Why does Tesco Bank not let me be secure?

  • isab099's Avatar
    Hi - I'm new to this Community, in fact I only joined because I can't find another way to ask Tesco a question about security. (I might also start a different thread about why there's no way to securely email them, and why I have to use either Twitter or Facebook?) We're all aware these days of the risks of mobile banking, online shopping, contactless payments, etc, such as hackers, identity theft and fraudulent charges. Everyone is responsible for their own security, and the only guarantee is that NOT having any is the biggest risk. I've been a Tesco credit card customer for 12 years or more, via online banking and the mobile app. A few weeks ago I subscribed to CyberGhost, a VPN that encrypts all my online communications from any device. I added it to my PCs and my tablets, it's working well. But when I installed it on my phone the Tesco Online Banking App stopped working. I mean, it chose to stop working, I get a message saying it [sic] "will not work if (CyberGhost) is installed on your device". To emphasise, it didn't crash, it didn't fail, this is a decision Tesco have made. I'm a techie, I can't think of one reason for this, even logging IP addresses is old-school these days. However, releasing a BANKING APP that will only run on a device with NO SECURITY is mad!! My other apps work, including banking apps like Santander and Lloyds; even Tesco Pay + works. I don't mind having to disable the security while the App is running. But unless this restrictions is explained or removed I have to choose between securing my phone and continuing to be a Tesco Banking App customer. Or a Tesco Banking customer, of this is your security policy, what else is at risk?
  • 5 Replies

  • ScottW's Avatar
    Employee
    Hi and thanks for taking the time to let us know about your concerns. I completely understand why you'd be frustrated and wary about the app issue and we're getting our IT and App team to look into this for you. I'm afraid I'm not the most technical of people, but these are our experts! As soon as I have an update for you, I'll be back in touch.

    We are also looking into secure messaging outside of Facebook and Twitter, but we're taking our time to make sure we offer the most secure and efficient service possible, but I'll make sure to pass on your comments!
  • isab099's Avatar
    Hi - Is there an update to this please?Thanks!
  • RossM's Avatar
    Former Community Manager
    Hi , I looked into this and unfortunately the app will reject connection attempts from arbitrary/anonymous locations and as a result it will not currently be compatible. Our own internal security relies on being able to identify the user and device during login and to put it simply this VPN is not currently compatible with this. I appreciate that this may not be the answer that you hoped for and I can see that Scott has already recorded your comments as feedback. We do review these processes regularly and as a VPN user myself I can assure you that this will be looked at further.
  • isab099's Avatar
    Thanks for the response, but that does not make sense. You're saying that the App or server must be able to validate the IP, and it can't if there is a VPN in between. I agree, that would be the case if you recorded my static IP when I created the account, but you didn't. You have simply decided that any device that COULD attach to a VPN (by having any of those apps installed) is a risk. You don't ask if I AM attached to the VPN at the time. That's lazy programming, like saying all car drivers should be locked up because they drive cars that COULD go over the speed limit, not bothering to check if they ever do. This policy is nonsense.
  • ScottW's Avatar
    Employee
    I've passed your comments on for further review and we should have a response from the App team shortly. I'm sorry about the previous delay between messages, this will also be looked at.