am 13.01.2020 10:37
Hi there,
I am wondering how to make my comdirect account more secure. I have already posted a similar question some time ago. And I received an answer:
in the future the PSD2 regulation also requires a randomly generated component (like a TAN) at login to the account
The current state however is that there is no way to change the password "rules".
As far as I aware, PSD2 is now life, right? Has the situation been changed with PSD2?
What I'm looking for is an improvement in 2 components:
Please, let me know if the situation with weak security in comdirect has been improved.
Thank you,
Denis
am 13.01.2020 11:00
Hello,
After PSD2 introduction, a PhotoTAN (or SMS TAN) is required for login every 90 days. Additionally, some actions require a TAN every time, such as looking for account movements older than 90 days or opening the message inbox.
There is still no requirement to use a second factor on each login.
Regards
Bastian
am 13.01.2020 17:56
It's funny to see that people always seem to prefer the opposite of what they got.
There are banks out there that require a TAN for each login. And in parallel their online communities are full of complaining customers describing how cumbersome it is to generate a TAN each time just to check the balance.
Personally I prefer the way it is implemented here. Critical activities require a TAN anyway.
am 13.01.2020 18:16
That's not what I prefer. I prefer my bank to be customer-oriented and I prefer to give me to chose what kind of user experience I want. The funny thing is that it's extremely easy to satisfy both types of customer:
If you prefer one type of security — it's your choice, not a problem for me. I am just another kind of guy. I prefer to have strong security everywhere where it's possible. You can call me paranoid, but I expect my bank to give me a choice to be paranoic.
am 13.01.2020 19:14
Hello,
@dbrsn schrieb:
Add checkbox in settings to enable photo-tan for each login (it's even ok for me if it's disabled by default — I will find my way to turn it on)
I would like to have this option, too!
Give the ability to use a password with more than 6 numbers (just small change in form and probably simple update in the database)
Unfortunately, that change is much more complicated than it looks like. The PIN is also used for identifying customers when they call the support hotline. You have to enter the PIN via your phone keypad and it is verified by the language computer.
For this purpose, a more complex PIN would not be possible to use. So in the end it would be necessary to change customer identification completely or introduce some kind of special "phone support PIN" only used for the hotline.
All of this has been discussed here over and over again, though 😉
Regards
Bastian
am 16.01.2020 11:16
@dbrsn schrieb:
I prefer to have strong security everywhere where it's possible.
comdirect has decided to handle the login this way, according to
the rules of PSD2.
The majority of the customers agree with this decision.
The knowledge of "PIN" *and* "Zugangsnummer" are necessary to
login in an other account.