And I shall point out that when I called I was told that without an app I can only make transfers within the bank, not to outside accounts. II was told the same in my branch. Surely if SMS is available and I have a smart phone, listed with the bank, why have I not been offered it?
Maybe I am seeing this all wrong.
But to me:
(1) It is one thing for an app not be able to be downloaded to a certain phone, because the phone and app are seemingly incompatible; and
(2) It is another thing altogther for an app to be downloaded successfully but for 2FA not to work for one reason or another.
Your point on term deposit I don’t thing hold water. Regardless of what the staff member said to me when opening it months ago - he who is no longer employed I understand - another person who I met in 3 weeks before maturity assured me verbally and in writing that I would be contacted before maturity.
I have learned in the past that many judges and Tribunal members do not take every company’s T&Cs as gospel.
Please read the T&Cs associated with the term deposit. You agreed to these T&Cs when setting up the term deposit. Unless you had written confirmation of different arrangements, these T&Cs apply.
Please read the link to the HSBC in my previous post. They will not have given you alternatives as you had
If you didn’t or advised you can’t use your smart phone for some reason, I am sure their customer service team would have tried to find an alternative solution for you. As they referred to their 2FA app, you must have told them you had a smart phone. Their 2FA appears to be the preferred (recommended) solution to those with smart phones.
Did you approach the bank and advise you were having difficulties installing/using their app?.. or did you throwing your hands in the air trying to find complaint for why the app not working as you hoped it would.
I am sure if you did approach HSBC, these alternative options to the 2FA app you appear to be struggling with may have been tabled.
Your answers indicate you bank with a competent financial institution. Of course I mentioned my complaint about my smart phone not being able to download the app at every contact point I had. The contact centre tried to help but could not explain why I could not download the app. Note I did not know of the SMS option, that you mentioned was in the T&Cs, when I called the contact centre. The very polite woman did not mention it either. Maybe it’s no longer offered? As stated earlier, my branch manager when made known of my app issues was quick to suggest I visit a branch. He did not offer a SMS alternative or any alternative.
My earlier point I think remains valid.
The bank knows I have a smart phone and can receive SMSs. How else do you explain the SMS I received when the funds in the term deposit were said to be moved to my transaction a/c? I took a screenshot of that SMS.
Well has the original issue, that is being unable to withdraw money from your account, by either cheque or cash, or Internet banking transfer been resolved?
Now that you have been directed to the steps you can take to enable MFA for Internet banking without a smart phone app?
I think you are. By your own statement, your money is trapped in a bank and it is costing you money - but arguing here will not resolve that. Only talking to HSBC can resolve that.
I think it is unreasonable to expect you to get a new mobile phone just to get your funds. You should go back to the bank cheque option. There is no reason why a bank cheque will not work. You are of course refusing to use a bank cheque - and that is your choice.
The next time you are upgrading your phone, I think you should consider carefully whether the operating system on your current phone is a good choice. I expect you will have more and more problems with a phone that is not either Android or iOS. That is regrettable, unfortunate, but it is likely to be reality.
I can’t speak for HSBC specifically but across all banks and indeed all entities that are interested in security … SMS is considered deprecated for this purpose i.e. sending security codes via SMS is obsolete, no longer adequate security, not best practice.
That doesn’t absolutely mean that it is no longer available as an option but it may be discouraged and it may never be offered (i.e. you have to ask for it if it is available at all).
You should assume that SMS will eventually completely cease to be an option at all. (For example, my bank no longer offers SMS for 2FA and instead the choices are app or RSA token. I chose the latter. Far more secure, far more private. The only downside is that realistically I will only be able to do banking at home, not “on the go”, but that’s fine with me.)
Regarding the term deposit, it is not unusual for a bank to roll over a term deposit automatically or even to create one to hold funds, if there is a problem with the disposition of the funds. This is done to benefit the customer, rather than having large sums of money lying around doing nothing (earning no interest), which undoubtedly would cause customer complaints. You are unlikely to be worse off for having the TD, as compared with the funds earning no interest at all - until this problem is resolved.
What? RSA tokens are little things that can fit on your keyring. Or in your pocket. They can go wherever you go.
