I just installed Kbank app on new phone

The only thing i needed to do was type in passport nunber and my bank account number

Now I am able to transfer all funds out of my account.

 

This is incredibly bad security. Heads up

16 minutes ago, CrossBones said:

Now I am able to transfer all funds out of my account ... Heads up

As long as you enter the correct six-figure PIN for security.  Heads up.

30 minutes ago, CrossBones said:

The only thing i needed to do was type in passport nunber and my bank account number

You also needed to be using mobile data from the phone number that is linked with the account. So that's something, at least.

13 minutes ago, Liverpool Lou said:

As long as you enter the correct six-figure PIN for security.  Heads up.

Don't you create the pin code at the point you install the app, though?

41 minutes ago, CrossBones said:

I just installed Kbank app on new phone

The only thing i needed to do was type in passport nunber and my bank account number

Now I am able to transfer all funds out of my account.

 

This is incredibly bad security. Heads up

Take my phone and show me...

36 minutes ago, CrossBones said:

I just installed Kbank app on new phone

The only thing i needed to do was type in passport nunber and my bank account number

Now I am able to transfer all funds out of my account.

 

This is incredibly bad security. Heads up

I'd transfer all of my money out of Kbank.  At a minimum it should be asking for your account PIN, which is still pathetic security.  This is exactly why I prefer using a web-based computer app VS Android.  You can set high security password on your account access via a web app.  Yeah - that's pretty bad.

it does ask for a live face photo,  if doesnt match on record no access

the account pin is the same number as the phone pin. So you can set it up on any phone and use your phones pin number..

Yes it needs mobile data not wifi, but it could be from any sim card. How can the app know if the mobile data is from the registered sim number. It doesnt seem possible (havent tested it).

 

47 minutes ago, thaitom said:

it does ask for a live face photo,  if doesnt match on record no access

It didnt ask me that And if it did what is issue with a photo of your face

1 hour ago, JayClay said:

Don't you create the pin code at the point you install the app, though?

-

I installed the K-Plus App a couple of years ago. I know I had to go to an ATM machine with my ATM card, obviously enter my ATM PIN on the ATM machine and then I had to follow a few steps in part on the ATM machine and in part on my phone to enable the app. This had to be done with a mobile connection, not WLAN.

Now, whenever I want to transfer money on my app I need to open the appl, which in my case requires my fingerprint. And then I have to enter a PIN to allow the transaction.

 

I think that is reasonable security. Actually, it is more secure than transferring money in an ATM machine. 

Is it top security which can't be hacked? No. But the problem is most users accept some security but they don't use apps with very high security.

Many people would change their bank to another bank with less security if it would be too high security to transfer money. 

1 hour ago, CrossBones said:

It didnt ask me that And if it did what is issue with a photo of your face

when you change to a new phone stick in your simm that is registered, passport and account and pin , you are also asked to send a live view of your face that is also with your account.   there is no issue.  just saying its not as easy as passport number and account number.     got it ?

Just now, thaitom said:

when you change to a new phone stick in your simm that is registered, passport and account and pin , you are also asked to send a live view of your face that is also with your account.   there is no issue.  just saying its not as easy as passport number and account number.     got it ?

it had to of asked you that when you switched phones.   i just did recently

3 hours ago, JayClay said:

3 hours ago, Liverpool Lou said:

As long as you enter the correct six-figure PIN for security.  Heads up.

Don't you create the pin code at the point you install the app, though?

I'm sure that you probably do but the PIN can be changed at any time after installation.

3 hours ago, thaitom said:

it does ask for a live face photo,  if doesnt match on record no access

Kasikorn phone app does not require facial recognition for non-Thais to make transfers.

13 hours ago, CrossBones said:

Yes it needs mobile data not wifi, but it could be from any sim card(1). How can the app know if the mobile data is from the registered sim number(2). It doesnt seem possible(3) (havent tested it).(4)

1. No it couldn't.

2. I don't know exactly, but it's possible

3. It is

4. I have

11 hours ago, Liverpool Lou said:

I'm sure that you probably do but the PIN can be changed at any time after installation.

Only if you enter the old pin first...

23 hours ago, CrossBones said:

the account pin is the same number as the phone pin. So you can set it up on any phone and use your phones pin number..

Why would you want to use the same pin - have you never heard the advice about not using the same password on multiple sites......

 

23 hours ago, CrossBones said:

How can the app know if the mobile data is from the registered sim number.

You only normally have to use mobile data for the initial set up with the correct sim card - number already registered to your account.

After that you should be able to use on wi fi including taking the sim card out and not having it in the phone - which is what I do with SCB app.

 

The app may also be registering the IMEI no. of the phone as a further check - not sure on that.

Having K bank for many years ...., i moved back to my E.U. home country ....and strange enough i can still use and enter K+ app on my E.U. country sim  ....! but still using it in the same smart phone witch i used the Thai sim in it at first ....(this using by  WIFI connection )

 

Thai sim now in a old "dumb phone " who is normal in off mode , but when on  i can still get sms to confirm my reload by using K bank . (of course by AIS mobile connection in roaming using mode )

 

I would expected that i only could use K+ on the Thai sim witch was used when installed first time K bank ....?

 

So it must work on the identification of the Smart phone ...IMEI number probably

 

Also can have normal confirmations by email om smartphone who using E.U. sim (non Thai sim)

well, crossbones, you are spreading fake news...irritating.

k-bank plus you need a account nr., phone nr., fingerprint or pin code, bank acc code, all pre registered with the bank.

k-bank plus is rated with the highest security you can get...

On 9/15/2023 at 1:53 PM, CrossBones said:

I just installed Kbank app on new phone

The only thing i needed to do was type in passport nunber and my bank account number

Now I am able to transfer all funds out of my account.

 

This is incredibly bad security. Heads up

This is an incredibly incorrect post.  heads up.

 

PH

On 9/15/2023 at 2:37 PM, connda said:

I'd transfer all of my money out of Kbank.  At a minimum it should be asking for your account PIN, which is still pathetic security.  This is exactly why I prefer using a web-based computer app VS Android.  You can set high security password on your account access via a web app.  Yeah - that's pretty bad.

So true connada, accessing a bank account on a smart phone is a high security risk.

On 9/15/2023 at 3:24 PM, JayClay said:

You also needed to be using mobile data from the phone number that is linked with the account. So that's something, at least.

You also need to know the pp that you opened the account with or pp last shown to KBank staff when updating personal data 

Just now, HK MacPhooey said:

You also need to know the pp that you opened the account with

I was never asked to provide a specimen :)

On 9/15/2023 at 3:51 PM, CrossBones said:

the account pin is the same number as the phone pin. So you can set it up on any phone and use your phones pin number..

Yes it needs mobile data not wifi, but it could be from any sim card. How can the app know if the mobile data is from the registered sim number. It doesnt seem possible (havent tested it).

 

You should test then. AFAIK you have to register your phone number with the back before you can use the app. Also, as someone already mentioned there's facial recognition for big transactions.

I used both personal and biz apps of kbank. With the biz app you have to log in using the data every couple of months in order to enable wi-fi transfers to accounts not on your favourite list

On 9/15/2023 at 3:51 AM, CrossBones said:

the account pin is the same number as the phone pin. So you can set it up on any phone and use your phones pin number..

Yes it needs mobile data not wifi, but it could be from any sim card. How can the app know if the mobile data is from the registered sim number. It doesnt seem possible (havent tested it).

 

I what you wrote in your original post is not 100% correct you might be wise to delete or at least edit it.

Anything these days without 2 step verification is very risky. You need a text message sent to your phone to confirm the login.