Cycling UK Forum

brooksby wrote:All of those Recaptcha ("Click on every bridge / every traffic light / every crosswalk / etc") are allegedly being used to help Google's driverless cars tech. The company that runs them is a Google subsidiary.

I reckon that's a myth.

How would they know you'd clicked on the correct images unless they already knew the answers?

Did some internet banking this morning.

Natwest paying a couple of bills - council tax and water rates - No, we refuse to have DDs before anyone say's we should!
If we can't afford to pay, we won't. We don't want them taking money before we have the means to pay for it!

Sorry, I digress.

Natwest sent me a code.
I was sitting with a cuppa with my laptop and my phone nearby.
The code came through as a text, and I inputted it into their slot on the page.
All fine of course.

What I fail to understand is WHY they use these.
If I know my login info and my password and the other password, is that not enough?
That's three sections - password and two lots of numbers to input.

If someone sat here that's not me and knew all this info regarding numbers and words, they would also have access to my mobile phone!
What would Natwest do if my mobile phone was in the washing machine again!

kwackers wrote:

brooksby wrote:All of those Recaptcha ("Click on every bridge / every traffic light / every crosswalk / etc") are allegedly being used to help Google's driverless cars tech. The company that runs them is a Google subsidiary.

I reckon that's a myth.

How would they know you'd clicked on the correct images unless they already knew the answers?

And there I go thinking, the whole point about Captcha is that it can't be deciphered by a robot......

Hi all, If a robot is not supposed to be able to solve them stupid picture codes why are they spending mega money on "Artificial Intelligence"?
They bring in new techno systems, then panic like headless chickens when things go pear shaped!
Only ever had one issue when using cheques & paper statements, someone in the banking system didn't read the cheque number correctly, but debited the right amount of money from the account, spotted the problem on the statement then took the bank to task. Dared then to show me the cheque?
Traders were happy to accept a mail order transaction with a piece of paper -Gregory Peck - worked fine.
These days patience has gone, instant gratification demanded!
So me with no compatible phone, PIN Numbers or electronic widget will not be able to trade.
I'm going to set up a way to pay for my funeral that will require a personal response from me to release funds, but only to be requested after I turn my toes up MM

No MM, I hardly ever use cash now. Never had a problem using Internet banking, the one thing that puzzles me though is how do the banks pay each other if I transfer say £500 from Barclays to RCI Bank?
Maybe Mick F will know?

There is a notorious company that sells itself as a security company which has had backdoors left open to all and sundry with no fight whatsoever - and it's still trading.

There is literally a new mug coming online every minute, willing to put their trust in the promises of for-profit companies even when there is direct evidence that they aren't even competent, let alone suspicions that they might be evil.

There are encrypted notebook apps and non-cloud password managers and many other ways to skin this cat. You don't need to pay a cat-skinner with your personal data for this one.

661-Pete wrote:And there I go thinking, the whole point about Captcha is that it can't be deciphered by a robot......

No, just difficult.
The trick with those captcha's is to remove a lot of the context from around the image. Without context it's quite hard for a bot to reliably pick out the correct images.

My contact-me page on my website has captcha on it, but the bots can now defeat it (it's an older one).
I now have to run a filter on it to chuck away messages offering 'local girls', 'cheap pharmacy drugs' and assorted get rich quick schemes.
I guess I should update it, but last time I tried it refused to give me the correct token to run the captcha code.

Annoying, but lets face it the reason it's annoying is not just that there are folk out there that will do anything to make money but also that there are enough idiots to provide them with the motivation.

mjr wrote:There are encrypted notebook apps and non-cloud password managers and many other ways to skin this cat. You don't need to pay a cat-skinner with your personal data for this one.

Yep but none are as convenient. That's why I pay the trivial amount of cash they want - convenience.

If I was really that bothered I'd write my own, I'm simply not. The world has gone security mad and when you dig in the weak points are almost never these apps, but the idiots behind the keyboards.
It's amazing what people will hand over willingly without questioning just by asking them for it.

661-Pete wrote:Back to the online banking issue. Twice in the past two days I've had to log in online to my current account. The first time was to make a transfer, for which - understandably - I was asked to use my card reader. The second time was simply to check my statement.

Both times I was sent a challenge code to my mobile, which I then had to type in. This is a recent development, apparently the norm now, and to my mind both a nuisance and an unnecessary layer of 'security' - especially seeing as it's suggested above that SMS's to mobile phones are not all that secure!

What bothers me is, what if I lose my phone or it becomes inoperable in some way?......

