Jump to content
Login with your Gmail HERE and start posting in seconds! ×
Don't just read! Be part of the Community! Join the conversation ×

BOT tells banks to tighten IT security

webfact

By webfact
in Thailand News

 Share

Recommended Posts

jacko45k Star Member

jacko45k

Posted
Posted (edited)

Well, most of their login process for online banking isn't exactly fool proof.

Is the login process to online banking massively "secure" , complex, and unbreakable in your country of origin or is it simple and user friendly ?

One of them uses a small key-fob which generates a code required for access and some transactions.

The other is exactly the same as my Thai bank. I believe the security lies in what transactions internet banking will permit, especially transfers to a new 3rd party, which they make more stringent.

Well the bank I have in Thailand simply has a username and password. That's it.

But would that permit money to be taken from the account to an unknown 3rd party?

That usually requires a more complex routine involving a mobile phone and OTP.

Edited by jacko45k
Link to comment
Share on other sites

OnTheRun Senior Member

OnTheRun

Posted
Posted

Well the bank I have in Thailand simply has a username and password. That's it.

But would that permit money to be taken from the account to an unknown 3rd party?

That usually requires a more complex routine involving a mobile phone and OTP.

All SCB require for money transfers are your initial username and password.

Link to comment
Share on other sites
seancbk Gold Member

seancbk

Posted
Posted

Yes, signing into my K bank account is as easy as accessing my email. Standard username and password.

What would you like it to be?

If you use a good password protocol then there is no way anyone can access your account.

The only way they *could* is if they can get your username and password - its up to you to make sure they don't.

Link to comment
Share on other sites
Juan Rodriguez Newbie

Juan Rodriguez

Posted
Posted

While having someone get in to your bank account is obviously not desirable many of you are (willfully?) forgetting that the hacker still has to get the money out. I know with my KBANK account I can't look at the screen without them wanting a otp to my phone. Also its impossible for 3rd parties, like PayPal, to pull money out of your bank. Thai banks are way more secure than most other banks due to these reasons.

Link to comment
Share on other sites
sandyf Diamond Member

sandyf

Posted
Posted

Is the login process to online banking massively "secure" , complex, and unbreakable in your country of origin or is it simple and user friendly ?

One of them uses a small key-fob which generates a code required for access and some transactions.

The other is exactly the same as my Thai bank. I believe the security lies in what transactions internet banking will permit, especially transfers to a new 3rd party, which they make more stringent.

Well the bank I have in Thailand simply has a username and password. That's it.

But would that permit money to be taken from the account to an unknown 3rd party?

That usually requires a more complex routine involving a mobile phone and OTP.

I do not know about other banks but with mine it would not be possible. Funds can only be transferred to an account that that has previously set up and that requires an OTP from my mobile. Also it can only be a valid account in Thailand. Any transfers out of my accounts require an OTP from my mobile.

Link to comment
Share on other sites
sandyf Diamond Member

sandyf

Posted
Posted

The Bank of England should be saying the same thing to UK banks.

After a recent visit to the UK I had transactions on my card that I had not made. The transactions had come from an online gaming supplier so I was a bit puzzled as my card is 'Verified by Visa'. When I spoke to HSBC asked how an online transaction had gone through without the pin number and he said that not all payment gateways were using the verification software.

I then asked why if a card was verified, why did they not insist on a verified transaction? All I got was it was something that they were working on. There was no argument on the refund for the transactions.

Link to comment
Share on other sites
DiDiChok Senior Member

DiDiChok

Posted
Posted

The Bank of England should be saying the same thing to UK banks.

After a recent visit to the UK I had transactions on my card that I had not made. The transactions had come from an online gaming supplier so I was a bit puzzled as my card is 'Verified by Visa'. When I spoke to HSBC asked how an online transaction had gone through without the pin number and he said that not all payment gateways were using the verification software.

I then asked why if a card was verified, why did they not insist on a verified transaction? All I got was it was something that they were working on. There was no argument on the refund for the transactions.

Aha, but it's not the BOE's job, it's the Government's job. Clearly you don't know, but the UK Government IS TELLING all businesses to smarten up their act regarding cyber security and to become accredited if they want to supply IT.

Please go to https://www.gov.uk/ and put "Cyber Security" in the search box. There's loads of documents informing people what they're doing about cyber security.

I feel that the Thai Government has also seen this project and quite rightly, would like Thai businesses to take it on board.

Link to comment
Share on other sites
DiDiChok Senior Member

DiDiChok

Posted
Posted

I do not know about other banks but with mine it would not be possible. Funds can only be transferred to an account that that has previously set up and that requires an OTP from my mobile. Also it can only be a valid account in Thailand. Any transfers out of my accounts require an OTP from my mobile.

Ooh, you're ripe for being scammed if you think that, especially if you use a smartphone! What the scammers do is to get you to download something to your mobile that intercepts the requests and the banking codes, then they have free rein. I used to think that I was too careful and clever to be scammed but then they took my money.

Link to comment
Share on other sites
ripstanley Platinum Member

ripstanley

Posted
Posted

Well the bank I have in Thailand simply has a username and password. That's it.

But would that permit money to be taken from the account to an unknown 3rd party?

That usually requires a more complex routine involving a mobile phone and OTP.

All SCB require for money transfers are your initial username and password.

You must be using a different SCB to me.

To establish a new account to transfer to I need an OTP.

I then require an OTP to transfer the money to that account

Link to comment
Share on other sites
sandyf Diamond Member

sandyf

Posted
Posted

I do not know about other banks but with mine it would not be possible. Funds can only be transferred to an account that that has previously set up and that requires an OTP from my mobile. Also it can only be a valid account in Thailand. Any transfers out of my accounts require an OTP from my mobile.

Ooh, you're ripe for being scammed if you think that, especially if you use a smartphone! What the scammers do is to get you to download something to your mobile that intercepts the requests and the banking codes, then they have free rein. I used to think that I was too careful and clever to be scammed but then they took my money.

Thanks for that, is my Nokia 105 a smartphone?, certainly looks quite smart.

Link to comment
Share on other sites
DiDiChok Senior Member

DiDiChok

Posted
Posted

Thanks for that, is my Nokia 105 a smartphone?, certainly looks quite smart.

No your phone isn't what I would call a 'Smartphone' although it can run Java. You didn't say whether it was the dual SIM or single SIM version, but that doesn't make a lot of difference. You can see the Nokia 105 specifications here: http://www.gsmarena.com/nokia_105-5324.php and here for the dual SIM model: http://www.gsmarena.com/nokia_105_dual_sim_%282015%29-7272.php on a web site that I find useful.

You've already done what I should have done from the start, which is to use a basic phone for Bank use and as a general phone, so there's none of the nonsense on smartphones about being 'forced' to give access to companies in order to get useful software.

Interestingly, the Sunday Times today says that the Bank of England is to conduct a simulated computer attack called 'Resident Shield' to test the resilience of the global financial system. No doubt some of Thailand's Banks will be included in their project and that will benefit those in Thailand too. I've attached a scan of the article to this reply for everyone to read.

post-215178-0-82118400-1446396974_thumb.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.








×
×
  • Create New...