# No Boi App,  No online Banking?



## Black Sheep (3 Feb 2021)

I have been getting many emails and letters from Boi telling me that in order to continue banking on line I must download the App. Problem is my smartphone is not smart enough. The bank continues to remind me if I do not update to the mobile App. they will close the Account.

So it looks like close the account or buy a new phone!  A bit drastic!

Any simple ideas would be appreciated


----------



## odyssey06 (3 Feb 2021)

Was discussed here- supposed to be rolling out a physical security key to replicate the app.

For the moment the old link on this thread still seems to work.





__





						New Bank Of Ireland security requirement
					

I am trying to log in to Bank of Ireland Banking Online and I am getting a message that I need to set up a security device. Is this genuine. It seems like something that would have been advertised.  Thanks for any info.



					www.askaboutmoney.com


----------



## Black Sheep (3 Feb 2021)

While I understand the reasons for the extra security and I can still access the accounts at present it's still looking like a new phone or out.
No offers have been made in the *emails* for a security key though I have requested one from their website


----------



## DeeKie (4 Feb 2021)

That’s pretty poor. I’m not sure who you’d complain to. Would you just switch banks?


----------



## Hooverfish (4 Feb 2021)

I just had to swap all our household phones about to give my husband a more recent iPhone for the BOI app. Not a bother really, but what did peeve me is that the BOI website functionality has deteriorated with regard to ability to export historical account transactions as CSV. I hate typing in bank data to accounts when this should not be necessary. And they wonder why Revolut is doing well... but CSV export from secure websites is a technology over a decade old. No excuse regarding EU laws on that one. Just poor planning and execution.


----------



## Black Sheep (4 Feb 2021)

DeeKie said:


> That’s pretty poor. I’m not sure who you’d complain to. Would you just switch banks?



I presume all other banks have the same requirements or will have shortly. It's a bit of a pain switching after over 40 years


----------



## Inspiron (9 Feb 2021)

Downloading CSV files of transaction details is not 10 years old - this basic technology is about as old as Microsoft Excel which has been around since 1985.

I had a CSV download facility available from my U.S. employer's Credit Union in the early 1990's. I also had the option to download the transaction details in Quicken format. This was the Digital Federal Credit Union (DCU). It started as a credit union for U.S. based employees of the Digital Equipment Corporation (DEC) in 1979 and currently has about 800,000 members.

This Credit Union was operating as a full U.S. bank with Credit cards, Debit cards and cheques. In 1994 nearly all bills in the U.S. were paid via cheque. I wrote 1,400 plus cheques while living there between 1991 and 1994, as all utility bills were paid monthly.

In the early 1990's there were still a number of U.S. banks that only had one branch and most employees were VPs! These only provided a basic bank service - checking and savings accounts. They did not handle foreign currency, for example. I presume that since then that a number of these single branch banks have merged with bigger U.S. banks as they probably would not be able to cover the cost of the technology needed for todays bank services.

Having said that, BOI have spent a lot of money (€800M?) recently on their new IT stack. If the quality of their two-factor authentication software is anything to go by, this is another major IT Transformation that should have been avoided.

Smart-phones are expensive now so BOI should have built their App to work with some of the older iPhone/Android operating system versions. Not doing this is pretty ignorant and shows a total disregard for their Customers. If they did not have the technical expertise to design and develop App software that was backward compatible with existing handsets, then they selected the wrong IT company to do their IT transformation.

I upgraded my smart phone last year to be able to use the EBS App, because my perfectly good iPhone 5 was not supported by their "new" App.  This cost me about €700 for a new Samsung S20.

I am continually amazed at the poor quality of recently developed software. For example, when logging in to the BOI App it does not set the focus to the first position in the next input field.  As this is so obvious, it makes me wonder if anybody tested logging in to the App, even once. This should be a no-brainer default.


----------



## Mousehelp (9 Feb 2021)

Not sure How my mom is going to Manage this with her Doro phone!


----------



## Okokokoknic (9 Feb 2021)

Inspiron said:


> I upgraded my smart phone last year to be able to use the EBS App, because my perfectly good iPhone 5 was not supported by their "new" App.  This cost me about €700 for a new Samsung S20.



The iPhone 5 last received an iOS upgrade in July 2019. I would consider any phone not receiving updates from the manufacturer as potentially vulnerable from a security point of view.

I don't think it's unreasonable of Banks or any other app developers to require a minimum iOS/Android version for their apps to run on.

There is a wider argument that Phone manufacturers should support OS upgrades for longer, but I responsibility for that does not lie with BOI.


