Jump to content
MCF HangOut X Lexus – 9 May 2024, Lexus Boutique ×

Bank Apps in Mobile Phone - Is it secure?

Wt_know

By Wt_know,
in Lite & EZ

 Share

Recommended Posts

Wt_know

Wt_know

Supersonic

is it secure?

 

1. assuming you lost your phone

2. although you have fingerprint sensor setup but your passcode is stupidly configure with 123123 123456 000123

3. if the perpetrator add in his fingerprint

4. he can activate the banking app and transfer money out

 

i see many people use their phone while in mrt

when standing near looking down ... can see everything a person doing with the phone

no need a super duper tok kong hacker

simply anyone grab/snatch the phone and can do nuts and crazy stuff in the first 15-30 mins even before the user can report to bank

 

what do you think?

↡ Advertisement
  • Praise 1
Link to post
Share on other sites
Jman888

Jman888

Moderator

Bank apps are very secure.

 

Want to transfer money also need to add recipient. Need token.

 

Else can just look at the balance only lor.

 

 

some bank do away with token liao.

 

i use finger print on banking apps and not sure if the bank register your print hence even if you change the finger print on the phone will affect the finger print in the apps.

Link to post
Share on other sites
Wt_know

Wt_know

Supersonic
  • Author
(edited)

yes, some bank already phasing out the token ... UOB Mighty

 

i assume if the person has possession to your phone

and manage to break your silly passcode to add his fingerprint or FACE id ... (Radx ... lol)

he can use your banking apps just like you ... isn't it

Edited by Wt_know
Link to post
Share on other sites
Jman888

Jman888

Moderator

yes, some bank already phasing out the token ... UOB Mighty

 

i assume if the person has possession to your phone

and manage to break your silly passcode to add his fingerprint ... or your FACE ... (Radx ... lol)

he can use your banking apps just like you ... isn't it

 

i am not sure if you add your finger print on the phone is the same as the finger print register with the banking app, tonight i add my wife finger print to try, i should be very worried if it succeed  [laugh]  [laugh]

Link to post
Share on other sites
Wt_know

Wt_know

Supersonic
  • Author
(edited)

good point. i have many apps activated or unlocked using fingerprint id ...

it's the same fingerprint id registered in the iPhone because once i turn the option on, i can straightaway unlock and login to the specific apps

it's the same fingerprint id in iPhone which can be added or remove with passcode!

 

i am not sure if you add your finger print on the phone is the same as the finger print register with the banking app, tonight i add my wife finger print to try, i should be very worried if it succeed  [laugh]  [laugh]

 

Edited by Wt_know
Link to post
Share on other sites
Civic2000

Civic2000

Supercharged

Immediately after you lose your phone, perform a Remote Wipe on an iPhone to Erase All Data, if you are iPhone user.  I guess Android phone also can do the same.

  • Praise 1
Link to post
Share on other sites
Wt_know

Wt_know

Supersonic
  • Author
(edited)

1. provided you turn on Find My iPhone ...

2. since i don't have the phone with me i can't even login to iCloud with 2FA

 

Immediately after you lose your phone, perform a Remote Wipe on an iPhone to Erase All Data, if you are iPhone user.  I guess Android phone also can do the same.

 

Edited by Wt_know
Link to post
Share on other sites
Vratenza

Vratenza

Supersonic
(edited)

Assuming the perpetrator manage to reach step 4. , most mobile banking app (eg. DBS) will still require him to have the physical dongle to get ready to input the SMS verification code as the last step for large sum transfer.

 

I had done a large sum (>$100K) transfer to the car owner at LTA when I was buying the 2nd hand car directly from. I had to prepare the physical security dongle to verify the transfer process on the spot.

 

Even if he manage to transfer small amounts  (assuming he knows the limits you set) without need for the security dongle, there will be electronic trail on where the money went. Easy job for the police to trace the bugger and flush him out into the open.

 

is it secure?

1. assuming you lost your phone
2. although you have fingerprint sensor setup but your passcode is stupidly configure with 123123 123456 000123
3. if the perpetrator add in his fingerprint
4. he can activate the banking app and transfer money out

i see many people use their phone while in mrt
when standing near looking down ... can see everything a person doing with the phone
no need a super duper tok kong hacker
simply anyone grab/snatch the phone and can do nuts and crazy stuff in the first 15-30 mins even before the user can report to bank

what do you think?

