Banking Apps

[Negita43]

Not sure if this is the correct place but I would like some advice/pointers.

 

I am adverse to banking apps (I don't think they are safe - I prefer a PC and a phone based OTP - two factor).

Anyway, I recognise when i cannot win so I am looking at the best way of succumbing with least risk so I have some Q's for the "technology advanced members" amongst us:

1. If I install the apps on a spare phone which will never leave my property does it have  to have a sim in it?

2. If it does - does the sim only have to be in for the set up and installation of the app or does it always have to be in the phone (ie can the app be used over WIFI).

My assumption is that it does as if they send OTPs then that comes via a mobile but to be honest I just am not clear how these apps work so some clarification would be appreciated..

 

Please let's no go down the Luddite route - it's a simple question not a criticism of you app lovers for banking.

[Polar Bear]

You can receive an OTP on another phone and just type it into the app manually, but a lot of smartphones won't work without a SIM card anymore, and even if it does, the app may require you to connect using the SIM sometimes, rather than wifi, as a security measure. 

[lamyai3]

1 hour ago, Negita43 said:

Not sure if this is the correct place but I would like some advice/pointers.

 

I am adverse to banking apps (I don't think they are safe - I prefer a PC and a phone based OTP - two factor).

Anyway, I recognise when i cannot win so I am looking at the best way of succumbing with least risk so I have some Q's for the "technology advanced members" amongst us:

1. If I install the apps on a spare phone which will never leave my property does it have  to have a sim in it?

2. If it does - does the sim only have to be in for the set up and installation of the app or does it always have to be in the phone (ie can the app be used over WIFI).

My assumption is that it does as if they send OTPs then that comes via a mobile but to be honest I just am not clear how these apps work so some clarification would be appreciated..

 

Please let's no go down the Luddite route - it's a simple question not a criticism of you app lovers for banking.

Apps are becoming the only online option available, SCB and Krungthai are just two banks who've done away with their online banking in recent months. The apps do work over Wi-Fi and an OTP is only required for certain functions (eg. cardless withdrawals which needs the sim there in the phone), but for many things it's not needed. You'll need to visit the bank with passport and bank book to set up the app in the first instance. If you do use a spare phone make sure it's not too old - on Android some of the bank apps only run on the more recent versions. 

[scubascuba3]

As long as you use a password on your outside phone it's not a risk to have the apps on that phone. Handy for cardless withdrawals, payments via scanning, etc

[OneMoreFarang]

1: yes, the initial internet connection must be by mobile network

2: after that I am pretty sure you don't need a SIM anymore. You can use WLAN.

[markwhite]

Same as you in that I resisted the need to move to a "phone for everything" as opposed to using a PC where I could control the environment the software ran in. But after Krung Thai removed their web front-end to online banking and went app only, I've installed and activated the app. And notwithstanding any insecurities which are not immediately obvious from casual use, it is useful. Booked some plane tickets in person on Sunday and scanning a QR code on the counter-top device and checking the transaction was right before hitting "Confirm" was a lot easier than making 4 withdrawals from the ATM and giving them cash. Same with household bills. I'm reluctantly seeing the benefits...

 

Anyway (for Krung Thai app)

 

1) It'll work over wifi or mobile data, so if you're only using wifi you should be fine (don't remember if it was mobile data only for install as suggested by OneMoreFarang)

2) Wifi only is fine.

 

There is no OTP. On install it requires a Thai ID card number, and should accept the NDID thing that farang can't get, so I did have to visit the bank branch to get it activated. The cashier knew what she was doing and it was painless. By default she set it to a fingerprint check for each transaction, though I changed that to use a PIN instead. So no OTP, but other secondary permissions are needed (though possibly could be disabled completely).

[digbeth]

Kbank require connection over sim card with the same number you registered with as to have the packet header they see match your number they have on file, so you can't connect using wifi or use the app on any other phone, I think afterwards you can toggle it to be able to connects over wifi

[bamnutsak]

5 hours ago, Negita43 said:

Not sure if this is the correct place but I would like some advice/pointers.

Every bank's app can be slightly different so it would help if you identified a specific bank(s).

 

5 hours ago, Negita43 said:

1. If I install the apps on a spare phone which will never leave my property does it have  to have a sim in it?

Generally speaking, Yes. If only to register the device (IMEI) with the Bank's app. Some banks here do NOT allow registration of the App over Wifi, although after registration the app can be used over mobile data or WiFi. Generally speaking you would need to register that phone number with the bank, often in person. Subsequent two factor authorization (2FA) may be accomplished via an SMS OTP code transmitted to that number, or by local (app) authorization (fingerprint). Most bank apps here now only allow the registration of one single device (BBL used to allow multiple devices).

