connda Posted December 25, 2022 Share Posted December 25, 2022 Download our banking app. "Safe and Convenient? Just download at Google Play."???? Ok <Goes to Google Play and installs my bank's application.> They only need access to most of my phones functionality: Camera, mic, contacts, location, etc etc etc. Then you login by just clicking their icon. Perhaps the first time you need a user-id/password. Might even need 2-factor authentication (going to the phone you're holding). After that? Bob's Your Uncle. Just click the icon and your in! I don't see how Android is either safe or secure. Possibly convenient (or not). What do you think? 1 Link to comment Share on other sites More sharing options...
Popular Post worgeordie Posted December 25, 2022 Popular Post Share Posted December 25, 2022 Install a security app , Check Lazada for Eset mobile security ,has antivirus , phishing and safe banking , only 116 Thb , then feel safer ..... regards Worgeordie 1 3 Link to comment Share on other sites More sharing options...
1FinickyOne Posted December 25, 2022 Share Posted December 25, 2022 Trust it for what? ET phone home 1 1 Link to comment Share on other sites More sharing options...
Popular Post topt Posted December 25, 2022 Popular Post Share Posted December 25, 2022 23 minutes ago, connda said: Then you login by just clicking their icon. Perhaps the first time you need a user-id/password. Might even need 2-factor authentication (going to the phone you're holding). After that? Bob's Your Uncle. Just click the icon and your in! Not the case with SCB app. You have to put in a 6 digit passcode, or possibly use another form of id., before you can get into anything to do with money. 2 1 Link to comment Share on other sites More sharing options...
Salerno Posted December 25, 2022 Share Posted December 25, 2022 2 minutes ago, connda said: I don't see how Android is either safe or secure. Possibly convenient (or not). What do you think? I think you need to look at the security options more. None of my banking apps (none Thai) allow/are set to launch without another layer of security. If they could I'd uninstall. Like anything, your phone is only secure as you make it. 1 1 Link to comment Share on other sites More sharing options...
Negita43 Posted December 25, 2022 Share Posted December 25, 2022 I have no apps on my phone for anything financial - for example Lazada - access via PC - pay on receipt and email for account. In this age of "big data" you can't escape them collecting and collating your data but to me it seems crazy putting everything on one device in the name of security. So called two factor authentication on one device seems paradoxical to me - two device authetication is more secure ie access your account via a pc/notebook and get the OTP via your phone - surely it is less likely you will lose or have stolen both devices. 2 Link to comment Share on other sites More sharing options...
moogradod Posted December 25, 2022 Share Posted December 25, 2022 No way. We dont have electronic banking at all - mobile or not. I had electronic banking in Switzerland. Very convenient. But not to have it here eliminates at least some part of possible fraud. And branches are open for most transactions even late in the evening or on holidays - which is convenient enough. 2 Link to comment Share on other sites More sharing options...
KhunLA Posted December 25, 2022 Share Posted December 25, 2022 yes & no ... yes, because absolutely nothing on there that is a security issue, with exception of BBL, which gets my USA Soc Sec DD. It goes in one day, and out the next. That app simply to see if arrived, and current balance, usually <5k baht. no ... as don't know a Thai site yet that hasn't be hacked, or any site for that matter. Except for BBL, there isn't much on my phone. I use it for camera, GPS and that's about it. Only phone calls I get are delivery folks letting me know that are on the way. Don't think I myself make 5 phone calls a month. Link to comment Share on other sites More sharing options...
OneMoreFarang Posted December 25, 2022 Share Posted December 25, 2022 With many apps you have the choice if you want to enter your password manually, two factor authentication, fingerprint and other options. It seems many users just want it simple and if they have to enter a password again, they are just annoyed. I guess that is the reason why often by default all is set to be as comfortable as possible. Normal users just don't care. Or maybe they care, but only after something happens. Why did nobody tell me? ... 1 1 Link to comment Share on other sites More sharing options...
Popular Post moogradod Posted December 25, 2022 Popular Post Share Posted December 25, 2022 2 minutes ago, OneMoreFarang said: With many apps you have the choice if you want to enter your password manually, two factor authentication, fingerprint and other options. It seems many users just want it simple and if they have to enter a password again, they are just annoyed. I guess that is the reason why often by default all is set to be as comfortable as possible. Normal users just don't care. Or maybe they care, but only after something happens. Why did nobody tell me? ... I am aware of all that but I am not a normal user but a security paranoid. I have been working for the IT-industry for decades. And you are absolutely right - I believe especially Thais do not care that much. In fact that was the answer a bank employee gave me when I did bring up the issue of two factor authentication for transactions with my credit card. She said: No have. Thais like easy handling. 2 1 Link to comment Share on other sites More sharing options...
