ilmoro
Member of DD Central
'Wondering which of the bu***rs to blame, and watching for pigs on the wing.' - Pink Floyd
Posts: 11,333 
Likes: 11,552
|
Post by ilmoro on Jan 29, 2018 20:15:39 GMT
With an unusual level of dutiful keeping abreast of things for me I regularly go to the MLIA, order it by LastUpdated and then click through updated loans to see if there is any important news. Today FIVE times in a row the not-important news is This loan is a development loan with tranche drawdowns. A subsequent drawdown to this loan is due to take place imminently and documents covering this have been posted to the Documents section of the loan record. Please note that trading may be suspended for a short period whilst this drawdown is processed
I don't think this really counts as a notifiable event. Can you devise something please? Blame me. It was added because the DL loans kept being suspended with no explanation when a tranche was drawndown and lenders were consitently asking why it was suspended. No idea where AC came up with that form of wording.  NB. Uploading the doc would generate a latest update today date in the last column. At least now you no to look in docs rather than trying to hunt down a non-existnet entry in activity or Q&A.
|
|
|
|
Post by chris on Jan 29, 2018 21:00:14 GMT
There's a change coming this week where the credit team will no longer need to temporarily suspend a loan when paying out additional funds.
|
|
copacetic
Member of DD Central
Posts: 306
Likes: 667
|
Post by copacetic on Feb 7, 2018 18:34:19 GMT
Could I suggest adding a user nominated bank account for withdrawals?
I feel the current system has 3 issues:
1. Prone to user mistakes in inputting sort code and account number each and every time a withdrawal is done.
2. Inconvenient and more time consuming for the user.
3. Security - if the account was hacked by obtaining the password, for example by a keylogger, it seems to me to be possible that funds available could be withdrawn to any bank account (unless there are manual checks for withdrawing to a new account).
A nominated account could be changed by the user with 2 step verification by email or phone and with notice period to avoid instant emptying of accounts.
|
|
|
|
Post by chris on Feb 7, 2018 18:36:57 GMT
Designated bank accounts are a work in progress. ETA maybe 2 - 3 months tops.
|
|
jlend
Member of DD Central
Posts: 1,840
Likes: 1,465
|
Post by jlend on Feb 7, 2018 18:58:42 GMT
Could I suggest adding a user nominated bank account for withdrawals?
I feel the current system has 3 issues:
1. Prone to user mistakes in inputting sort code and account number each and every time a withdrawal is done.
2. Inconvenient and more time consuming for the user.
3. Security - if the account was hacked by obtaining the password, for example by a keylogger, it seems to me to be possible that funds available could be withdrawn to any bank account (unless there are manual checks for withdrawing to a new account).
A nominated account could be changed by the user with 2 step verification by email or phone and with notice period to avoid instant emptying of accounts.
It doesn't directly address your points I have been contacted by AC when making large withdrawals so there are checks in place for that you will be pleased to hear.
|
|
ashtondav
Member of DD Central
Posts: 1,814
Likes: 1,092
|
Post by ashtondav on Feb 7, 2018 23:13:25 GMT
1. Diversification shambles
2. Provision Fund disbursements.
Simple sh*t, but otherwise a not fit for purpose platform, as far as the "fire and forget" accounts are concerned. IMHO. Until sorted I use only QAA under the assumption that, unless we hit a Northern Rock moment, I’ll be able to exit quick!
|
|
|
|
Post by stuartassetzcapital on Feb 8, 2018 10:34:26 GMT
ashtondav, we expect to make an announcement, as well as take firm action, very shortly.
|
|
ashtondav
Member of DD Central
Posts: 1,814
Likes: 1,092
|
Post by ashtondav on Feb 8, 2018 11:24:07 GMT
Thanks, that sounds good.
|
|
teddy
Posts: 214
Likes: 90
|
Post by teddy on Feb 8, 2018 13:25:42 GMT
 No more words, let's just see the colour of the AC Provision Fund's money.
|
|
jlend
Member of DD Central
Posts: 1,840
Likes: 1,465
|
Post by jlend on Feb 9, 2018 13:55:22 GMT
ashtondav , we expect to make an announcement, as well as take firm action, very shortly. Thanks stuartassetzcapitalI look foward to hearing your firm action on addressing diversification for current lenders in the investment accounts
|
|
jlend
Member of DD Central
Posts: 1,840
Likes: 1,465
|
Post by jlend on Feb 12, 2018 12:58:21 GMT
Suggestion for improvement
Publish how much money is invested in each of the property, green energy and great british business accounts so lenders can use this information when considering their risk appetite.
