Debit card authentication

Irish Steve

Ok, so I am using my phone to make a booking and pay by debit card. After entering all the relevant details on the relevant site, it tells me that I'm going to get authentication request, which is not unexpected these days.

So, the question, why do I have to go through effectively a double authentication?

I get a pop up, and it asks me to swipe to authenticate the transaction, and having swiped to say I approve, I then have to log in to my online banking with my pin to effectively authenticate a second time for the same transaction.

I get that you want to be secure, but this is gettting to be more than a bit ridiculous, you've looked up my phone details from your system, made a relevant connection and got me to confirm the transaction, why is it then necessary to confirm a second time that it really is me that's doing the transaction, given that you've been able to get a successful swipe authentication already?

Bank of Ireland Reps

Hi there,

Thanks for getting in touch with us and we appreciate your feedback.

Entering 3 digits of your 6 digit pin is an extra security measure that is in place to conform with Strong Customer Authentication.

This is in place to help prevent fraud and ensure it is the account holder who is making the transaction.

Please see attached here for more information on this.

Thanks,

Declan

Irish Steve

https://www.boards.ie/discussion/comment/118946451#Comment_118946451

OK, so let's clarify a few things here. First, I don't have an issue as such with SCA, it does indeed provide an additional level of security to prevent fraud.

Where we are going to have to agree to differ is your definition of SCA, in that as processed today, I end up doing effectively a double SCA, the first being a swipe that says it's going to approve the transaction, which effectively it doesn't, in that after that's been done, I then have to wait while the BOI app loads, enter 3 digits of my PIN, which is not always immediate because of an ongoing and previously reported issue with the way the app accepts the digits of the PIN , and only then can I return to the vendor site to confirm that I've done the approval, and getting back to the vendor site page is not straightforward because of the way that Android doesn't close apps that have completed their processing.

If I was buying €10,000 worth of stuff in China from a possibly unknown supplier, then yes, this level of paranoia is probably appropriate. Me paying Dublin Airport Authority €12.00 for car parking does not justify the same level of annoyance to approve the transaction.

If I was doing the same transaction at an NFC capable device, there would have been NO checks as such, and with Google Pay it's even easier, and for a transaction below WiFi limits, which this was, having to go into the app and enter the 3 digits of PIN should be more than enough to be able to approve the transaction, going into the swipe option and then having to go into another level of approval for a transaction of such a low value to a known local supplier is not a meaningful security check, it's an annoyance that is going over the top.

3DataModem

I just sent 70k AUD via Revolut, using their SCA, which is SO much simpler to execute (and actually more secure).

It is very tempting to ditch traditional bank apps in favour of the fintechs, for exactly reasons like this.

Bank of Ireland Reps

https://www.boards.ie/discussion/comment/118947571#Comment_118947571

Hi Irish Steve

Thanks for coming back to us on this.

We will certainly pass on your experience and views internally to the App Team

Thanks

Alison