NatWest admits fraud has led to suspension of bank app:
http://www.bbc.co.uk/news/business-19897527


FFS, this is our money - we would hope you've already got the highest level of security!! It seems not.

This has got to be more than phishing, which is NatWest's official standpoint. One of the NatWest customers who was defrauded thousands of pounds last week hadn't even heard of this service, let alone registered for it. Something's seriously wrong with their security processes if someone else can register a customer for this service, download the app onto their own device and use it at ATMs to withdraw cash - all without the customer being aware of it.

In principal it sounds like a useful service if you're stranded without cash or a card, but something's not right with the implementation of it.
Another example of marketing jumping ahead of security.

This is what you get when you ask your customers security questions that are easy for other people to guess or research the answers to.

I had to phone my bank (some dodgy card cling going in it seems) and they wanted portions of a number. If I have one, I've forgotten it, so the usual round of questions.

Then they wanted to set up a number. They told me the rules for the number:
1 - no sequential digits
2 - No repetitive numbers
3 - it can't by me date of birth, or any member of my family
4 - Nor can it be a phone number
5 - Has to be between 6 and 12 digits long

I doubt I'd be allowed to write it down either.

So, not prepaid for this at all, and not able to think of a number I had a cat in hell's chance of remembering, I declined to set one up. The problem is that all these security things are very machine centric. There has to be a way for me to verify myself to the bank without these protracted processes.

The other day, I had cause to phone PayPal. To call them, I had to log on (with my long password), type in a code that they send me by MMS. The page with their hen number on gives me a 4 digit code. I type that in to the phone when asked and the person dealing with my call knows I'm me. No security questions, and we got straight to the point of my call. Not I believe that it is likely that that could be spoofed too, but it's a far, far friendlier way to checking who I am.

The problem is that with an app it means that phones are even more valuable if stolen. They could use your phone to find a cash point and request cash using this app. While in theory this sounds like great customer service, there are so many loopholes that criminals benefit.

I have my Paypal account secured by a 30 digit randomly generated password and a rolling pin generator.

Another reason why I don't want NFC on my mobile phone or credit cards.

Yes I am not that fussed that the iPhone lacks NFC. I would need to get a Faraday caged wallet. From the Apple Keynote I think that Apple have a way around the lack of NFC that makes sense and is practical.

You can turn NFC off on your phone.