not expect your main bank to give you a new PIN code for your ATM card over the phone. We require a fax/written copy with your signature. 

*4. Security risk*
Ireland has one of the highest levels of phishing attacks and spam in Europe. Fraudsters will always seek to attack the weakest point in the system. Static PIN codes and passwords are absolutely vulnerable hence the reason that Irish banks receive a large number of phishing attacks. Because the Digipass generates one time codes for logging on and also for transactions (and cannot be used without your unique Customer Number and PIN) this makes phishing practically impossible. RaboDirect will not compromise our security in this respect. Whilst you may not have fallen victim to electronic fraud and identity theft in the past, if it happens to you at some point in the future, one of the first questions you could rightly ask is "why didn't my bank have better security measures". 

Regards,
RaboDirect


----------



## ClubMan (20 Dec 2006)

Personally - and I have criticised _Rabo _in the past for other issues - I think that's all pretty reasonable myself. I do find aspects of the _Rabo _accounts a bit awkward/confusing but I would not necessarily criticise them for attempting to make sure that accounts are safe/secure at the cost of some reduction in convenience.


----------



## Towger (20 Dec 2006)

darag said:


> Would you expect your bank to use a courier if you needed a replacement ATM card? Would you not expect to have to file SOME paperwork or have some security involved to request a replacement card? Mostly I've been forced to call into my branch to pick up a replacement ATM card.




This time last year I had BOI courier me a new ATM card after their machine rebooted mid use. I phone their number to report machine and cancel card. The following morning (8am) I faxed a strongly worded letter into branch detailing what had happened and requesting a new card be couriered to me. Got a phone call telling me a courier would be sent the next day when new card was printed. Next day, card arrived at work and got a phone call checking that I had received card and everything OK.

How’s  that for service. I won't go into how long it took the previous time I looked for a card for an account......

Towger


----------



## williamburke (20 Dec 2006)

The saga continues...

I'm now in a game of e-mail tennis trying to get my problems sorted out. I've been e-mailing one e-mail address, but am getting responses from two different people. Both of them are giving incomplete and contradictory instructions.

e-mail me this, fax me that, sign it... date it... include the account details...

Security? Safety? Convienence?

Conjob!

If I wasn't worried about the money in the account, and the fact that RaboDirect are not, to the best of my knowledge, regualted by the Irish Financial Regulator (nee IFSRA), I'd be enjoying this.


----------



## ClubMan (20 Dec 2006)

williamburke said:


> Conjob!


That is a bit _OTT_!


----------



## williamburke (20 Dec 2006)

ClubMan said:


> That is a bit _OTT_!


 
Apologies for that.  I should say that I feel like I am being conned.
Does anyone know if RaboDirect are authorised by the Irish Financial Regulator (nee IFSRA)?  I don't think they are.

It so happens that I forgot my mobile phone today and RaboDirect have been trying to contact me.  This has turned out to be a fortunate piece of forgetfulness on my behalf.  If I had been on the phone with them, I wouldn't have the e-mail tennis to back me up.


----------



## RaboDirect (20 Dec 2006)

williamburke said:


> If I wasn't worried about the money in the account, and the fact that RaboDirect are not, to the best of my knowledge, regualted by the Irish Financial Regulator (nee IFSRA), I'd be enjoying this.


 
Rabobank, like many other Irish and European banks, operates branches across Europe, including Ireland, under the bank passport procedures set out in the EU Banking Directives. These Directives are implemented in Ireland by the European Communities (Licensing and Supervision of Credit Institutions) Regulations 1992. 

RaboDirect is the brand name of the internet bank operated by the Irish branch of Rabobank. The Irish branch of Rabobank is a constituent part of the same Dutch legal entity, Rabobank. Under the EU Banking Directives the primary regulator of Rabobank, including its Irish branch, is the Dutch Central Bank. Under this legislation the Netherlands is the primary regulator, the "home state" and Ireland is the "host state". Ireland as host state has through the Financial Regulator acknowledged the establishment of the Irish branch, as it is obliged to do under the EU Banking Directives. 

Thus Rabobank's Irish branch is regulated by the Dutch Central Bank. In addition, the conduct of the business of Rabobank's Irish branch is supervised in Ireland on a secondary basis by the Financial Regulator because Rabobank's Irish branch must comply with Irish law when carrying on business in Ireland, including in such areas as advertising. 

So in other words, RaboDirect customers are offered no less consumer protection due to the fact that we are regulated by the Dutch Central Bank. Rabobank is AAA rated and was again voted "The World's Safest Privately Owned Bank" in 2006 (we are a cooperative bank). 

Regards,
RaboDirect


----------



## MugsGame (20 Dec 2006)

I've closed this thread as the original question has been answered. This is not a support forum for Rabo and I think it's unreasonable to expect an ongoing dialogue here to resolve an isolated customer support problem.

Rabo are regulated here in a simliar way to Northern Rock, who the OP is happy with (so far), so that's a bit of red herring.


----------