----------



## shweeney (10 Feb 2021)

Inspiron said:


> I upgraded my smart phone last year to be able to use the EBS App, because my perfectly good iPhone 5 was not supported by their "new" App. This cost me about €700 for a new Samsung S20.



you didn't *have* to buy an S20. You can get a perfectly usable Android 10 phone for €150. The iPhone 5 is from 2012, you had a good run with it.


----------



## NiallSparky (10 Feb 2021)

Okokokoknic said:


> The iPhone 5 last received an iOS upgrade in July 2019. I would consider any phone not receiving updates from the manufacturer as potentially vulnerable from a security point of view.
> 
> I don't think it's unreasonable of Banks or any other app developers to require a minimum iOS/Android version for their apps to run on.
> 
> There is a wider argument that Phone manufacturers should support OS upgrades for longer, but I responsibility for that does not lie with BOI.



Yep, there's both a security and financial cost associated with developing apps and products to run on no-longer supported smartphone OS.

It's likely far cheaper for BOI to issue physical security keys to the small segment of their customer base that this affects. It's also probably the least lucrative of their customer base, so it's a fairly easy decision for them.


----------



## odyssey06 (12 Feb 2021)

If you have managed to set up the app on your phone, it is recommended to add a backup security device (partner's phone, a tablet etc).
In case you lose your phone, you would be able to logon with backup device to block your phone and access your accounts.





__





						Set up multiple security devices - Bank of Ireland Group Website
					

We recommend you set up at least one other security device to allow you to access online banking. That way, in the event that you misplace one security device, you will always have access to your accounts online. Each new security device you create will require an activation code, sent…




					www.bankofireland.com


----------



## Eidnic (13 Feb 2021)

Surprise, yesterday when I tried to log into my BOI account I discovered I had to download their app to my phone. Why did this happen without any warning and before they have the alternative secure key device available? Anyway, I downloaded the app but I am in now doubt as to the security of it as it only asks for my pin to log-in!. NO 2-step authentication required and yet when I log into my account on my computer I have to put in a code I receive on my phone? So how do I make this app secure?


----------



## jpd (13 Feb 2021)

There was plenty of warning about this change - it's been flagged on the website for at least the last month


----------



## RedOnion (13 Feb 2021)

Eidnic said:


> NO 2-step authentication required


You were able to install App for first time, and login via App without receiving a code via SMS?


----------



## EmmDee (13 Feb 2021)

Eidnic said:


> Surprise, yesterday when I tried to log into my BOI account I discovered I had to download their app to my phone. Why did this happen without any warning and before they have the alternative secure key device available? Anyway, I downloaded the app but I am in now doubt as to the security of it as it only asks for my pin to log-in!. NO 2-step authentication required and yet when I log into my account on my computer I have to put in a code I receive on my phone? So how do I make this app secure?



The app is more secure than the website. With the app they can identify the device so don't need the text second factor (text messages aren't secure in any case). It is a secure channel from device to bank


----------



## EasilyAmused (15 Feb 2021)

Black Sheep said:


> I have been getting many emails and letters from Boi telling me that in order to continue banking on line I must download the App.



I’d be interested to read these emails. 
From my experience online access is all that is necessary. If anything, there is a lot more available to an online user than an app user. 
I can easily do what I need to do accessing my BoI account from a browser rather than via an app. 

I’ve noticed that many apps hardly differ from the mobile site in terms of interface/GUI. Why bother having an app for BoI or MetEireann or PaddyPower or Boards.ie when accessing the site via Chrome or Safari or Torc is identical?


----------



## ClubMan (3 Mar 2021)

EmmDee said:


> The app is more secure than the website. With the app they can identify the device so don't need the text second factor (text messages aren't secure in any case). It is a secure channel from device to bank


Are you sure about that?
How are they identifying the phone?
Via the IMEI/IMSI or something like that?
Can't they be spoofed?
I'm not convinced that a phone/app connection is automatically/inherently secure without, say, per user/device certificates or something like that.


----------



## EmmDee (3 Mar 2021)

ClubMan said:


> Are you sure about that?
> How are they identifying the phone?
> Via the IMEI/IMSI or something like that?
> Can't they be spoofed?
> I'm not convinced that a phone/app connection is automatically/inherently secure without, say, per user/device certificates or something like that.



An app connection is a direct secure encrypted link between a device and the service unlike a web connection, text or email - all of which are vulnerable to "man in the middle" or spoofing. The app verifies the device connecting - when you first set up the app you have to verify you have the device. There is the equivalent of a certificate happening in the background. If you change phone, you'll have to re-verify.

