Warning For Online Users

  • BobD583's Avatar
    Yesterday I figured I would check my credit card online, so I entered TESCOBANK dot CO dot UK into the address bar of my browser. I normally use TESCOBANK dot COM. My browser then tried to divert me to another unknown site. Fortunately I've got a good quality anti-virus package so this diversion was trapped and not executed. When I switched to the dot COM address everything went well. Please be aware that when accessing your account online you may be redirected to places where your logon details might be obtained by persons unknown. I don't think the tescobank web site logon is very secure as it relies upon fixed information which does not change - with HSBC I have to use a hardware key to obtain a 5 minute password, and with PayPal it sends me a text message to my mobile phone with a 5 minute password.
  • 2 Replies

  • ScottW's Avatar
    Employee
    Hi 

    Thanks for getting in touch and for passing on your advice about accessing accounts. While we don't use a code generator like HSBC or some other banks, we have a system in place that helps to recognise your computer and stop others being able to access your account from unrecognised devices. If you've ever logged in and the screen has said that a one-time access code needs to be sent, this is the system keeping your account secure. I'll make sure to pass on your feedback about the security we use on the website though, as we're always looking to act on the suggestions of our customers.

  • BobD583's Avatar
    Whilst the TescoBank web site does indeed try to figure out access from a known computer and will send/receive an access code if you haven't used that computer before, this functionality uses cookies to maintain the previous log on. If you have someone like me who configures their setup to automatically delete cookies then it can be a PITA when you try to log on again. Having stated the problem I have no handy solution to offer. I personally think the PayPal option is pretty good - I have configured it so that any attempt to logon is unsuccessful until I enter the pass code which they send via SMS. That pass code (random 6 digit number) automatically times out after 5 minutes. Incidentally the TescoBank access code is 8 digits long - which is too long. 6 digits would be easier to remember. So even if someone got hold of my PayPal password, they can't get into the account because they won't receive the SMS message which is sent to my mobile phone. The latter arrangement seems a lot more secure than depending on cookies (and I know some organisations switch off cookies which they feel could be a virus threat). TescoBank seem to be halfway there and I feel would make their system much more secure if every logon needed to provide an access code like wot PayPal does.