The information is already available for the qaa 36m and 30day 61m accounts.
|
|
jlend
Member of DD Central
Posts: 1,840
Likes: 1,465
|
Post by jlend on Feb 12, 2018 13:09:05 GMT
Suggestion for improvement.
Each of the property, green energy and great british accounts to publish the total amount they have invested in each loan so lenders can use this when assessing the risk of each of these accounts.
At the moment we can only see what we individually have invested via these accounts after the fact I think.
|
|
|
|
Post by vaelin on Feb 18, 2018 13:30:14 GMT
We're also considering using a service like Authy as an optional extra that people can opt-in to using to authenticate themselves when they log in, and for changing key settings such as their password or nominated bank account. I would like to support calls for one time passwords. Ideally I'd like to be able to use FIDO U2F because it is the absolute gold standard in 2FA. I understand that FIDO U2F adoption is not yet as widespread as it could be, so TOTP would be a good alternative. I'd rather not have to use the Authy 2FA service directly. It is a pain when all your 2FA passwords are stored elsewhere. Unless the user is careful with the app settings it is also possible for a malicious actor to recover the codes by stealing the associated telephone number. SMS 2FA is deprecated for the same reason.
|
|
dc848
Posts: 150
Likes: 92
|
Post by dc848 on Feb 19, 2018 9:30:47 GMT
We're also considering using a service like Authy as an optional extra that people can opt-in to using to authenticate themselves when they log in, and for changing key settings such as their password or nominated bank account. I would like to support calls for one time passwords. Ideally I'd like to be able to use FIDO U2F because it is the absolute gold standard in 2FA. I understand that FIDO U2F adoption is not yet as widespread as it could be, so TOTP would be a good alternative. I'd rather not have to use the Authy 2FA service directly. It is a pain when all your 2FA passwords are stored elsewhere. Unless the user is careful with the app settings it is also possible for a malicious actor to recover the codes by stealing the associated telephone number. SMS 2FA is deprecated for the same reason. What?
|
|
|
|
Post by vaelin on Feb 19, 2018 10:31:55 GMT
I would like to support calls for one time passwords. Ideally I'd like to be able to use FIDO U2F because it is the absolute gold standard in 2FA. I understand that FIDO U2F adoption is not yet as widespread as it could be, so TOTP would be a good alternative. I'd rather not have to use the Authy 2FA service directly. It is a pain when all your 2FA passwords are stored elsewhere. Unless the user is careful with the app settings it is also possible for a malicious actor to recover the codes by stealing the associated telephone number. SMS 2FA is deprecated for the same reason. What? Haha. The message was targeted at Chris, who I assume would understand what I was talking about. I was discussing types of two factor authentication (2FA), which is where you have to use a one time password in order to log into accounts. The most common is TOTP, which is a time-based one time password. You basically copy a code into a phone app, which then generates a new password every 30 seconds depending on the time. Even if someone gets all your passwords and knows everything about you, they still can't log in to your accounts without access to those codes generated every 30 seconds. You may have come across SMS 2FA, which is where a website sends you a code by text to let you log in. That isn't recommended as a best practice because phone companies often let hackers take control of your phone number. FIDO U2F is where you have a physical USB device which communicates with the website. It prevents sophisticated phishing attacks against 2FA and is the absolute gold standard in online security. Edit: The security question you're asked when logging in is a type of 2FA, but obviously not a one time password because they are re-used.
|
|