I had this issue when travelling South America when transferring money to a travel pre-paid debit card (outside my bank). Fortunately it happened before departure so I could address it with my bank (because I'd be getting local SIMs and thus my number would no longer work).

(They are a good reputable bank, excellent service, etc.) They investigated and found it was happening because they had my mobile number and the only reason they had it was to send me these codes. So the solution was for them to remove my mobile number from their systems (they didn't need it away) and they'd not bother sending me these codes. If they (or their computers) genuinely felt a transaction might be fraudulent then they'd block it, I could call them and do the (3 and 5 letters from your password) and they'd release the transaction.

Are your bank doing this just because they have your mobile? And do they need your number for any other purposes? I've only ever been called by a financial institution twice and both times they got nowhere as they could not tell me the 2, 5 and 9th letters from their password.

Ian

philvantwo wrote:Just go back to paying for stuff with cash! Simple, end of......or when I'm abroad I use a revolut card, put however much money you want on it, it's not linked to your bank account and you can turn features on or off, such as contactless, swipe, chip and pin or online shopping or freeze the card altogether. Use it in this country too.

I use cash as little as possible. I used to work a lot in Sweden and found so many places and taxis actually refused to take cash.

softlips wrote:

philvantwo wrote:Just go back to paying for stuff with cash! Simple, end of......or when I'm abroad I use a revolut card, put however much money you want on it, it's not linked to your bank account and you can turn features on or off, such as contactless, swipe, chip and pin or online shopping or freeze the card altogether. Use it in this country too.

I use cash as little as possible. I used to work a lot in Sweden and found so many places and taxis actually refused to take cash.

I've never lost any money via electronic means, if money has gone for a walk then it's been refunded without hassle.
Cash on the other hand that's definitely gone for a walk over the years...

I find it weird that folk get hung up on the security of electronic systems that if anything are over secure but seem happy with a system that is fundamentally insecure.
Mind you the new 'plastic' money survives washing machines pretty well these days so there's one source of attrition covered.

an unfortunatey story of a sim hijak

https://www.bbc.co.uk/news/technology-50043230

Jack Monroe says she has lost about £5,000 after her phone number was hijacked and re-activated on another Sim card. The criminals were then able to receive her two-factor authentication messages and access her bank and payment accounts. Simjacking, also known as Simswapping, is when criminals port a phone number over to a new Sim card, which they can then use as if it was their own.

it seems that the mobile phone companies staff in their shops are often bribed to do a sim swap

One reason I wont do Internet banking of any kind and use a phone for authenication that is never used for any other purpose and stays at home, where I might need to use any authentication. I also use an authentication app from Microsoft that supplies a code that is only valid for 30 seconds so cant be hijacked

mercalia wrote:an unfortunatey story of a sim hijak
https://www.bbc.co.uk/news/technology-50043230

I've been reading that story, too.

All rather worrying. I just tried logging into my account. It asks for part of a "PIN" number, then part of a password. That's the system it's always used, ever since I first signed up for internet banking.

But now it also sends a code to my mobile. The first time this happened, the bank's site then hung up immediately after sending the SMS - so although I got the text, I couldn't enter it into the website.

Close down browser and start over. This time a different text was sent to my phone, and this time I did successfully use it to log into my account. Note: I wasn't intending to do anything on my account, merely try the system and check the balance.

Totally unnecessary, and - if Jack Monroe's experience is anything to go by - risky. Should I perhaps tell the bank I don't have that mobile any more, and don't intend to replace it?

661-Pete wrote:I've been reading that story, too.

All rather worrying. I just tried logging into my account. It asks for part of a "PIN" number, then part of a password. That's the system it's always used, ever since I first signed up for internet banking.

But now it also sends a code to my mobile. The first time this happened, the bank's site then hung up immediately after sending the SMS - so although I got the text, I couldn't enter it into the website.

Close down browser and start over. This time a different text was sent to my phone, and this time I did successfully use it to log into my account. Note: I wasn't intending to do anything on my account, merely try the system and check the balance.

Totally unnecessary, and - if Jack Monroe's experience is anything to go by - risky. Should I perhaps tell the bank I don't have that mobile any more, and don't intend to replace it?

Can you set up a payee on the app?

If I use the app on my phone it never sends anything to it. If I log in on a new browser it'll send a code to my phone.
But even with the code you can't send money somewhere you shouldn't. Need a card and the card reader for that.

(You could be very annoying though moving money around my accounts and sending it to my window cleaner...)

kwackers wrote:Can you set up a payee on the app?

I can't - as of now - like you I need the card reader for that (I use a computer, not a phone app - but same thing). If that level of security doesn't change I'm probably safe. But I still wonder how Jack Monroe got caught...