Online bank security

This forum is to discuss anything to do with banks and banking services.
Post Reply
Flintomatic
Newbie
Posts: 6
Joined: Wed Feb 07, 2024 11:40 am

Online bank security

Post by Flintomatic »

Hello,

I recently decided to open an English-language bank account in Japan and so I searched for related posts on these pages and found plenty of useful information. I ended up going with Sony Bank, the setup was easy and smooth and everything seems to be going fine.

However, I was surprised to learn that there’s no option to set up 2-factor authentication (2FA) for logging in. The login process requires entering only your account number and password (which couldn’t even be created using special characters, only numbers and letters).

I contacted the bank and they confirmed that there’s no 2FA at login, nor is there any plan to introduce it.

It’s true that once you’re in your account, performing transactions or changing any settings within your account *does* involve inputting another password and/or using a small device which they sent that generates a one-time user code. But still, the very simple login process offers access to a LOT of personal information, including your address, account details, and transaction history.

The only way to know if someone has accessed your account is by checking the “last logged in” entry, but by that point it would of course be too late.

So I’d like to ask a couple of questions if anyone would be so kind enough as to offer up their opinion:
1. Do you find it surprising that there’s no 2FA login for this online bank?
2. Do other Japanese online banks require 2FA at login? (keep in mind that some might only have asked for it the first time you logged in after you let the bank “remember this device”)?

Thanks very much for your time.
deezy
Newbie
Posts: 14
Joined: Sun Feb 12, 2023 5:26 am

Re: Online bank security

Post by deezy »

Prestia SMBC offer 2FA as an option which I use as the password only allows you to use letters and numbers and no symbols.It's the same device that generates a one time user code.They also have biometric login on mobile devices
Shinsei have a matrix card that they give you coordinates for and you have to change the password if you don't log in at least once a month.
it does surprise me that you're not given the option at least. I wouldn't want to use a bank that doesn't have a high level of security.
User avatar
RetireJapan
Site Admin
Posts: 4728
Joined: Wed Aug 02, 2017 6:57 am
Location: Sendai
Contact:

Re: Online bank security

Post by RetireJapan »

deezy wrote: Sat Feb 17, 2024 12:00 am Shinsei have a matrix card
Shinsei scrapped the cards a couple of years ago: now you use an authenticator app for transactions. Login is just simple username and password though.
English teacher and writer. RetireJapan founder. Avid reader.

eMaxis Slim Shady 8-)
beanhead
Sensei
Posts: 1214
Joined: Sat Jan 30, 2021 1:24 pm
Location: Kanto

Re: Online bank security

Post by beanhead »

No 2FA for logging in but needed for transactions seems to be the norm here.
Aiming to retire at 60 and live for a while longer. 95% index funds (eMaxis Slim etc), 5% Japanese dividend stocks.
captainspoke
Sensei
Posts: 1572
Joined: Tue Aug 15, 2017 9:44 am

Re: Online bank security

Post by captainspoke »

RetireJapan wrote: Sat Feb 17, 2024 12:04 am...
Shinsei scrapped the cards a couple of years ago...
Hmm, I used that card (admittedly ancient) just the other day.

And tho I get occasional suggestions to change my password, I haven't gotten any prodding to switch to an app.
Teflon
Veteran
Posts: 139
Joined: Sun Mar 28, 2021 3:52 am
Location: Tokyo

Re: Online bank security

Post by Teflon »

captainspoke wrote: Sat Feb 17, 2024 3:43 am
RetireJapan wrote: Sat Feb 17, 2024 12:04 am...
Shinsei scrapped the cards a couple of years ago...
Hmm, I used that card (admittedly ancient) just the other day.

And tho I get occasional suggestions to change my password, I haven't gotten any prodding to switch to an app.
That's odd. I don't use the matrix card or an app. When I do a money transfer with Shinsei, it prompts me to input a temporary 4 digit code sent to my phone as an SMS message. This change was introduced after Shinsei was bought by SBI. Prior to that I used the matrix card, but I definitely prefer using a code sent to my phone. It's just easier.
Flintomatic
Newbie
Posts: 6
Joined: Wed Feb 07, 2024 11:40 am

Re: Online bank security

Post by Flintomatic »

Thanks for the replies. Interesting. I do find it strange that some of the banks here seem to give little protection to personal data. Even services like Netflix offer 2FA!
PaulP
Newbie
Posts: 15
Joined: Sun Sep 18, 2022 5:38 am

Re: Online bank security

Post by PaulP »

Yes the banks seem to secure the transaction better than the account access. I have an account with a bank I will not name, that if you know my branch and account number the only thing standing in your way of accessing my account is a four digit pin. it's shocking. However you have to use a mobile app to authenticate a transaction so apparently they think that is enough.

You mentioned you use Sony Bank, I am a customer of that bank too. Security seems adequate but as you mentioned, I get no sense they intend to add any additional features ever to the English language version of the banking app. What I did find is if you access the Japanese side you can login and it has more features like the ability to download you transactions in Excel. I just wish they would add Pay Easy so I could pay my taxes through this account and then get rid of the less secure account I only use for that purpose.
User avatar
CluelessToshika
Regular
Posts: 87
Joined: Sun Dec 31, 2023 4:18 am
Location: Tokyo
Contact:

Re: Online bank security

Post by CluelessToshika »

Teflon wrote: Sat Feb 17, 2024 12:31 pm
captainspoke wrote: Sat Feb 17, 2024 3:43 am
RetireJapan wrote: Sat Feb 17, 2024 12:04 am...
Shinsei scrapped the cards a couple of years ago...
Hmm, I used that card (admittedly ancient) just the other day.

And tho I get occasional suggestions to change my password, I haven't gotten any prodding to switch to an app.
That's odd. I don't use the matrix card or an app. When I do a money transfer with Shinsei, it prompts me to input a temporary 4 digit code sent to my phone as an SMS message. This change was introduced after Shinsei was bought by SBI. Prior to that I used the matrix card, but I definitely prefer using a code sent to my phone. It's just easier.
Another option is to set it up to use the Symantec "VIP Access" 2FA app thingy, which allows you to confirm transactions on your phone via that app (not the Shinsei app). Has the advantage that it works wherever you have internet access (but not necessarily phone, a situation I've found myself in occasionally).
banders
Veteran
Posts: 171
Joined: Thu Jan 07, 2021 5:27 am

Re: Online bank security

Post by banders »

True. I never really thought about it. I used to use the same password for everything (I know) but now I use the random password my Apple devices suggest, which is a long combination of lower and upper case and symbols. To hack those by brute force would be impossible, I reckon.

I’ve had cases where the OTP doesn’t arrive for a long time. That can be annoying. Last had this with Wise when I had to authorize my new device and the code didn’t arrive until after the time limit for entering it.

None of this is any use if your details are hacked from the server, of course. You get warnings if your passwords appear in a (known!) data leak, but you have to go look at the list in System Settings to see it.

In the last few years, I think three times we’ve had unauthorized purchases on credit cards where our details have obviously been hacked. Luckily the CC company phoned to confirm so we could stop them. We had to order new cards, though.

So, yes, I would use the option if it was available.
Post Reply