New Bank Of Ireland security requirement

Cervelo said:
I could and most likely be wrong here but I thought that PSD2 only applied to electronic payments and doesn't necessarily apply to just logging into your account to check a balance,
Click to expand...

I would assume that logging into the online portal isn't restricted to "view only" and therefore they have applied the security level for payments to account access as well

Cervelo said:
why as JPD says can I log into my account with only my phone but with my computer I have to have a second electronic device like a phone
Surely if it's "mandatory" it applies to all ways of accessing your bank account??
Click to expand...

This is, I believe, due to use of app rather than website. If you're using the app, there is already verification of the device. Unlike SMS or email, messaging and interaction with an app is pretty secure. If you're logging in through a website, you're device isn't verified and so you get the second factor.

One way to check this - try logging on to the website on your phone browser (as opposed to the app). I'd assume you will get the verification request as you do on a PC
 
Cervelo said:
I could and most likely be wrong here but I thought that PSD2 only applied to electronic payments and doesn't necessarily apply to just log
Click to expand...
Yes. You are wrong.
Unless they separated their website into separate ones for checking balance, Vs doing transactions, they need SCA.

Cervelo said:
why as JPD says can I log into my account with only my phone but with my computer I have to have a second electronic device like a phone
Surely if it's "mandatory" it applies to all ways of accessing your bank account??
Click to expand...
Nonsense.
Using your phone covers 2 factors.

'something you have' - your phone. When you first set up the App, you go through a series of validations, which creates a unique certificate on your phone.
'something you know' your password.

Some Apps allow fingerprint authentication - 'something you are'
 
Thanks RedOnion, does that mean that PTSB will be adopting this step to their log in process
ATM I only need to do this extra step when making a payment or accessing any further data but log in is still the 3 step process??
 
Thanks RedOnion, it kind of does but doesn't specifically mention logging in but would presume if one bank is doing it then the others will follow suit

Also thanks EmmDee, the difference between website and App was not something I had thought about and you are correct about the phone browser
 
Cervelo said:
Thanks RedOnion, it kind of does but doesn't specifically mention logging in but would presume if one bank is doing it then the others will follow suit
Click to expand...
It'll be clearer when they implement it. I've never banked with PTSB, but I took a look at AIB to double check how they implemented. I rarely use the web, as most functionality is available in their App.

When you login, AIB have an option to only have limited access, and bypass the 2nd factor. If I choose that, I can view accounts and transactions, but nothing else.

I don't see this option with any of the others.
 
One concern I'd have about the App and phone is if someone robs your phone, they have both the app and your phone. At least until you get to cancel the phone or something.
 
RedOnion said:
When you login, AIB have an option to only have limited access, and bypass the 2nd factor. If I choose that, I can view accounts and transactions, but nothing else.
I don't see this option with any of the others.
Click to expand...

Sorry Red for dragging this out, It's a slow and painful death for me and probably the rest of youse :rolleyes:

So presumably AIB will have to update their log in process to comply with PSD2 or our they of the same understanding as me ??
 
Cervelo said:
Sorry Red for dragging this out, It's a slow and painful death for me and probably the rest of youse :rolleyes:

So presumably AIB will have to update their log in process to comply with PSD2 or our they of the same understanding as me ??
Click to expand...
They created 2 versions of their website.

I've no idea if they intend to keep it this way. The regulations talk about SCA being required to access a payment account.

You'd really need to ask AIB about what their plans are
 
@Cervelo

Below is what AIB say about the limited access option.
I was able to use it today because I had already logged in using 2 factor. So, I can only use it because I already did all the setup via App, etc.

"Limited Access gives you the option to log in without two factor authentication (provided you have already set up with SCA) for 90 days. With Limited Access you can make payments between your accounts and to your beneficiaries (people you pay), pay your bills, see your account list and view a limited number of transactions. If you need to access other services, you will need to log in with your chosen SCA method."
 
Mine is an old IPhone which I inherited from a family member during the first lockdown when my own phone packed up. It's fine for my needs but is too old to take the BOI app. so I popped in to the Bank yesterday to see if there were any other options. I do my online banking from my PC.
He assured me there was no problem and just continue as normal even after February and bypass the app.
Don't think I believed him!
 
By the time this does become mandatory you can get a physical security key from boi if you don’t have a compatible phone. They have now added some info about this here https://www.bankofireland.com/physical-security-key/
I was told by boi a couple of weeks back that these keys were not available to order yet & that boi would reach out to those who need them in due course.
I’d say it will be a very slow phase in. I know the new screen and red alert messages look high priority but that’s just to encourage people to act. With AIB you could just ignore it all for ages. A bank can only move as quickly as its customer base :)
 
Last edited:
RichInSpirit said:
One concern I'd have about the App and phone is if someone robs your phone, they have both the app and your phone. At least until you get to cancel the phone or something.
Click to expand...

But they would also need your login and pin in this scenario. The app on the phone is useless without this.
 
You must log in or register to reply here.
Back
Top