I'm looking for an alternative to "Strong Customer Authentication" and the changes being imposed on Tesco Bank customers.
Specifically, my mother is 95, doesn't own a smartphone so the "App" is no use at all.
Because there is next to no mobile single where she lives, an OTP sent via SMS is unlikely to arrive and even if it does it is a wholly unnecessary 'faff' for her to try to manage her small legacy mobile 'phone and rekey the tiny digits.
She lives alone and manages fine using online shopping and Tesco deliveries but this imposition is a threat to her independence. So, what is the alternative?
Thanks Kelly ... that's the same answer I got from @Tesco-Bank - you'll send an OTP via an automaton to a landline number.
It is puzzling that neither the email "how you approve online purchases is changing" nor the "Find out more" section on the website seem to mention this alternative (though I had previously seen mention of such on the FCA website). Is it possible that Tesco Bank realise that while such a mechanism may fulfil their FCA obligations it fails utterly in terms of customer service?
Picture this: little old lady trying to make an online purchase; the 'phone rings; she has to get up from her PC, gather her walking sticks and make her way to the telephone to answer the call before the answerphone cuts-in; she then has to memorise or write down a code and make her way back to her PC before the transaction times out; all without falling ...
Ross, are you seriously asking a customer / member of the public, on an open forum, how to design a financial services security solution? 😉
The FCA guidance to the industry includes the statements:
We expect firms to develop SCA solutions that work for all groups of consumers. 
This means that you may need to provide several different methods of authentication for your customers. This includes methods that don’t rely on mobile phones, to cater for consumers who don’t have, or don’t want to use, a mobile phone.
You, and your IT teams have had ample opportunity to satisfy those requirements and have seemingly failed to do so ...
... but I'll take the bait even though I haven't had sight of the detailed requirements your teams have been working to:
Start with a USB connected, contactless card reader - the technology exists and allows you to be confident that the card is present at the time of the transaction. Provide the reader with it's own unique identity - that way you can be sure that the device being used is the one supplied to the customer / registered on their account. In the authentication pop-up that follows a web based transaction you can request that the customer enters an online transaction PIN - that way you can be sure that something known to the cardholder is used. You now provide the device with a transaction code - generated by the bank and unique to the specific transaction - together with the PIN. This information is combined with the device id and card details, encrypted and returned as an authorisation code to the bank. You now have three factors of authentication (which rather beats use of an OTP via SMS).
Such a device could be common across banks, would cost only £10s to produce, and you could even charge your customers the price of having one.
Ross, are you seriously asking a customer / member of the public, on an open forum, how to design a financial services security solution? 😉
I'm asking your opinion on what you think will improve things for yourself and our customers, this public forum exists so Tesco Bank customers can provide their thoughts, feedback etc and we do listen. Everything said here is logged, discussed and helps us make business decisions.
We are a digital bank so will always focus on the digital solution first. We also have a high install base of the app. With the focus on app account management and with products launching that require the app ( like Clubcard Pay + ) I can't see us going back to a card reader for the small number of customers that would use that service (We previously had these). Especially as we have the options for confirmation within the app, via text message or the landline authorisation which will cover the majority of Tesco Bank customers. Card readers seems a bit like a backwards step in my own personal opinion but as I mentioned will certainly be logged and considered.
... We are a digital bank so will always focus on the digital solution first. We also have a high install base of the app. With the focus on app account management and with products launching that require the app ( like Clubcard Pay + ) I can't see us going back to a card reader for the small number of customers that would use that service (We previously had these). Especially as we have the options for confirmation within the app, via text message or the landline authorisation which will cover the majority of Tesco Bank customers. Card readers seems a bit like a backwards step in my own personal opinion but as I mentioned will certainly be logged and considered.
That is rather the impression that I had formed. Tesco are a digital bank and wish to serve 'digital' customers, and would prefer the inconvenient 'small' number of non-digital customers to 'just go somewhere else'. Your opinion is noted ...