 

5 hours ago, Negita43 said:

2. If it does - does the sim only have to be in for the set up and installation of the app or does it always have to be in the phone (ie can the app be used over WIFI).

Depends on the Bank/app. But I answered this in my post above. 

[WorriedNoodle]

My phone finance apps need a SIM with registered phone number linked to finance company inserted, even when running internet access over WiFi. Many apps now needed fingerprint or even facial recognition also, much easier on a smart phone. Even finance web sites are now asking for confirmation by smartphone to access web site with a PC.

Edited September 5, 2023 by WorriedNoodle

[Liverpool Lou]

7 hours ago, lamyai3 said:

Apps are becoming the only online option available, SCB and Krungthai are just two banks who've done away with their online banking in recent months.

No, apps are not "becoming the only online option".  Just two Thai banks out of many, i.e. a small minority, have gone down that route and none of the others have indicated that they would be following suit.

Edited September 5, 2023 by Liverpool Lou

[NotEinstein]

I use a simless phone on wifi for bangkok bank and barclays, as well as shopee.

[The Fugitive]

8 hours ago, Polar Bear said:

You can receive an OTP on another phone and just type it into the app manually, but a lot of smartphones won't work without a SIM card anymore, and even if it does, the app may require you to connect using the SIM sometimes, rather than wifi, as a security measure. 

Good info thanks! Using another mobile and manual typing into the app works for me whilst in UK. I suppose if the banks eventually limit access to via SIM only, enabling mobile data whilst roaming should solve that, albeit at our cost.  

[CanadaSam]

Slightly off-topic, but if you're worried about people getting into your main account, why not simply open another account with mobile app access, and transfer money into that account whenever you need, via PC or ATM or Branch, or whatever?

[Polar Bear]

31 minutes ago, The Fugitive said:

Good info thanks! Using another mobile and manual typing into the app works for me whilst in UK. I suppose if the banks eventually limit access to via SIM only, enabling mobile data whilst roaming should solve that, albeit at our cost.  

It's my UK bank that occasionally (a few times a year) insists I connect via mobile data, and that's what I do. Enable roaming, make the connection, turn it off again, and that seems to keep them happy for a while.

[The Fugitive]

1 hour ago, Polar Bear said:

It's my UK bank that occasionally (a few times a year) insists I connect via mobile data, and that's what I do. Enable roaming, make the connection, turn it off again, and that seems to keep them happy for a while.

WoW! Thanks for the warning. I don't maintain an active UK SIM whilst in Thailand. My UK institutions all have my virtual UK mobile number with 'VYKE'. Therefore, I need to obtain a pre-pay UK SIM such as Giffgaff. Would the UK bank be able to tell that the UK mobile number of the data connection differed from the UK mobile number upon my account? Or would that not matter? 

[Polar Bear]

I honestly don't know. Natwest closed my UK account when they found out I was living overseas, so I'm very careful not to let UK banks know now. I use a VPN to connect, and if I have to use a SIM, I turn off my Thai one and use my UK one (Tesco Mobile, if it matters). That's probably overkill, but I'm not really sure what these 'security checks' are, and I don't want to draw attention to my setup. 

[scubascuba3]

39 minutes ago, The Fugitive said:

WoW! Thanks for the warning. I don't maintain an active UK SIM whilst in Thailand. My UK institutions all have my virtual UK mobile number with 'VYKE'. Therefore, I need to obtain a pre-pay UK SIM such as Giffgaff. Would the UK bank be able to tell that the UK mobile number of the data connection differed from the UK mobile number upon my account? Or would that not matter? 

I use a giffgaff number for UK banking, when logging on i use a UK VPN, some free apps available for low data use so no need for a monthly or yearly fee

[JackGats]

Not all apps work with OTPs (sms-TANs). When they do it is probably safer to have the sim on another phone as the likelihood that someone hacks both your devices is small. This also applies to emails (use for example gmail on one phone and get recovery OTPs on another).

 

The trend now is for banking apps safety to rely solely on the biometrics of the phone.

[Moonlover]

15 hours ago, Negita43 said:

I am adverse to banking apps (I don't think they are safe - I prefer a PC and a phone based OTP - two factor).

If you do an on line trawl of opinions on this topic, you will find that mobile banking is regarded as more secure than on line banking.

 

Mobile bank does have two factor security built into it. Step one being that the bank interrogates the device that the log on request is coming from and if it doesn't recognize the device, access will be denied. Compare that with the fact that 'on line' banking can be accessed from any device, anywhere in the world!

 

Step two, of course is the correct passcode. There is also, very often a step three in that you cannot actually move money without some extra security input.

 

I use mobile banking all the time now and do not have any concerns about it.

[The Fugitive]

44 minutes ago, Moonlover said:

If you do an on line trawl of opinions on this topic, you will find that mobile banking is regarded as more secure than on line banking.

