On Sat, 22 Oct 2022, Slavko via mailop wrote:
Dňa Sat, 22 Oct 2022 11:12:28 +0200 Ralph Seichter via mailop
<mailop@mailop.org> napísal:
I don't know of any German bank where this is the case. In my
experience, banks are quite strict when it comes to account access;
one always needs both athentication and authorization. Over the last
month, all banks I do business with have also upgraded to 2FA, which
I believe is now actually required by law.
Thanks, i got one similar response off list, thus i ask daughter again,
and he confirmed, that she was able to change phone number (associated
with bank account) via phone (from new number) only by providing that
information.
Of course, we both can not to know, if it is standard or it was "good
will" (please approximate that term) from bank employee only...
In my experience the on-line banking security (nowadays anyways) is pretty good,
due to the requirement of 2FA, etc.
The "physical security", i.e. when you go to the bank/counter and want to do
something is (IMHO) lower, but it does require a proper identification (password
or German identification document, etc.). Obviously, the whole thing depends on
whether a forgery (or a stolen document) will be noticed, and the fact that
having to be there in person may already be quite a good deterrent.
The weakest link is however the so-called "telephone banking", which maybe not
all banks offer (but mine does), where you can do /some/ things by merely
knowing the account number and a "telephone banking password", which is
generally weak and available to the operator in clear text. I remember once I
locked myself out (used wrong PIN in on-line banking) and had to phone to get
unlocked, which required the phone password, which I had completely forgotten
(because, who uses phone banking anyway?).
The lady on the phone was kind enough to suggest certain concepts and numbers
which refreshed my memory on the spot :)
If I could I would disable that, and maybe with time banks will stop supporting
this.
While IANAL in the end the important thing is where the liability lies, and I'd
suspect that if the bank performs some operations based only on this telephone
banking (or as you say, birth day & co.) then the liability should be with the
bank, but I keep getting surprised by how things work (not only here, but
everywhere).
Cheers,
Bernardo
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
