Credit Card Security

  • Kipper's Avatar
    Nearly everytime I log on to my credit card account I have to find my mobile phone and wait for a code to be sent by text, I understand that this is because I regularly clear my browsing history but it is a pain in the botty! I do not encounter this problem when using other Banks and on line Retailers so why does Tesco make it more irratating? has it suffered above average losses?
  • 9 Replies

  • NickG's Avatar
    Employee
    Hi Kipper

    Welcome and thanks for posting.

    Sorry you are having challenges with online banking security. It is hard to get the balance of security and convenience right for everyone using our online banking service. We used to have a card reader to protect online banking however the overwhelming feedback from customers was that they didn’t like this method and they wanted something more portable. This was why we implemented a solution that allows our customers to receive a security code to their mobile phone.

    Having looked into this there seems to be three options available to you:
    1. When you clear your browser history, don’t clear your cookies too
    2. You could download an alternative browser such as Chrome, Firefox or Internet Explorer to use only for online banking. This would mean you wouldn’t need to clear the browser history very frequently and therefore prevent the issue you are currently having
    3. If you have an android or apple phone you could download our mobile banking app? I am pleased to say that clearing the browser history on your phone won’t affect the mobile app.


    I have attached details of a link to the relevant online banking security faq in case you wanted more details on this.

    Let us know if you have any more questions. If you want to speak to someone about this, you can call our online helpdesk on 0845 300 3511[/b]
  • Kipper's Avatar
    Yes, you offer ways round the problem but they all involve additional effort or expense (new phone!) and it was always my understanding that computers and automation were there to make things easier. It is the computer says no syndrome, where we are all system lead rather than designing systems that are truely customer friendly. I shall no doubt continue to operate as I do now which means I am unlikely to make full use of Tesco Bank and when I do I will approach the transaction with a jaundiced disposition.Kipper
  • simone2015's Avatar
    Though there is already a thread partly dealing with this issue - referenced below), I do not find that it brings out how excessive the CC card login actually is. The login is particulalrly excesive because within the CC panel, there are actually no tools to pay or move money out of the account - rather it is purely a 'look-up' account. A login requires:1. Selected entry of numbers from a pin code2. Request for text3. Wait for text then entry of text pin code4. Entry of full password I'm not aware of any other full banking account (or even credit card account that have tools for cash transfer/balance transfer within them) that involve such excessive security to access them, never mind for a purely 'look-up' account - where actually, no monetary loss could take place even if the account were access by a third party. In the other referenced thread you mention that: 'it is hard to get the balance of security and convenience right for everyone using our online banking service' - however, the overall effect of such excesive heavy-handed secureity measures for a look-up service, is to make the service unprofessional. As well, there are other 'invisible' server side security measures that can be utilised, such as confirming whether an IP address is related to a clients known address (when accessing via home internet connection) which provide another layer of security. I hope you will review the need for such excessive security, at least for the credit card look-up service. ======The other thread referenced above is at: https://community.tescobank.com/t5/D...rity/m-p/1212/
  • WizPip's Avatar
    Hey, I use CCleaner to wipe temporary files / caches / etc from my computer every now and then. One of the options in there allows you to keep specific cookies (whilst trashing the rest) - I have mine set to keep the Tesco cookie, and it works well.
  • simone2015's Avatar
    Hey WizPip! With all due respect, that is not good security practice - at all - lol. It's suprising the amount of info that can be stored in a cookie & how it can be tied to yourself/identity - and all cookies are readable by all sites, and not just the site that originated it. Of course, I don't need to state that you are free to follow whatever practices you wish to - but for myself, I would never dream of doing such a thing.
  • WizPip's Avatar
    A cookie can only be read by the domain that created it. There's no security issue there. :) The way the cross site advertising works, is that they all use the same advertiser, and it's this element in the page which is loaded from a different server, which is the same server across multiple sites and can thus read the same advertisment cookie. In terms of the Tesco cookie, only the Tesco website can read it. Of course, if you're using a shared computer then you should never ask the browser to remember passwords or keep you logged in. If it helps you to feel better, I've been a web developer for nine years and I've never put anything nasty in a cookie ;)
  • BobD583's Avatar
    I've been a web developer for nine years and I've never put anything nasty in a cookie The vast majority of web developers share your enthusiasm. However it only takes one developer who is devoid of the customer care gene to create a problem. My 'SpyHunter' subscription reports (and fixes) issues with cookie issues every day: http://www.enigmasoftware.com/products/spyhunter/
  • PoppyAnn2012's Avatar
    I have been using the Tesco card site and have only once been asked for a pin number once when I first set up my account all you have to do is when you go to remove cookies just deselect the Tesco ones so your browser does not remove them that way you are never asked for a pin number. I think that being asked for a pin number when you first try to access your account from a different computer is not that excessive to be asked for, if that is all you have to do to help prevent fraud then I am happy to do so. Regards Poppy Ann.
  • PoppyAnn2012's Avatar
    ************************************************** ********************************************* Yes, you offer ways round the problem but they all involve additional effort or expense (new phone!) and it was always my understanding that computers and automation were there to make things easier. It is the computer says no syndrome, where we are all system lead rather than designing systems that are truely customer friendly. I shall no doubt continue to operate as I do now which means I am unlikely to make full use of Tesco Bank and when I do I will approach the transaction with a jaundiced disposition.Kipper ************************************************** ************************************************ Why would you require a new phone? I fint it doubtful that any one now a days uses a phone that cannot recieve a text message even a old BT fixt line phone will accept text messages which they read out to you. Regards Poppy Ann.