KannikaP Posted December 25, 2022 Share Posted December 25, 2022 31 minutes ago, topt said: Not the case with SCB app. You have to put in a 6 digit passcode, or possibly use another form of id., before you can get into anything to do with money. Same with Bkk Bank, 6 digit PIN. And with all UK banks. 1 Link to comment Share on other sites More sharing options...
it is what it is Posted December 25, 2022 Share Posted December 25, 2022 just looking at the shocking design and clunky functionality of my thai banking web pages puts me off installing their app. if the front end is that bad, how likely is it the back end is any better/reliably secure? Link to comment Share on other sites More sharing options...
Popular Post ballpoint Posted December 25, 2022 Popular Post Share Posted December 25, 2022 I can open all of my banking apps, Thai and overseas, by clicking the icon. I can check the account balance in each, but that's about all I can do at that point. If I want to do anything else, like set up a transfer, change my daily withdrawal limits for various methods, or even just see previous activity on my account, I need to use my fingerprint. Then, once I've setup and confirmed the transfer / new limits, I need to enter a 6 digit PIN for it to go ahead. This is standard for all my accounts, whether they be in Thailand, Australia, Isle of Man, and Singapore. I have no worries whatsoever about the security of the system. In fact, the apps make things even more secure, because they all give me a notification if someone has as much as looked at my account details anywhere. But, keep wearing the tin foil hat, and standing in line at the bank, if it gives you a warm, fuzzy feeling. 2 2 Link to comment Share on other sites More sharing options...
Crossy Posted December 25, 2022 Share Posted December 25, 2022 Meanwhile. Line Pay needs my fingerprint TWICE (and seemingly endless confirmations) to transfer 16 Baht to a work colleague to pay for the Coke she got me from the Seven. Link to comment Share on other sites More sharing options...
Popular Post OneMoreFarang Posted December 25, 2022 Popular Post Share Posted December 25, 2022 Security? Who cares? Thai banks concentrate on the real important banking feature. Which is your favorite Blackpink girl? I also just got a new Swensen's card. I will share my ice-cream with Jennie for the next year. ???? 3 Link to comment Share on other sites More sharing options...
fdsa Posted December 25, 2022 Share Posted December 25, 2022 (edited) Quote Do You Trust The Security Of Your Andriod Smart Phone? of course no. If you want to be safe you have to use a separate phone dedicated to banking apps. I.e. use one phone for your casual stuff like sexting, playing games or browsing internets and another phone for banking only, without installing ANYTHING on it except those banking apps. And of course this phone must come from a reputable company and run a clean operating system without tons of preinstalled malware, e.g. an Apple iPhone or a Google Pixel, not a random chinese bullshít like xiaomi or oppo. P.S. despite Samsung is somewhat reputable company I would not recommend it for banking because their phones do not come with a clean Android operating system but rather filled with a bloat-/mal-ware with unknown functions and features. Edited December 25, 2022 by fdsa 2 Link to comment Share on other sites More sharing options...
connda Posted December 25, 2022 Author Share Posted December 25, 2022 1 hour ago, topt said: Not the case with SCB app. You have to put in a 6 digit passcode, or possibly use another form of id., before you can get into anything to do with money. Do you know how fast a 6 digit pass-code can be hacked? That's my point. Link to comment Share on other sites More sharing options...
connda Posted December 25, 2022 Author Share Posted December 25, 2022 57 minutes ago, moogradod said: I am aware of all that but I am not a normal user but a security paranoid. I have been working for the IT-industry for decades. Before I retired? Me too. Link to comment Share on other sites More sharing options...
blackcab Posted December 25, 2022 Share Posted December 25, 2022 SCB and UOB apps both need my fingerprint to log in. Link to comment Share on other sites More sharing options...
Negita43 Posted December 25, 2022 Share Posted December 25, 2022 Just one question for the pro app lobby - where do you keep your passwords? Link to comment Share on other sites More sharing options...