As for SMS being ‘deprecated’. Your personal opinion, not fact. One time MFA codes via SMS message are just as secure provided they are suitably time limited, and of course the phone is in the possession of the rightful person. Exactly the same as RSA tokens.
One RSA token does - but if extrapolated to every entity that I deal with (banks, telcos, …), it will not scale well, as it were.
And that is surely an excellent argument why RSA tokens are a dead technology. Either replaced with the similar thing on smart phone apps, or signon server generated one-time codes delivered by SMS.
It is at minimum an opinion held by recognised experts e.g. NIST blog clarifies SMS deprecation in wake of media tailspin | ZDNET (note the age of that article, this is not a new thing) or (following up) 2021: The Year of Ditching SMS OTP as 2FA? - IPification
however at the end of the day the only relevant aspect is what Australian banks actually say and do. Here’s what one bank says in Understanding MFA
Advancements in technology also mean that options such as the use of SMS to deliver a second factor have been deprecated
If you bank with CommBank and they say it is deprecated then that is a fact. Your bank may or may not have said the same thing.
Just needs a token that can hold the necessary shared secrets for N different, unrelated, entities. That will always be more secure than a smart phone (which has a massive attack surface).
You know what happens next. Mods will spin this off to a new topic.
If we stick to SMS, we might be safe - because the OP did ask why SMS was not offered as an option. I’m just providing the background for why SMS for 2FA is dying / deprecated or dead (depending on the bank, or other entity).
I am not at all sure that the question was asked by the OP. That is can the security code be sent by SMS?
Clearly the bank does this, and clearly the Internet banking application lets the user set up such authentication.
It seems it more about an app that wouldn’t download onto a phone.
Or a cancelled bank cheque? Or notice of TD maturity not given?To tell you the truth I can’t really make head or tail of what the problem actually is? Please let me know if you can figure it out
If you scroll up to post 46 in this topic (a post by me), you will see I quoted the very question from the OP.
I do not refuse a bank chq. I refuse to lose wages by going out of my way a third time to and from a branch just to get the chq. I have dealt with other banks who gladly do an EFT on my behalf, with only an email from me required.
As to the phone, it is 3 mths old. For that I have the receipt! My other banks do not demand I use an app in order to use online banking. There is no way I would upgrade a perfectly fine phone that works for all my requirements except this particular bank. If the matter is not solved soon I will as stated earlier close the account (even if that means venturing into a branch) and ask for the funds to be sent by EFT. I doubt they will have the cheek to charge me the $20 bank chq fee.
Gaby the issue is simple. A TD matured and three weeks before maturity I was told that I would be spoken to before maturity and given indicative roll over rates. I asked for this in case I wanted to move the funds, in the event the bank’s rates were lousy.
I was not called or emailed before or AT maturity. I chased the bank up on maturity and they said they’ll get back to me with rates asap. They got back to me after 6pm. Too late to move the funds elsewhere and too late to roll them over if the rates were good.
For the next few days I could not do anything with the funds because I was told the TD “was rolled over”. I did not do so, the bank can’t tell me who rolled it or even for what duration.
Dare I ask which banks these other banks are?
Bottom line: I am telling you for free, the days are coming when using online banking will mean either having a phone that is capable of running the bank’s app or (where offered) using an RSA token.
I was not suggesting you upgrade the phone, quite the opposite. I was suggesting that when it does come time to upgrade the phone, you consider everything discussed here that relates to a choice of phone (because the situation will surely be worse by then).
Maybe you should lobby your local Federal MP to impose upon all banks a requirement to use only a standard TOTP app for two-factor authentication (security codes). That way, one app will work for all banks and you don’t have to use the particular bank’s app and it is somewhat more likely that the app will work in a wider variety of environments (e.g. more makes / models of phone).
So the the title of this topic is incorrect. This has nothing to do with accessing money from an ‘at call’ account.
It is getting your money, some or all of it, from a ‘term deposit’. That is not at call.
You can get your money. After all it is yours, but subject to the conditions of breaking the conditions of the term. At minimum that would be loss of interest.
Your complaint is really that you were not given the opportunity in time to decide what to do before the default action happened. That would be computer driven, not a decision or action taken by a branch minion.
Perhaps a post title edit is in order.