Safer 2-Step Verification for Online Banking?

[Admiral Beez]

Sim card fraud is making the news, where someone calls your mobile provider claiming to have lost or damaged the SIM card. After obtaining a replacement sim card that is ported to your number, the fraudsters use your email (obtained through the SIM card app and search history) to try to log in to many banks, clicking forgot password and then requesting verification code by sms text. Once they get that code, they change the password on your bank, and voila, take your cash.

AIUI, third party verification apps like Authy and Google Authenticator don’t work with Canadian bank apps. What can Canadians do to acheive safer 2-step verification? If you search online, the answers are the usual simplicstic obvious things such as don’t share your birthday online or other personal details that your cell company might ask when the fraudsters call to swap the SIM card. But really, why don’t the bank instead tie the 2-step verification to a device, rather than a SIM card?

 

[Johnny Au]

An alternative is the use of personal questions.

I use personal questions for an app for one of the Big Five Canadian banks and not the two-step verification.

For example, if one never had a pet in his/her entire life, one can make up the name of a pet for the question of the name of the first pet.

Alternatively, if one has no interest in sports, one can make up the name of a sport for the question of the favourite sport.

 

[SunriseChampion]

I get around this by being unpalatable to creditors and keeping my money to myself. ☺

 

[Admiral Beez]

https://twitter.com/x/status/1193879817067859971

 

[Admiral Beez]

Visited my local TD branch manager on the weekend and voiced my concerns on security. He said something is about to be launched to address this.