back to article Funny story, this. UK.gov's 'open banking app revolution'. Security experts not a fan of it

UK banking industry regulators are pushing banks to offer customers access to their data through shared smartphone apps. The new rules from the Competition and Markets Authority are designed to promote transparency and clarity while providing an incentive for customers to switch providers. The model is taken from the UK's …

Anonymous Coward

The collapse of nearly every empire or dynasty was characterized by an over-dependence on financialization, over real industrial output.

17
0
Anonymous Coward

So, get ready

for the end of "free" banking.

If i could ditch my bank account altogether, i would, in a heartbeat. But my employer insists they pay my wages into a bank account, in fact its in my contract FFS.

Get ready for an exponential increase in fraud claims. Most will be genuine, a lot will be opportunistic scallys dipping their toes in the water to see what they can get away with.

Its a fucking enormous con. Viz top tip of the day? DONT use a banking app....

8
0
Pirate

Breaking news

Firm peddling "app security" to security concious app market says "oi, don't all go and use the same app you bastards!" shock!

Film at 11

0
0
Silver badge
Thumb Down

Security?

So how do I go about formally demanding that my account accepts No mobile access?

24
0
Silver badge

Re: Security?

I suspect in the same way that you ensure your account doesn't accept contact-less payments - don't set it up in the first place.

1
5
Silver badge

Re: Security?

Well I find it useful to be able to look at the contents of my current account (being in the middle of nowhere and occasionally wishing to do so out of working hours), but that is all I want. I made a polite request to Virgin that the only access I wanted to allow to the account was read only - after their security checks. Everything else would require a visit to the bank or a telephone conversation. And lo and behold they just did it. Cant even change contact details over the internet.

4
0
Silver badge
Thumb Up

Re: Security?

First Direct get the balance about right for their account access on both mobile and web - any new payee or anything sensitive needs 2 factor. All the day to day stuff is just simple login.

That said, I have Windows Phone, so not much chance of this app ever being available for me!

5
0
Anonymous Coward

Re: Security?

You dont get that option in many banks. it is either use our card or dont.

7
0
Alert

Re: Security?

Which requires you to be very, very firm with your bank, or punch the appropriate hole in your cards.

0
0
Silver badge

Open Banking

"Open" in the sense that access to my bank account will be via an Android phone that hasn't had a security update in 2 years.

13
0
Facepalm

Re: Open Banking

Well, that's your fault! You know you are supposed to replace your "ageing" device every 18months...

1
0
Silver badge

Competition and Markets Authority

Promoting competition in the market for your stolen personal data.

13
0
TRT
Silver badge

Re: Competition and Markets Authority

Promotes customer choice. But not if you want to choose a bank that doesn't have all the online crap.

1
0
Unhappy

So...

...Mrs Old Mrs Miggings will not only loose everything in her Current account, but also her savings account and her ISA

8
0
Anonymous Coward

Missing the point

Perhaps if the C&MA knew quite how much of banking was still running on unsupported Win2K3 they might change their tune...

9
0

Re: Missing the point

Hahahahaha, win2k3?

That's the _NEW_ PC right?

Most of the banks still run on AS400s

4
0
Anonymous Coward

Re: Missing the point

there's a lot of z Series kit out there too ...

3
0

Re: Missing the point

"Most of the banks still run on AS400s"

Good! At least the script kiddies will have to work to get into one of those.

6
0
Anonymous Coward

Re: Missing the point

They will get very confused about the version of iOS :)

4
0
Silver badge

Re: Missing the point

But that makes you think. Script kiddies confused, but a consortium of ageing Reg commentards with evil intentions could probably get obscenely rich in a very short time.

2
0
Meh

Debt and Data - the brave new currency

<see above>

3
0

I'm all for online banking...

...but ubiquitous banking apps on mobile phones is a disaster in waiting.

Plus, I doubt it'll do anything that the CMA claims it will.

Maybe people aren't switching because, on the whole, UK banking is very good? I've only ever moved to take advantage of deals not because of bad service.

2
2
Silver badge

Re: I'm all for online banking...

"Maybe people aren't switching because, on the whole, UK banking is very good? I've only ever moved to take advantage of deals not because of bad service."

Really? More likely people aren't switching because they're uniformly crap having dead-heated in their race to the bottom. I've only ever moved because of bad service and am running out of places to go.