Tesco Personal Finance plc, trading as Tesco Bank as part of the Tesco Group take the security of your data seriously. We want you to be confident that your data is safe and secure with us and understand how we use it.
We collect data when you browse our website (e.g. your IP address) and register for the Community. To find out more about how we use your data, our legal basis for processing your data and your rights under data protection laws please view our Privacy Policy.
How we collect and use your personal data
Tesco Personal Finance plc, trading as Tesco Bank as part of the Tesco Group take the security of your data seriously. We want you to be confident that your data is safe and secure with us and understand how we use it.
We collect data when you browse our website (e.g. your IP address) and register for the Community. To find out more about how we use your data, our legal basis for processing your data and your rights under data protection laws please view our Privacy Policy.
Terms of Service
Registration to this forum is free! We do insist that you abide by the rules and policies detailedbelow. If you agree to the terms, please check the 'I agree' checkbox and press the 'Complete Registration' button below. If you would like to cancel the registration, click here to return to the forums index.
Tesco Bank Community Terms of Service v 1.0
The Tesco Bank online community ('Your Community') is for Tesco Bank customers, staff, contributors and supporters to discuss products, services, issues and matters of general interest. Your Community content may be viewed by both members and non-members.
We encourage you to enjoy Your Community. However, please note that by using Your Community, you're confirming to us that you've read and have agreed to be bound by these Terms of Service and our House Rules. If you're unable to accept these Terms of Service and/or our House Rules for any reason, please do not use Your Community.
To the extent that there's any conflict between these Terms of Service, our House Rules, or any other document, posting or communication connected to Your Community, these Terms of Service will prevail.
Any reference to 'we,' 'us,', 'our' is a reference to Tesco Bank which is a trading name of Tesco Personal Finance plc. We are part of the Tesco plc group. For information about our group of companies please visit www.tescoplc.com and click on 'About Us'.
Registration
The information you provide during the registration process must be true, accurate and complete. You must not register under the name of another person or organisation and you must not register under more than one name. If we've reasonable grounds to suspect that the registration information you provided is untrue, inaccurate, or incomplete, we may suspend or terminate your account and prohibit your future use of Your Community.
When registering, you'll be required to select a username that will be seen by all people who visit Your Community. The username you select must:
not be the same as, or similar to, your Tesco Bank internet banking username or password (if you're a Tesco Bank customer) or the username or password for any other sites you may use;
not contain any details you don't wish to be viewed by the general public; and
not be defamatory, offensive, impersonate any other person or entity, infringe the intellectual property rights of any person or entity, or otherwise mislead or deceive others.
We reserve the right to reject any username or remove any image that we determine in our sole discretion is unacceptable for use as a username or image in Your Community.
Personal responsibility
You're responsible for all content posted or communicated under your username, including the use of your username by others. You're responsible for keeping your password confidential and you agree that you'll not share your login details with anyone, let anyone else access your account, or do anything else that may compromise the security of your password or user account. You may use Your Community for lawful purposes only. It is your obligation to ensure that when operating your user account and posting content, you'll comply with the laws of the United Kingdom.
Your reliance on content
You use Your Community at your own risk. You are solely responsible for your use of Your Community and reliance on the content
The views expressed within Your Community are not our views and are not endorsed by us, unless provided by a Tesco Bank representative designated as a Moderator, Your Community Expert or Community Manager. We do not vouch for the accuracy or authenticity of posts or communications and do not take responsibility for any opinions you or other users choose to provide.
The posts and other communications do not represent financial advice from Tesco Bank and must not be treated as such, even if they are directed to you. Posts are general information only and you must carefully consider any decisions you make based on the content of Your Community. Before relying on any other user's posts or communications, you should make your own enquiries and ensure that any action you take as a result is right for you. Note that opinions and advice in relation to financial products and services on Your Community are not personalised to you or other users.
From time to time, staff members of Tesco Bank, our suppliers and affiliates, may be present on Your Community. In doing so, unless designated as a Moderator, Your Community Expert or Community Manager these staff members are acting in their personal capacity and not as an employee, adviser, representative or agent of Tesco Bank and are personally responsible for the content of their posts and communications. The content of such posts and communications don't constitute our views.