 

Edited by Vratenza
  • Praise 1
Link to post
Share on other sites
Myxilplix

Myxilplix

Turbocharged

I'm guessing the app unlock is tagged to the fingerprints registered on the phone and do not have their own separate database. Perhaps in the future we can expect the fingerprint/face/retina scanner on the phone to communicate directly with the bank's database to verify your ID when you try to log in.

 

I'm loving the fingerprint log-ins. Use it for my UOB and DBS personal accounts as well as my OCBC corporate account. Funny thing is i noticed that Citibank was the first of my banks to utilise fingerprint log-ins for their mobile app, but recently they seem to have removed the function.

Link to post
Share on other sites
Wt_know

Wt_know

Supersonic
  • Author
(edited)

mobile payment thru any mobile number = $1K or $10K daily limit ...

no need token whatsoever and no need to add payee (done that) ... chop chop money transfer thru mobile number

 

FAST transfer = $200K daily limit ... yes ... need a physical token

bank starting to phase out physical token and in the near future purely based on the mobile apps "secure"

 

i call the bank cust service ... she said you have OTP and SMS notification right

i said ... harlow ... what if i lost my phone and the bad guy have my phone and within 30mins ... $200K gone liao!

 

she said ... you have fingerprint id to secure your phone right

i said ... what if a bad guy snatch my phone and he probably look at my passcode when i was using my phone

 

she said ... in that case ... yes ... you are doomed ... LOL!

 

yes ... can trace to an account that got the money transferred in

but that account probably registered to a 70 years old ah ma

money gone already ... are you going to get the money from the 70 years old ah ma?

 

Assuming the perpetrator manage to reach step 4. , most mobile banking app (eg. DBS) will still require him to have the physical dongle to get ready to input the SMS verification code as the last step for large sum transfer.

 

I had done a large sum (>$100K) transfer to the car owner at LTA when I was buying the 2nd hand car directly from. I had to prepare the physical security dongle to verify the transfer process on the spot.

 

Even if he manage to transfer small amounts  (assuming he knows the limits you set) without need for the security dongle, there will be electronic trail on where the money went. Easy job for the police to trace the bugger and flush him out into the open.

 

i guess one can open another bank with limited fund inside ie $5K nia and use that banking app

used for paynow and simi sai QR code payment

seriously, if you have your life savings saved in a bank

why would you want to carry your whole life savings (in the banking apps) with you wherever you go?

 

Edited by Wt_know
Link to post
Share on other sites
Mockngbrd

Mockngbrd

Supersonic
(edited)

Yes, the security is tagged to the phone. The phone will send the authentication key/token to the app server to OK the login. 



The opening post, the lack of security seems more down to the lousy end user.

1. assuming you lost your phone (Your fault)
2. although you have fingerprint sensor setup but your passcode is stupidly configure with 123123 123456 000123 (Your fault)
3. if the perpetrator add in his fingerprint (Point 2)
4. he can activate the banking app and transfer money out (If by now end user still has not realised his phone is lost, Point 2)

Edited by Mockngbrd
Link to post
Share on other sites
Wt_know

Wt_know

Supersonic
  • Author
(edited)

i will bring you to ktv and give you 1 bottle XO ...

then can i borrow your phone? [sly]

 

Yes, the security is tagged to the phone. The phone will send the authentication key/token to the app server to OK the login.

 

Edited by Wt_know
Link to post
Share on other sites
Wt_know

Wt_know

Supersonic
  • Author
(edited)

i also want to borrow radx phone

but his face very difficult to unlock his phone

don't know why ... muahahahaa

 

borrow for what? I also never activate paynow/paylah. 

 


1. misplace phone ... it's human ... human make mistake ... even the most meticulous person could make that mistake

2. ok ... assuming passcode is not silly 123456

3. perpetrator can be monitoring you from nearby and looking at you while using your phone

4. just need less than 5mins to complete a transaction ... you don't have enough time to react ... call bank already put on hold > 5mins lol

 

Yes, the security is tagged to the phone. The phone will send the authentication key/token to the app server to OK the login. 



The opening post, the lack of security seems more down to the lousy end user.

1. assuming you lost your phone (Your fault)
2. although you have fingerprint sensor setup but your passcode is stupidly configure with 123123 123456 000123 (Your fault)
3. if the perpetrator add in his fingerprint (Point 2)
4. he can activate the banking app and transfer money out (If by now end user still has not realised his phone is lost, Point 2)

 

Edited by Wt_know
↡ Advertisement
  • Praise 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...