No Boi App, No online Banking?

B

Black Sheep

Registered User
Messages
2,372
I have been getting many emails and letters from Boi telling me that in order to continue banking on line I must download the App. Problem is my smartphone is not smart enough. The bank continues to remind me if I do not update to the mobile App. they will close the Account.

So it looks like close the account or buy a new phone! A bit drastic!

Any simple ideas would be appreciated
 
Was discussed here- supposed to be rolling out a physical security key to replicate the app.

For the moment the old link on this thread still seems to work.

New Bank Of Ireland security requirement

I am trying to log in to Bank of Ireland Banking Online and I am getting a message that I need to set up a security device. Is this genuine. It seems like something that would have been advertised. Thanks for any info.
www.askaboutmoney.com
 
While I understand the reasons for the extra security and I can still access the accounts at present it's still looking like a new phone or out.
No offers have been made in the emails for a security key though I have requested one from their website
 
That’s pretty poor. I’m not sure who you’d complain to. Would you just switch banks?
 
I just had to swap all our household phones about to give my husband a more recent iPhone for the BOI app. Not a bother really, but what did peeve me is that the BOI website functionality has deteriorated with regard to ability to export historical account transactions as CSV. I hate typing in bank data to accounts when this should not be necessary. And they wonder why Revolut is doing well... but CSV export from secure websites is a technology over a decade old. No excuse regarding EU laws on that one. Just poor planning and execution.
 
DeeKie said:
That’s pretty poor. I’m not sure who you’d complain to. Would you just switch banks?
Click to expand...

I presume all other banks have the same requirements or will have shortly. It's a bit of a pain switching after over 40 years
 
Downloading CSV files of transaction details is not 10 years old - this basic technology is about as old as Microsoft Excel which has been around since 1985.

I had a CSV download facility available from my U.S. employer's Credit Union in the early 1990's. I also had the option to download the transaction details in Quicken format. This was the Digital Federal Credit Union (DCU). It started as a credit union for U.S. based employees of the Digital Equipment Corporation (DEC) in 1979 and currently has about 800,000 members.

This Credit Union was operating as a full U.S. bank with Credit cards, Debit cards and cheques. In 1994 nearly all bills in the U.S. were paid via cheque. I wrote 1,400 plus cheques while living there between 1991 and 1994, as all utility bills were paid monthly.

In the early 1990's there were still a number of U.S. banks that only had one branch and most employees were VPs! These only provided a basic bank service - checking and savings accounts. They did not handle foreign currency, for example. I presume that since then that a number of these single branch banks have merged with bigger U.S. banks as they probably would not be able to cover the cost of the technology needed for todays bank services.

Having said that, BOI have spent a lot of money (€800M?) recently on their new IT stack. If the quality of their two-factor authentication software is anything to go by, this is another major IT Transformation that should have been avoided.

Smart-phones are expensive now so BOI should have built their App to work with some of the older iPhone/Android operating system versions. Not doing this is pretty ignorant and shows a total disregard for their Customers. If they did not have the technical expertise to design and develop App software that was backward compatible with existing handsets, then they selected the wrong IT company to do their IT transformation.

I upgraded my smart phone last year to be able to use the EBS App, because my perfectly good iPhone 5 was not supported by their "new" App. This cost me about €700 for a new Samsung S20.

I am continually amazed at the poor quality of recently developed software. For example, when logging in to the BOI App it does not set the focus to the first position in the next input field. As this is so obvious, it makes me wonder if anybody tested logging in to the App, even once. This should be a no-brainer default.
 
Inspiron said:
I upgraded my smart phone last year to be able to use the EBS App, because my perfectly good iPhone 5 was not supported by their "new" App. This cost me about €700 for a new Samsung S20.
Click to expand...

The iPhone 5 last received an iOS upgrade in July 2019. I would consider any phone not receiving updates from the manufacturer as potentially vulnerable from a security point of view.

I don't think it's unreasonable of Banks or any other app developers to require a minimum iOS/Android version for their apps to run on.

There is a wider argument that Phone manufacturers should support OS upgrades for longer, but I responsibility for that does not lie with BOI.
 
Okokokoknic said:
The iPhone 5 last received an iOS upgrade in July 2019. I would consider any phone not receiving updates from the manufacturer as potentially vulnerable from a security point of view.

