New online security checks exclude people without mobile phones or decent signal

Correct

But that doesn’t alter the fact that they are essentially lying about it all.

What security advantage does texting a verification code to your mobile have over the previous method of asking you to provide characters from a password when making online transactions?

It’s a total nonsense and another step towards total loss of privacy.

My online login has moved from username…password…and relatives middle name…to my thumbprint…immediate access to all my accounts

Far easier to fake a fingerprint than find out someone’s password. Madness.

Really? Tell me more…but wait…let me adjust this tin foil hat

Your fingerprints are all over this post Rehab. I’ll be sneaking into your account later today. :-p:-p

Sigh

A few simple examples going back as far as 2008

3 Reasons to Never Use Fingerprint Locks on Phones

"#1 People can hack your fingerprints (and scanners)
We leave fingerprints behind everywhere we go: on doorknobs, on railings, on cups and glasses, on keypads, on screens, in photos—you name it. So there are lots of places hackers can harvest this supposedly uncrackable password.

The Chaos Computer Club demonstrated this as far back as 2008. To protest a German politician’s proposal to implement biometrics, the club used a photograph to recreate his fingerprint. In 2013, it used latex to create a fake finger to open a lock. More recently, the approach has been repeated with playdough and Elmer’s glue, highlighting just how easy it is becoming to recreate physical prints.

Worse yet, fingerprints can also be hacked virtually. At the 2015 Black Hat convention in Las Vegas, a couple of security experts demonstrated a number of hacks for fingerprint locks. They built an app that mimicked a phone’s unlock screen; when used by the victim, it could approve a financial transaction. They pre-loaded fingerprints onto the phone, enabling access. They showed it was relatively easy to rebuild a fingerprint from the file used to store it. And they hacked the scanner itself, allowing them to grab fingerprint images whenever used.

#2 You can change your password — not your fingerprints
This is so basic it is often overlooked. When my email account was hacked several years ago, I changed the password and the problem went away. But if someone were to hack my fingerprint, they would always have it.

Think about what that means. Fingerprints are forever. Once the bad guys have them, they can keep using or selling them to other bad guys. This is particularly disturbing when you consider how many government organizations collect fingerprints and the increasing number of private firms using it for authentications.

#3 Police don’t need your permission to unlock a phone with biometrics

It is also important to remember that we are not always in control of our own hands. All someone has to do to get you to unlock your phone is press your fingers against the screen.

This has been allowed in the US, where a judge granted a search order to police officers in Glendale, California. The position is that a fingerprint is “physical evidence”, akin to a physical key, which can be gathered as evidence or demanded by court order. Moreover, fingerprints are readily available because they are routinely collected as part of basic police and legal procedures. And because fingerprints are physical and not “testimony”, they are not protected by the Fifth Amendment’s clause on self-incrimination.

Not so passwords and PIN codes. Forcing a person to show you something “in their mind” is testimonial, and thus coercion is prohibited. Large tech companies (including AVG) make a similar argument about corporate information. Fighting the FBI to a largely unresolved standstill over access to the phone used by the San Bernardino terrorist, Apple made the legal argument that the FBI was attempting to force Apple to speak — and speak against its own interests, something that should not be allowed. The FBI dropped the case after paying a third party to hack the phone. While rent-a-hacker proved effective, it also proved rather expensive; and for the time being, most cases are unlikely to warrant such an investment.

Still, it is within the realm of possibility that law enforcement agencies could force or coerce manufacturers to include back doors to devices for harvesting prints through fingerprint locks."

No 2 there is the most important to understand.

There is simply no going back once someone gets hold of your fingerprint. Game over.

Because of that even a dimwit can see that this whole fingerprinting usage will, in no time at all, just collapse as more and more people fall foul of having had their fingerprints hacked. Once that happens in enough numbers the fingerprint system will be removed, abolished.
Of course by then a whole raft of the population will have unwittingly volunteered their fingerprints to any number of national databases like criminals, bagged and tagged forever.

Another load of concerns here:

"Security experts discovered that HTC One Max and Samsung Galaxy S5 smartphones stored fingerprint images in an unencrypted, readable-by-any-app .bmp file — just as a common bitmap picture. Any software, which has access to user’s pictures and Internet, could steal them. Developers produced a patch soon after the discovery but who guarantees that they won’t make similar mistakes with new phones and OS releases?

Moreover, many smartphones have poorly protected sensors, which let malware get the pictures right from the fingerprint scanners."

What load of ill informed, googled bollox.

So simple… Just use a different finger.

hahahahahahahahahaha

hahahahahahahahahaha

breathe . . . . . .

hahahahahahahahahaahaha

Naturally once 10 fingers are up you can start using your toes

Sheesh !

Perhaps in the future we will be able to buy fingers.

It’s like dealing with a child! You have already shown your total ignorance of capacitive scanning yet here you are again.

I think your tinfoil hat has fallen off or slipped over your eyes. How many people get their phone hacked twice never mind 10 times?

Come on Google some stats.

People unless afflicted only have 8 FINGERS

:mrgreen: Just keeping you on your toes Baz. :mrgreen:

I have, today, received formal notification, from Santander, of a change to the log in procedures for online banking (to use app ID or OTP) but no date for introduction has been specified … :102:

I’m guessing that it’s 14th September, though … :wink:

Update:

Online shopping anti-fraud scheme delayed

https://www.bbc.co.uk/news/business-49332023

13 August 2019

The FCA, in line with European counterparts, is easing the mid-September deadline.

The regulator said that it would not enforce the rules for a further 18 months, where providers could show evidence that they were “taking steps” to comply with the system.

A lack of preparation, complexity of the system, and the potential impact on consumers were given as reasons for the delay. The FCA will also review the way the system is planned to work.

Analysts said the decision would be met with relief in the affected industries.

Jeremy Drew, co-head of retail at law firm RPC, said: "Retailers are going to be delighted that the FCA is taking a pragmatic approach to enforcement of SCA.

“There has been real concern that some of the security solutions being offered to retailers were going to be so jarring to consumers that they would abandon purchases at the online check-out stage.”

Common sense prevails, perhaps … :069:

Scam alert: fraudsters exploit new online security checks with phishing attacks

Watch out for fake emails taking advantage of strong customer authentication

Scammers are mimicking new security measures designed to keep you safe online, by sending fake emails that attempt to steal your banking credentials and personal data.

Banks, card providers and retailers across the EU are asking customers to provide up-to-date contact information, as part of new checks for online card payments known as strong customer authentication (SCA).

Fraudsters are imitating these messages, aiming to get hold of your details at a time when you may be expecting these requests and so let your guard down.

:shock:

I have already avoided several of these. If anyone wishes to change their details, log into your bank, not the link provided on the email.

It will never be a problem for me because I only order by direct voice contact with customer services from the company I wish to do business with.
Last week I rang eFoam for a set cushion core replacements; they took my name + address, the size details + type and then they quoted me the delivered price. I agreed, gave them my CC details then the code on the rear, then they advised me the signed for delivery would be in two days time together with my order number.
All very easy from my point of view and it arrived as expected :thumbup:

I was in NatWest yesterday and asked them about this. Was told it only applies to those who already have a mobile cell phone number registered with them. If you do not give them a number or have your existing one removed - nothing will change. Had to order a DVD from Amazon - just to check this out - and the order went through OK - no problem. Thinking this may be just because I am known to Amazon anyway - I later ordered some craft supplies from a company I had not dealt with before - that order also went through OK. Hadn’t realized it applied to card use as well but had used my debit card in town yesterday - without a problem.

We bought a twenty quid PAYG phone for this purpose only.