This is why they are moving to app based secure connection - it is a direct channel from your device to the bank. Which is why, when using a less secure channel like the website, there is a higher level of verification


----------



## Hooverfish (3 Mar 2021)

EmmDee said:


> An app connection is a direct secure encrypted link between a device and the service unlike a web connection, text or email - all of which are vulnerable to "man in the middle" or spoofing. The app verifies the device connecting - when you first set up the app you have to verify you have the device. There is the equivalent of a certificate happening in the background. If you change phone, you'll have to re-verify.
> 
> This is why they are moving to app based secure connection - it is a direct channel from your device to the bank. Which is why, when using a less secure channel like the website, there is a higher level of verification


Also many banks (certainly AIB) can use the phone to geographically locate you while using the app, which also allows them to eg open bank accounts remotely with greater security while verifying your identity, address etc.


----------



## sharkattack (12 Mar 2021)

Does anybody know how many smartphones are allowed to access the same account.  In our case we are community group that we want several people to be able to go into the account to make payments etc.  Can they all download the BOI App and register to the same account once lead phone number on the accounts sends on the initial activation code?  
When a non primary holder then makes a payment will they still have to get a verification sms code forwarded to them  from the primary contact number every time they go to make a payment?  This would be a right pain it this was the case for us.


----------



## odyssey06 (12 Mar 2021)

sharkattack said:


> Does anybody know how many smartphones are allowed to access the same account.  In our case we are community group that we want several people to be able to go into the account to make payments etc.  Can they all download the BOI App and register to the same account once lead phone number on the accounts sends on the initial activation code?
> When a non primary holder then makes a payment will they still have to get a verification sms code forwarded to them  from the primary contact number every time they go to make a payment?  This would be a right pain it this was the case for us.


You can setup multiple devices, I have done this with a phone and tablet in case I lose phone.
Not sure what the limit is in terms of devices, the FAQ says "we recommend you set up at least one other device."

You get initial message when registering device but not when making payments. All such transaction comms are through the app.


----------



## time to plan (12 Mar 2021)

shweeney said:


> you didn't *have* to buy an S20. You can get a perfectly usable Android 10 phone for €150. The iPhone 5 is from 2012, you had a good run with it.


Nokia 2.4 100 quid from Tesco.


----------



## odyssey06 (12 Mar 2021)

time to plan said:


> Nokia 2.4 100 quid from Tesco.


That'd be a good one, has Android 10 with future upgrade to Android 11.
Build in a few years before planned obsolescence kicks in in terms of dropping support for Android 6.


----------



## time to plan (12 Mar 2021)

I had the Nokia 2.2 and now my daughter uses it fine. Internal storage not great but you can put an SD card in.


----------



## Black Sheep (12 Mar 2021)

Seems daft to me to buy a new phone just for a banking app. I am perfectly happy with my IPhone 5.   It does everything I need (except banking). It's small and neat and all the modern ones are much too large to handle


----------



## Sconeandjam (13 Mar 2021)

If you access your account by pc you not need a smart phone. They are posting out security keys specific to the person alone. Just got one in the post. I do not know how it would work logging on using Internet app on the phone.

I don’t  know why they set up their login this way. Ulster Bank one is great. You have your id, 4 number code and the letter code. Then you receive a text with one time password code when you log on. Works really well and covers the new rules. Pity will be loosing such a good website with Ulster Bank leaves Ireland. Will miss it.


----------



## RedOnion (13 Mar 2021)

Sconeandjam said:


> I don’t know why they set up their login this way. Ulster Bank one is great. You have your id, 4 number code and the letter code. Then you receive a text with one time password code when you log on. Works really well and covers the new rules


But, Ulster Bank have used card readers for years to approve transactions. The text message does not allow you to approve transactions.


----------



## MugsGame (13 Apr 2021)

time to plan said:


> Nokia 2.4 100 quid from Tesco.


Am I right in thinking this is not locked to the Tesco network, as it's a dual sim phone?

Also do the Tesco models have NFC? Conflicting reports online as to whether the Nokia 2.4 supports NFC.


----------



## mathepac (3 Jun 2021)

EmmDee said:


> The app is more secure than the website. With the app they can identify the device so don't need the text second factor (text messages aren't secure in any case). It is a secure channel from device to bank


Please stop spreading this myth. All iPhone to iPhone texts using their native app are end-to-end encrypted, travelling via Apple' own private network and not accessing public or open services.

Another "well-known fact" eradicated.


----------



## EmmDee (4 Jun 2021)

mathepac said:


> Please stop spreading this myth. All iPhone to iPhone texts using their native app are end-to-end encrypted, travelling via Apple' own private network and not accessing public or open services.
> 
> Another "well-known fact" eradicated.



iMessage isn't using SMS technology. The question was about SMS security. I don't believe the banks are using iMessaging for authentication because it requires both ends to be on Apple devices.

So you "eradicated" something I didn't say. SMS texts are not secure


----------