I don't think it's unreasonable of Banks or any other app developers to require a minimum iOS/Android version for their apps to run on.

There is a wider argument that Phone manufacturers should support OS upgrades for longer, but I responsibility for that does not lie with BOI.
Click to expand...

Yep, there's both a security and financial cost associated with developing apps and products to run on no-longer supported smartphone OS.

It's likely far cheaper for BOI to issue physical security keys to the small segment of their customer base that this affects. It's also probably the least lucrative of their customer base, so it's a fairly easy decision for them.
 
Last edited:
If you have managed to set up the app on your phone, it is recommended to add a backup security device (partner's phone, a tablet etc).
In case you lose your phone, you would be able to logon with backup device to block your phone and access your accounts.

Set up multiple security devices - Bank of Ireland Group Website

We recommend you set up at least one other security device to allow you to access online banking. That way, in the event that you misplace one security device, you will always have access to your accounts online. Each new security device you create will require an activation code, sent…
www.bankofireland.com www.bankofireland.com
 
Surprise, yesterday when I tried to log into my BOI account I discovered I had to download their app to my phone. Why did this happen without any warning and before they have the alternative secure key device available? Anyway, I downloaded the app but I am in now doubt as to the security of it as it only asks for my pin to log-in!. NO 2-step authentication required and yet when I log into my account on my computer I have to put in a code I receive on my phone? So how do I make this app secure?
 
There was plenty of warning about this change - it's been flagged on the website for at least the last month
 
Eidnic said:
Surprise, yesterday when I tried to log into my BOI account I discovered I had to download their app to my phone. Why did this happen without any warning and before they have the alternative secure key device available? Anyway, I downloaded the app but I am in now doubt as to the security of it as it only asks for my pin to log-in!. NO 2-step authentication required and yet when I log into my account on my computer I have to put in a code I receive on my phone? So how do I make this app secure?
Click to expand...

The app is more secure than the website. With the app they can identify the device so don't need the text second factor (text messages aren't secure in any case). It is a secure channel from device to bank
 
Black Sheep said:
I have been getting many emails and letters from Boi telling me that in order to continue banking on line I must download the App.
Click to expand...

I’d be interested to read these emails.
From my experience online access is all that is necessary. If anything, there is a lot more available to an online user than an app user.
I can easily do what I need to do accessing my BoI account from a browser rather than via an app.

I’ve noticed that many apps hardly differ from the mobile site in terms of interface/GUI. Why bother having an app for BoI or MetEireann or PaddyPower or Boards.ie when accessing the site via Chrome or Safari or Torc is identical?
 
EmmDee said:
The app is more secure than the website. With the app they can identify the device so don't need the text second factor (text messages aren't secure in any case). It is a secure channel from device to bank
Click to expand...
Are you sure about that?
How are they identifying the phone?
Via the IMEI/IMSI or something like that?
Can't they be spoofed?
I'm not convinced that a phone/app connection is automatically/inherently secure without, say, per user/device certificates or something like that.
 
ClubMan said:
Are you sure about that?
How are they identifying the phone?
Via the IMEI/IMSI or something like that?
Can't they be spoofed?
I'm not convinced that a phone/app connection is automatically/inherently secure without, say, per user/device certificates or something like that.
Click to expand...

An app connection is a direct secure encrypted link between a device and the service unlike a web connection, text or email - all of which are vulnerable to "man in the middle" or spoofing. The app verifies the device connecting - when you first set up the app you have to verify you have the device. There is the equivalent of a certificate happening in the background. If you change phone, you'll have to re-verify.

This is why they are moving to app based secure connection - it is a direct channel from your device to the bank. Which is why, when using a less secure channel like the website, there is a higher level of verification
 
EmmDee said:
An app connection is a direct secure encrypted link between a device and the service unlike a web connection, text or email - all of which are vulnerable to "man in the middle" or spoofing. The app verifies the device connecting - when you first set up the app you have to verify you have the device. There is the equivalent of a certificate happening in the background. If you change phone, you'll have to re-verify.

This is why they are moving to app based secure connection - it is a direct channel from your device to the bank. Which is why, when using a less secure channel like the website, there is a higher level of verification
Click to expand...
Also many banks (certainly AIB) can use the phone to geographically locate you while using the app, which also allows them to eg open bank accounts remotely with greater security while verifying your identity, address etc.
 
You must log in or register to reply here.
Back
Top