8
0
TRT
Silver badge

Re: I'm all for online banking...

I have limited experience, but my UK bank account stood head and shoulders above my Canadian one. Apart from the Canadian cheque book, that was very pretty indeed. So artistic I didn't want to write any cheques, in fact, as I'd then not have the full set of bird paintings worthy of an 18th century naturalist.

3
0
Silver badge
Windows

Re: I'm all for online banking...

I'm still waiting for them to explain how changing banks - where I've been for over forty years - will save me money. Given that I don't borrow money from the bank, don't run overdrafts, or take any other paid service.

I give them money once a month, they give it back to me a bit at a time. On rare occasions they may even add a few pennies to the account, but that's about all I expect.

There will be a letter written to the bank shortly, saying basically, don't do it with my account.

9
0

Re: I'm all for online banking...

You can make EASY MONEY by switching and taking advantage of savings offers (bank tarting).

[http://www.moneysavingexpert.com/banking/compare-best-bank-accounts]

First Direct pay £100 to switch (and they are very chatty in the customer service department and their mobile app on iOS can use TouchID).

Co-op pay £150 to switch (I've had an account with them for 20+ years)

Halifax pay £100 to switch

M&S pay '£100 M&S gift card' to switch (if you need a new suit, shirts, ties, ladies underwear)

If you don't want to switch then why not open a new account somewhere put a couple of direct debits on it and then after a month or so switch that account to one of the above and make some money .. rinse and repeat.

Also works for credit cards .. cash back on purchases and 0% interest for over a year (hint: put the money you would have used to pay off the credit card each month in to a regular savings account and earn up to 6% [firstdirect], 5% [nationwide])

TSB pay 5% on up to £100/month in transactions using contactless or apple pay .. money for old rope ... you even get 5% on up to £2000 when in balance .. just pay in £500 per month (standing order it around from another bank and then back again).

Remember money makes money but only if you make it work for you and not for the Banks.

1
1

Mainstream

Congratulations. A link to your story has made it on the Google Finance page.

1
1

Re: Mainstream

'ere you young whippersnapper - I was reading The Register when Google was the weird new search engine trying to cut into Altavista's territory.

Google should be proud El Reg was mentioned on their little page! :D

15
0
Silver badge

Competition?

There may be times when competition is a good thing. But personally I don't want to have to compete with the Russian mafia for control of my money.

16
0
Silver badge

I saw this on BBC News the other day, and at the time thought that an all-in-one banking app was a bad idea.

Their stated aim is to "promote transparency and clarity while providing an incentive for customers to switch providers" but I cannot see that one-app-to-rule-them-all is in any way likely to promote transparency and clarity.

Enforcing extra competition for the sake of it seems to be something this government have tried to do for a number of sectors, and it just doesn't work. I don't understand why they feel someone switching banks every six months is something to encourage?

As someone posted earlier, maybe people don't switch banking providers because they are generally happy with the service they get - or, more likely, there is not enough difference between the services provided by any single bank which would justify switching.

9
0
Silver badge

How long before...

...anything resembling a normal life becomes impossible without a smartphone? I don't have one and by any rational assessment I don't need one. Apart from anything else I would begrudge the amount of money it would cost me to run one given that my current needs can be met from a PAYG "cheapie" that costs me something like £30 - 40 per annum to own and operate.

I - and doubtless many, many others - am perfectly capable of running my life without being enslaved to a piece of portable electronics, but I worry that the day is fast approaching when it simply becomes impossible because all other methods of communication with the organisations with which routine contact is necessary cease to exist.

"The Only Way is Smartphone". <Shudder>

12
0
Anonymous Coward

Re: How long before...

£30-£40 a year on your PAYG phone? I manage with about £15 -- and have great pleasure letting salespersons from BT run on about their mobile plans -- for as long as possible -- before telling them that.

3
0
Silver badge

Re: How long before...

Well, in the UK for about 7 months a year, and still have a contract with 3 for unlimited data, 5000 minutes and 5000 texts a month and international roaming (doesn't cover Oz though)

0
0

It's already happening, all the CMA are doing is making the tech more robust.

There are already companies offering this service for customers but with the transfer of online banking details and screen scraping, and while their security is top notch (we use one of them at work and their security guy is one incredible chap,) an API to access would make the whole process much more robust for us and our customers.

