A bank spokesperson told iTWire, in response to a query, that the change was being made in order to "ensure that all our customers have the highest level of security when it comes to e-banking".
"e-banking security for all our customers is being upgraded as we replace traditional security tokens with modern multi-factor authentication (MFA) technology," the spokesperson added.
The spokesperson ignored these additional queries:
"Is this shift driven by the bank's desire to harvest the details of its users?
|
"In what respects does the current 2FA token lack when compared to the app?"
The first query was prompted by the fact that many institutions switch to mobile apps to milk customer details for marketing purposes.
Nineteen years ago, I wrote about the bank's decision to introduce the security token; it cost me $15 to buy one and use it until it stopped working about three or four years ago. The bank supplied a free replacement when the token stopped working.
With that token, one goes to the bank website, enters an access ID and a password and then presses the token to generate a six-figure security code. Fresh codes have to be generated when making payments.
The new procedure is more cumbersome as one has to switch between the desktop site and one's mobile phone in order to effect authentication. But then the bank does not offer a choice of authentication methods.
The security token offers a new code every time; with the mobile app one has to tell the desktop site that one is indeed whom one is claiming to be, and then input a four-digit code which is set up at the time one makes the switch.
The same procedure has to be gone through when one is making a financial transaction.
I have used that token, and a replacement, since it came into use and there has _never_ been any instance where there was a warning that it was insecure. The question that comes to mind is, if something ain't broken, then why try to fix it?