KhunBENQ Posted December 25, 2022 Share Posted December 25, 2022 (edited) 3 hours ago, topt said: Not the case with SCB app. You have to put in a 6 digit passcode, or possibly use another form of id., before you can get into anything to do with money. Same for Bangkok Bank, SCB and Kasikorn. And for effective transactions all use SMS OTP. Not considered too safe in the west and abolished. Insecure because of the careless procedures of telecom operators. (easily sending out replacement SIMs to new address via hotline request e.g.) Security of such apps is not limited/restricted by Android. That Android is one of the most buggy operating systems is no secret. That's what add-on security SW and regular updates are for. Edited December 25, 2022 by KhunBENQ 1 Link to comment Share on other sites More sharing options...
KhunBENQ Posted December 25, 2022 Share Posted December 25, 2022 12 minutes ago, Negita43 said: Just one question for the pro app lobby - where do you keep your passwords? In a manually maintained password file/container encrypted with VeraCrypt stored locally only on three backups (VeraCrypt on PC, reading on phone with EDS lite). Master-password under the scull cap, 16 characters. Enough for a while. Individual passwords are generated and no less than 14 characters. I am likely not in the focus of the latest quantum computer by NSA and others. So can sleep quite well. 1 Link to comment Share on other sites More sharing options...
topt Posted December 25, 2022 Share Posted December 25, 2022 2 hours ago, connda said: Do you know how fast a 6 digit pass-code can be hacked? That's my point. No it wasn't - your point that is. I specifically replied to your point about clicking on an icon only with no other input to access. Anyway good luck to a casual thief stealing my phone and being able to crack the 6 digits before I have disabled access. 1 1 Link to comment Share on other sites More sharing options...
topt Posted December 25, 2022 Share Posted December 25, 2022 1 hour ago, Negita43 said: Just one question for the pro app lobby - where do you keep your passwords? Specifically for my phone banking app - in my head. Otherwise generally somewhat similarly to as @KhunBENQ stated. PS - I am not pro app. Most of my banking is done online with a pc. I don't use apps for my home country banking and only started recently in Thailand for ease of paying utility bills as most, for me, cannot be paid online. 1 Link to comment Share on other sites More sharing options...
KhunBENQ Posted December 25, 2022 Share Posted December 25, 2022 11 minutes ago, topt said: Anyway good luck to a casual thief stealing my phone and being able to crack the 6 digits before I have disabled access. Haven't tried but I assume that there is lock after x failed attempts. My home country bank is very strict. After 3rd failed attempt I am out. Need postal mail with new data. 1 Link to comment Share on other sites More sharing options...
K2938 Posted December 25, 2022 Share Posted December 25, 2022 (edited) 10 minutes ago, topt said: I am not pro app. Most of my banking is done online with a pc. Given that there is no proper 2FA in Thailand, app seems safer than "online with a pc" because for the latter anybody can enter passwords in the internet from anywhere while to do the same with your app they would need to have your phone which is much more difficult. Also, it is generally much easier now for somebody to hack into a PC than remotely access an up-to-date phone Edited December 25, 2022 by K2938 Link to comment Share on other sites More sharing options...
KhunBENQ Posted December 25, 2022 Share Posted December 25, 2022 (edited) One thing for sure: if your phone is hacked, planting a key(board)/screen logger you have a problem. This falls under the category of Android security. Worth using common sense when installing new stuff, doing scans with some security SW (I use Avira) and doing the updates. Still for Thai banking there is the OTP hurdle over the cellular network. Additionally banks send alerts via email. Helps to find suspicious activity. Edited December 25, 2022 by KhunBENQ Link to comment Share on other sites More sharing options...
topt Posted December 25, 2022 Share Posted December 25, 2022 8 minutes ago, K2938 said: Given that there is no proper 2FA in Thailand, Please define "proper" - if I try and set up a new payee online with SCB I have to authenticate via OTP for which I need my phone? Link to comment Share on other sites More sharing options...
JayClay Posted December 25, 2022 Share Posted December 25, 2022 4 hours ago, Negita43 said: So called two factor authentication on one device seems paradoxical to me Not really. The point of 2 factor authentication is proving who you are by something you know (your password) with something you have (your phone). It doesn't matter that you're using the phone both as the thing you have and to input the thing you know; you've still proven both to be true. Which can't be achieved by 1 factor authentication. 1 Link to comment Share on other sites More sharing options...
K2938 Posted December 25, 2022 Share Posted December 25, 2022 16 minutes ago, topt said: Please define "proper" - if I try and set up a new payee online with SCB I have to authenticate via OTP for which I need my phone? OTP is a very very weak level of protection which is very easy to get around and has therefore generally been discarded because of this in many Western countries as mentioned above. So "proper" in this means an actually well-working method of 2FA, not OTP Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now