As a customer of a bank I could allow access to my data with granularity and tightly control who got what, I could allow my smart phone access to my balance and transaction alerts, I could allow my family access to our balance buy not our spend (got to hide the pub spend somehow!) and restrict what third parties could see and access.

That is, if people get behind this and do it well. If they don't we will end up with another MiData.

0
6
Silver badge

"their security guy is one incredible chap"

I'd prefer credibility in a security guy.

9
0

This will never happen

Mainly becasue;

a - It makes a massive target for ID fraud - Hack on gov.uk DB to get all of a person's financal data

b - It is against FCA rules for a bank or you to disclose your account login details

But it's a good soundbite, so thats okay

5
1

Re: This will never happen

No, no there really isn't.

As the FCA publish everything online fancy pointing us to these rules?

But you raise a good point - with an API you can use token based authentication instead of passing online banking credentials to a third party which IS HOW EVERYONE DOES IT AT THE MOMENT.

Which is what makes this awesome.

2
0

Re: This will never happen

Exactly!

Plus when you do a "risky" operation, such as a money transfer to external account, you require the user to add some credential that can range from fingerprint (easy but not that secure) to out of band authentication (not easy, requires another "device"). The strength of this second factor should depend on the risk incurred.

1
0
Anonymous Coward

but but but ..

the Competition and Markets Authority is a government body, therefore responsible and grown-up about these things. They wouldn't have suggested this without having thought it through, done a detailed feasibility study and also having set aside sufficient funds to cover unlimited claims for losses following their stupid idea, would they?

nurse ....!!

6
0
Silver badge

Re: but but but ..

The CMA is doing its level best to distract everyone from the fact that it doesn't have the balls to do anything truly constructive with the retail banking market. The banks have spent the last two years lobbying against any changes to their business model being imposed upon them. This is the result.

It's all smoke and mirrors.

8
0
FAIL

WTF?!

As soon as I saw this, I thought WTF?! Is the guy who came up with this idea naive or just plain feckin' stupid?

Ever day we hear of new ways in which your device can be compromised by ne'er-do-wells. Lump all your accounts together in one place to be cleaned out. Yeah, great feckin' idea. Not.

7
1
Silver badge

Am I the only one?

Am I the only one to think that, compared to what the Energy Market folks are proposing, this is a thoroughly Good Thing?

Energy market: we WILL circulate all your details to lots of spammers. You need to jump through hoops if you want to opt out.

Banking Market: it's all in a smartphone app. So the opt-out is obvious.

0
0
Silver badge

Re: Am I the only one?

"You need to jump through hoops if you want to opt out."

Do you consider a phone call to opt-out of a smart meter to be 'jumping through hoops' ?

I will say that the letter I got informing me that they were coming to change the meter over didn't give any indication that it wasn't mandatory - quite the opposite (without explicitly saying you *had* to have it).

When I phoned up to say I didn't want it, ever, they asked for a reason. I just said 'security' and that was that - account updated with note to say not to install smart meter. Took about 5 minutes, Annoying, yes, but hardly what I would consider multiple hoops at height.

5
0
Silver badge

Re: Am I the only one?

I had a more effective way. Guy came to fit smart meter, I stood and watched, saying nothing bar chitchat about the weather. Waited for him to finish and test it at which point he discovered complete absence of phone signal, from anyone. I could have told him that! Half an hour later s.art meter has gone and been replaced with nice shiny new oldstyle kit. I log in to their website every three months and give them a reading.

Works for me!

3
0
Silver badge

Re: Am I the only one?

Who said anything about smart meters? I was referring to the energy regulator's proposals to circulate your details to every spammer and his dog if you decline to play their game and stick with a single provider for three years!

Thou shalt be a whore or face the consequences!

2
0
Silver badge
FAIL

Re: Am I the only one?

@Nick, apologies for the assumption, but it seemed to fit.

That's me that is -------->

0
0

API

API does not stand for "application protocol interface".

7
0
Silver badge
WTF?

Re: API

Gives you a warm fuzzy feeling to know that they are experts eh? :)

2
0
TRT
Silver badge

Re: API

The BBC report on it had me crying into my iPhone. They worded it like it was something new, almost unique to the banking industry and designed for price comparison websites.

3
0

Re: API

Another Pathetic Intervention?

2
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018