Third Party Websites
Your Community may contain or reference links to non-Tesco websites ('Third Party Websites'). By accessing links to Third Party Websites, you may be exposed to content that you consider inaccurate, offensive or inappropriate. We are not responsible for the content of any Third Party Website or any link contained in a Third Party Website. The inclusion of a link within Your Community does not imply any endorsement by or any affiliation with us. Access to any Third Party Website is at your own risk, and you should be aware that Third Party Websites may contain terms and privacy policies that are different from Your Community. We're not responsible for loss, costs or liability arising from accessing or using such Third Party Websites.
Marketing
Your Community must not be used by you or any other user as a marketing platform. However, we acknowledge that from time to time, some content may contain references to products, services, articles, offers and promotions offered by third parties (not by us). These third-party offerings are not endorsed by us. If you decide to use these third-party offerings, you're responsible for reviewing and understanding the terms and conditions governing those products or services and ensuring you understand the risks. You agree that the third party, and not us, is responsible for performance of the services or the quality of any product.
Misuse
You must comply with our House Rules; please review them carefully and regularly. In particular, you must not post any content or communication that is inappropriate, threatening, abusive, offensive, or misleading, or use Your Community or its features to engage in any advertising, marketing or solicitation, including activities such as spamming or phishing. You must not post or communicate any content, or do anything, which would overburden, disrupt or disable the proper working or appearance of Your Community. Your Community relies upon its users to identify and report content or conduct that does not align with the House Rules or these Terms of Service. Therefore, it is each user's responsibility to report objectionable content by utilising the 'Report Inappropriate Content' functionality available throughout Your Community.
Monitoring and moderation
Your Community has moderators who aim to ensure that these Terms of Service and our House Rules are followed. Moderators do not pre-screen postings or communications. Moderators have the right to edit or remove content at their discretion and for any purpose. Moderators are under no obligation to provide a reason for removing any content or to enter into discussion regarding the removal.
Moderators may or may not investigate any complaint that is brought to their attention, and may or may not take appropriate action, including, but not limited to issuing warnings, moving or removing content, or suspending or terminating any user name and user account. Because situations and interpretations vary, it is possible that we may take no action whatsoever. The failure to act with respect to a violation by you or others does not waive the ability to act differently with respect to subsequent or similar violations.
Warnings, suspensions, and terminations
Moderators may communicate with you personally concerning Your Community or related matters. Those communications are confidential between you and us and are not intended to be made public. As such you agree not to post or otherwise disseminate those communications within Your Community or elsewhere, on the Internet or otherwise.
You agree that your registration and access to Your Community may be immediately suspended or terminated without explanation or prior notice. Without limiting the foregoing, the following may, at our sole discretion, lead to a termination of a user's registration and access to Tesco Bank Community:
breach of these Terms of Service, the House Rules or other related agreements or guidelines;
request by law enforcement or other government agencies;
a request by you;
unexpected technical issue or problem; and
extended periods of inactivity.
Termination of your registration includes removal of access to all offerings within Your Community and may also prevent you from engaging in further use of Your Community. Furthermore, you agree that neither us nor the moderators shall be liable to you or any third-party for any termination of your registration or access to Your Community.
Rights to content
When you upload or submit content (such as text, data, images or names, when permitted) to Your Community, you grant us a right to use, copy, modify, publish or otherwise distribute that content, including any personal information that may be included in the content, for any purpose, including, without limiting the foregoing, the administration and management of Your Community, marketing including in social media, analytical purposes, and new product or service development. The licence you grant us is perpetual, irrevocable, royalty-free, transferable, worldwide, and we'll not be required to obtain your permission for any such use or attribute any content to you.
In submitting content to Your Community, you expressly release us from any and all present and future claims that we have made unauthorised use of your idea.
