Why is online banking so infuriatingly over the top with security?

Posted by OkTry4424@reddit | AskUK | View on Reddit | 19 comments

Just went to help my mum out with making a purchase online. Pretty tech savvy but in her 70s and with NatWest now has to approve purchases using an app. I'm very tech savvy and my mind is blown by how complicated it is. Seemingly pointlessly as I had to resent and recreate an entire new online banking log in just to verify the app, using the exact same thing (personal details, debit card, mobile phone) as she used to buy the bloody thing (a new fridge) in the first place. I get they have to be secure but why is it so over the top? Does anyone who works in that industry think it's is redundantly complicated and "overly safe"? Or are there good reasons I'm missing? Quick edit - everyone saying so far, and I should have been clearer, "because people get scammed". If you're going to fall for a scam these systems offer zero protection. If you can go through the process that is like authorising the launch of nuclear weapons, you can send money to anyone, anywhere. If you're convinced the scammer is real, then you'll be convinced enough to go through the app/code/face recognition/having a family member simultaneously turn a key at the same time you do shit to OK the bank's systems.

Reply to Post

19 Comments

[-]

Other_Exercise@reddit

What I do is find a minimum security solution, such as Revolut or Monzo, and funnel finances through there. Saves me getting out the dreaded card reader constantly.

[-]

Hunkfunkulous@reddit

It's because eejits get scammed by giving their details away to cold callers and the banks get the blame

[-]

OkTry4424@reddit (OP)

I've made an edit (and will copy paste this for those who commented before it) because I admittedly didn't explain it properly. If you are convinced enough some scammer is real, you're convinced enough to go through the launch code shit and OK the transaction.

[-]

WebGuyUK@reddit

The more complicated you make it, the more people will give up, they may still believe the person is legitimate but will be frustrated enough by the steps to say I will do it later / tomorrow

[-]

fsv@reddit

There's also the issue of liability. If you go through all the hoops including all the ones where the bank ask you to confirm who and why you are sending money, then it's on you the customer and not the bank if you've lied about what's going on.

[-]

terryjuicelawson@reddit

That will still be a very small percentage, I have read of very clever scammers who made out that they were part of the bank's internal security team trying to bust an inside racket going on, therefore it was OK to ignore the warnings. They basically groomed people over weeks, spoofed numbers, earned their trust, it was quite sophisticated and only a very few would eventually fall for it. Security is there to stop the low hanging fruit, and also protect the bank itself. Part of me thinks if an old lady can't work out how to enter a mother's maiden name or enter a text message code, maybe they shouldn't be in charge of thousands of pounds worth of money being shifted around online.

[-]

BagpipeBandit@reddit

Listen do you want to be sucking off a dog under a bridge for an old packet of Quavers or not? If not then just do the thing.

[-]

fannykneck@reddit

Because people are idiots and get upset if you tell them they are being scammed "NO I am just naturally buying 20 £100 apple cards for my grand child" "You don't understand my son lost his phone and needs me to send him my life savings" "Yes this nice Microsoft person cold called me and is giving me £5000 but he sent £10,000 by mistake so I am giving him back the £5000"

[-]

OkTry4424@reddit (OP)

[-]

Buh_Snarf@reddit

Often the delay can be enough to give the person chance to think of what they're doing. Scamners usually take advantage of something bring time sensitive. You MUST do this now. That can often overwhelm a person's normal cautious nature. Same reason in branches they'll usually get the person to come and sit down to talk through the transaction, it calms the person and makes them question any red flags if there are any.

[-]

Chilton_Squid@reddit

Because people keep on falling for scams and expecting banks to pick up the bill.

[-]

OkTry4424@reddit (OP)

See my edit. So it's the banks protecting themselves? Still doesn't stack up. Just have a T&C on sign up (which I'd bet my yearly income without even checking they already have in place) that says if you get a scammed, it is your fault.

[-]

Chilton_Squid@reddit

They've been doing that for years, it's still easier for them if people don't get scammed. It still wastes their customer support time and fraud teams' time with people calling up to say they've given all their money away.

[-]

OkTry4424@reddit (OP)

But it makes no difference surely? Or, and I've just thought of this, is it like paracetamol being banned in bottles and only allowed in blister packs? Allow me to explain - paracetamol overdose was a scary method of suicide. Both because it was common (easy to obtain) and because it rarely works. Normally horrific liver and kidney damage and a long (like, years) painful death. Banning it from being sold in bottles and moved to blister packs meant someone could still OD, but having to push out every tablet was often just enough to snap people into their senses. Studies and stats backed this up. It worked. I wonder if it's the same thing here? For all the Reddit miserable boring bugger replies, we might actually have an answer here.

[-]

Chilton_Squid@reddit

If you're saying "is it to make it harder" then the answer is yes, and that seems to be the answer everyone is giving on this thread.

[-]

OkTry4424@reddit (OP)

But, no one has explained why, except me working it out, with your help admittedly. People are just doing the usual "err, to stop scammer, what are you stupid?" stuff. Like I say, it doesn't stop scammers in theory, at all, but in practice it does. No one has yet (admittedly they might have done since I last checked the replies a few minutes ago) said "yes, it is infuriating (admittedly a few have said this), no it doesn't actually stop you moving money to anyone, but that pause for thought makes you think before you hit send".

[-]

333222444333@reddit

You have been told all those things

[-]

Splishsplashplop@reddit

Does my head in, had to leave Barclays as their app doesn't work on my devices. If possible I pay via paypal now as that doesn't make me have to authorise the payment in banking app.

[-]

Bigtallanddopey@reddit

Be careful with using PayPal. You basically enter into an agreement with them not the shop. So if a return needs to happen, you cannot get the money back from the shop. It has to come back through PayPal and it can get tricky with certain companies. Safest thing to use online is a credit card, but yeh you have to authorise through an app these days.