How exactly would being able to spoof a text message help you break the validation? The original request that sends the text does not originate from a mobile device???
Neither email, sms, or post provides any assurance that the sender is who they say they are. Unfortunately, these are the only practical ways for companies to send us 2 factor authentication keys.I don't think major finanacial institutions should be relying on an unauthenticated protocol.
This falls back to the advice that everybody has been hearing about email phishing forever - never trust a url that's been sent to you.AIB are sending passcodes by SMS ... verify easy to insert a fake re-authenticate passcode and a new URL to capture your verified by visa details.
AIB are sending passcodes by SMS ... verify easy to insert a fake re-authenticate passcode and a new URL to capture your verified by visa details. I don't think major finanacial institutions should be relying on an unauthenticated protocol.
When you get an SMS you have absolutely no way to know for sure that it is authentic, and you are now reliant on the bank sending you a passcode via such means.
I hadn't heard this from AIB so thanks very much for letting us know. They are not good about informing customers from my experience.
What concerns me greatly is that AIB (correct me if I'm wrong) only accepts an Irish mobile number. So if you travel a lot and use local SIM cards and phone numbers in other countries, there is no way to receive the text message to complete an online purchase. Any advice for that? There really needs to be a secondary way to confirm an online purchase either by email or allowing international numbers as well. It's interesting how in Europe the banks are making it harder to shop online (for good reasons of course) and in the USA they are fighting to keep it as easy as possible.
Now my biggest problem with AIB and the need to prevent fraud is their lack of transactional email alerts. Every US credit card company offers instant email alerts for every purchase. That would let me be notified about potential fraudulent transactions as quickly as possible. Does AIB really expect me to login every few days to make sure all my purchases are valid since they can't catch everything. Several months ago I luckily caught a fraud purchase but it could have taken me weeks longer to notice and report it.
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?