 

Mobile bank does have two factor security built into it. Step one being that the bank interrogates the device that the log on request is coming from and if it doesn't recognize the device, access will be denied. Compare that with the fact that 'on line' banking can be accessed from any device, anywhere in the world!

 

Step two, of course is the correct passcode. There is also, very often a step three in that you cannot actually move money without some extra security input.

 

I use mobile banking all the time now and do not have any concerns about it.

I agree. Limiting one account per device has to be more secure. Have recently opened current accounts, savings accounts and taken out a credit card with some of the new 'Neo Banks'. They are mobile app access only, no web service available.

[paddypower]

23 hours ago, Liverpool Lou said:

No, apps are not "becoming the only online option".  Just two Thai banks out of many, i.e. a small minority, have gone down that route and none of the others have indicated that they would be following suit.

thats right. I am in the process of switching away from scb, to Bangkok Bank ( wont repeat the features and advantages which being able to use both a mobile app and a pc app, which this bank allows. I'll keep the sbcEASY app, as I have money coming in and going out of several scb accounts regularly. but i have a question - scb just sent me a message to say that in a weeks time they would be updating/upgrading their facial recognition software. anyone know what that will mean to an EASY user? 

[Liverpool Lou]

53 minutes ago, paddypower said:

i have a question - scb just sent me a message to say that in a weeks time they would be updating/upgrading their facial recognition software. anyone know what that will mean to an EASY user? 

Presumably in a week's time they will tell you but have you asked them?    They do have a call centre,

[Polar Bear]

SCB already has a 50k limit for transactions without face recognition. As far as I know, it just means they are just improving the facial rec abilities of the app. I haven't been to the branch to sign up for facial rec, so I have to keep transactions below 50k now. Maybe the update will let us self-register, though I probably still won't.

I thought that was a Thai requirement. Is it actually just something SCB has implemented?

[GroveHillWanderer]

On 9/5/2023 at 2:57 AM, Negita43 said:

1. If I install the apps on a spare phone which will never leave my property does it have  to have a sim in it?

2. If it does - does the sim only have to be in for the set up and installation of the app or does it always have to be in the phone (ie can the app be used over WIFI).

I can't speak for other apps but for Kasikorn bank's K+ app, you have to have a SIM in for first use and be working on cellular data only (not WiFi). After that you could presumably remove the SIM.

 

[paddypower]

4 hours ago, Polar Bear said:

SCB already has a 50k limit for transactions without face recognition. As far as I know, it just means they are just improving the facial rec abilities of the app. I haven't been to the branch to sign up for facial rec, so I have to keep transactions below 50k now. Maybe the update will let us self-register, though I probably still won't.

I thought that was a Thai requirement. Is it actually just something SCB has implemented?

that answer is a big help.  i'll have 2 large ins. premium payments due this month. so i had better do that sooner rather than later. 

[paddypower]

4 hours ago, Liverpool Lou said:

Presumably in a week's time they will tell you but have you asked them?    They do have a call centre,

whats it like, up there in your ivory tower ????

[Everyman]

For Bangkok Bank:

 

1. No

 

2. N/A 

 

But it makes no difference if it does have a SIM or doesn’t. People read about some obscure vulnerability in ios or android and get the wrong idea about security on those platforms. The mobile banking apps are much more secure than on a PC running Windows. 

[Liverpool Lou]

1 hour ago, paddypower said:

6 hours ago, Liverpool Lou said:

Presumably in a week's time they will tell you but have you asked them?    They do have a call centre,

whats it like, up there in your ivory tower

What's it like not understanding the real meaning of being in an ivory tower?   I assure you, I know exactly what's going on in the real world.

 

And what's it like not understanding that I gave you an easy way to get the real answer to your question without having to rely on 100% AN poster speculation?

Edited September 6, 2023 by Liverpool Lou

[Negita43]

9 minutes ago, Everyman said:

But it makes no difference if it does have a SIM or doesn’t. People read about some obscure vulnerability in ios or android and get the wrong idea about security on those platforms. The mobile banking apps are much more secure than on a PC running Windows. 

I do not see how a single device (everything on mobile phone - once lost/stolen they can be hacked) approach is more secure than a two device system (access via pc/notebook confirmation by OTP to phone - lose one device but someone only has half of what's required for access to the account.

[Everyman]

7 minutes ago, Negita43 said:

I do not see how a single device (everything on mobile phone - once lost/stolen they can be hacked) approach is more secure than a two device system (access via pc/notebook confirmation by OTP to phone - lose one device but someone only has half of what's required for access to the account.

Because Windows is an unsecured platform that easily picks up spyware, key loggers, etc.

 

And nobody is going to be able to hack your stolen iphone unless they are the government and even then it will be hard. Report it stolen and Apple will brick it, then nobody is getting your data.