Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Changes for using BoI Visa debit card for online purchases

  • 26-06-2017 9:57am
    #1
    Registered Users, Registered Users 2 Posts: 25,626 ✭✭✭✭


    I downloaded my BoI quarterly current account statement last week and spotted this at the foot of each page......

    On a phased basis from 5 July 2017 we are introducing one-time passcodes for online debit card purchases. Instead of needing a Verified by Visa password to complete the purchase, a unique one-time passcode will be sent to your mobile.

    See www.boi.com/3DSecureFAQs


    So when the rollout is complete, each time you use your BoI Visa debit card to make an online purchase, a code will be sent to your mobile which you will enter instead of the 'Verified by Visa' password.

    What is a one-time passcode?

    A one-time passcode is a random number. When you use 3D Secure, a passcode is automatically sent to the mobile phone number you have provided to us. The passcode will only be valid for the online purchase you have received it for. You do not need to remember this passcode. Each time you make a purchase online with a participating retailer, and authentication is required, a new passcode will be sent by SMS text message to the mobile phone number you have provided to us.


Comments

  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    SS7 is not secure.

    Really this is a step backwards by the banks. If you want OTP use time based keying like Google Authenticator.


  • Registered Users, Registered Users 2 Posts: 25,626 ✭✭✭✭coylemj


    ED E wrote: »
    SS7 is not secure.

    Really this is a step backwards by the banks. If you want OTP use time based keying like Google Authenticator.

    OP here. Could you give us that in plain English please, this is not a technical forum.

    Are you suggesting that a Visa debit customer has a choice when making an online purchase?


  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    Imagine a system from 1975. Was security a big deal then? So is it very security conscious? Nope.

    Now realize that's how you receive text messages. And Visa/BOI are now using it to send a secret for a security system. Its kinda like putting a wad of cash in an envelope and posting it.


    No choice, other than move to a smarter bank.


  • Moderators Posts: 6,900 ✭✭✭Spocker


    coylemj wrote: »
    OP here. Could you give us that in plain English please, this is not a technical forum.

    Are you suggesting that a Visa debit customer has a choice when making an online purchase?

    A lot of people have had issues in the past with the 3D Secure functionality (for Mastercard and Visas equivalent 'Verified by Visa') due to the intermittent implementation by sellers - some times you'd be asked, and sometimes you wouldn't

    I had seen something recently were this was being phased out, and this is obviously Bank of Irelands replacement. Instead of you having to remember a password, the bank will now text you a one-time code instead. This will require you to register your phone with your account. This would apply to online purchases only.


    The SS7 that ED E refers to is a communication standard for telephone networks; yes it has some flaws, but IMO the average person (such as you coylemj) being the victim of an attack is unlikely - the one-time code will likely be tied to the merchant and amount you're buying from at that day/time and will probably expire if not used.

    I don't know of any Irish bank (or Revolut or N26) that uses OTP (Google Authenticator and the like) so asking the OP to move is not really very practical


  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    It was more a rant against a backwards step than an instruction to the OP. Nothing he can do until some of the banks make the move in the right direction.


  • Advertisement
Advertisement