Your Community and all content on it (including all Tesco Bank logos, trademarks, the look and feel of Your Community, and content posted or communicated by other users) remains the intellectual property of Tesco Bank and/or our licensors and, in the case of content posted or communicated by other users, the relevant user(s). You may not use any such content for any purpose other than to access and use Your Community as envisaged by, and in accordance with, these Terms of Service.
Security
We do not warrant that Your Community is secure, free from bugs, viruses, interruptions, errors, or other limitations. Any content that you place on Your Community is posted at your own risk, and could be obtained and used by others. You should think before posting or communicating any personal or financial details about yourself on Your Community. You should not reveal information that you don't want to make public, such as posts or communications including your contact information or email address. We'll not be responsible or liable for any loss arising from your disclosure of personal information, or any other information, in any profile, post or communication.
Privacy
We ask that you do not post any personal information to Your Community, such as your full name, contact details or account numbers. We also ask that you do not post personal information about others, or ask others to disclose their own personal information on Your Community. In some specific and rare circumstances we may offer you the option to provide us with personal information via the private messaging function of Your Community. You will not be under any obligation to do this, but it may assist us in helping you.
Consent
By using Your Community and accepting these Terms of Service, you consent to the collection, use, disclosure, storage and processing of your personal information in accordance with these Terms of Service and Tesco Bank's web privacy policy.
Access and correction
We reserve the right to instruct the moderators to remove any posts in Your Community containing phone numbers, street addresses, or otherwise personally identifying information on the grounds that we're not able to verify the information as being your personal information or that of a third party.
By submitting your email address to register, you agree that our third party service providers and the moderators may use your email address to contact you directly about your profile or any content you post on User Community and for other administrative purposes related to Your Community.
You further agree that if you wish to collect or use information or content posted or relating to other Your Community users, you must first obtain the relevant user's consent and make it clear that you (and not Tesco Bank) are collecting their information, the reason for which you're collecting their information and explain the purpose for which the information will be used.
Indemnification
You agree to indemnify, defend, and hold harmless from and against any and all losses, damages, liabilities and costs (including, without limitation, settlement costs and any legal or other fees and expenses for investigating or defending any actions or threatened actions) incurred by the Indemnified Parties in connection with any claim arising out of any breach by you of these Terms of Service or the House Rules or claims arising from your content or conduct. 'Indemnified Parties' includes us, the moderators, and all respective officers, directors, owners, employees, agents, representatives, and assigns.
You agree to cooperate with us in the defence of any claim. We reserve the right, at our own expense, to employ separate legal representation and assume the exclusive defence and control of any matter subject to indemnification by you.
All third party content (content posted or communicated by registered users including any content) is the sole responsibility of the registered user posting or communicating the content. You acknowledge and agree that we don't control and are not responsible for the third party content. As such, you shall fully indemnify us against any claim (including solicitor fees) arising out of content you post or otherwise make available on Your Community or your use of Your Community.
Limitation of liability
You agree that, to the maximum extent permitted by law, at no time will we (including our officers, directors, owners, employees, agents, representatives and assigns and the moderators) be liable for any costs, direct or indirect loss or damages, consequential loss, howsoever arising out of your use of Your Community, the content you or other users post or otherwise make available on Your Community (including, but not limited to, damages relating to loss of business, loss of money, telecommunications matters, exposure to any form of virus, bugs or such other malicious code, theft, damages or other losses you or any third party may suffer) regardless of whether the claim is based on breach of contract, breach of warranty, tort (including negligence), product liability or otherwise.
Choice of law and location for resolving disputes
You agree that the laws of Scotland govern these Terms of Service and any claim or dispute that you may have against us will be resolved in Scottish courts only.
Modifying these Terms of Service
We reserve the right, in our sole discretion, to modify these Terms of Service at any time without notice. Modified Terms of Service are effective as soon as they are posted. We also reserve the right to waive or modify any of these Terms of Service as they apply to a specific posting, communication or user without affecting the application of these Terms of Service to all other postings, communications and users. Your continued use of Your Community, or any content or services accessible through it, after modified Terms of Service are posted means you accept the modifications. We may also make any changes to the look and feel of Your Community at any time without notice.
KellyT
RossM