adrianc
Member of DD Central
Posts: 9,237
Likes: 4,910
|
Post by adrianc on Mar 11, 2016 18:05:26 GMT
I set up a security question after reading this thread. Today I logged on twice and was not asked it. I think this question is used when you phone RS about a sensitive matter and has nothing to do with logon. Or am I missing something? If you forget your password, the question is asked. If you get the answer right, the one-time password is emailed to you.
|
|
|
Post by westonkevRS on Mar 11, 2016 18:30:35 GMT
Same happened to me. Security on Ratesetter seems incredibly lax considering the large sums some might have in Ratesetter accounts. I posted a thread "How good is Ratesetter account security?" before I read this. It's not even up to the standards of a decently secure bulletin board. A login using an email address that may have been used for every account used, including this board, is bonkers. Security is taken extremely seriously, and any indication otherwise would be wrong and based on ignorance of the processes behind the scenes. As one example, no actual money is held by RateSetter. It's either invested, with Barclays or lent to borrowers. Another point being that the key to everything is the nominated bank account, and we have numerous security checks over the maintenance of latest customer information. Obviously I'm not going to list all the things RateSetter does to protect your cash and customer data. But please never say we treat this lightly when I can 100% assure you we don't. Any customers concerned with the email and password structure can add 2-dimesional checks with a mobile number log-in to supplement the existing security. This isn't mandatory as we don't think it necessary, but lenders can if they want. Kevin.
|
|
oik
Member of DD Central
Posts: 254
Likes: 349
|
Post by oik on Mar 11, 2016 20:22:09 GMT
Security is taken extremely seriously, and any indication otherwise would be wrong and based on ignorance of the processes behind the scenes.... Obviously I'm not going to list all the things RateSetter does to protect your cash and customer data. Clearly we don't know what goes on behind the scenes so can only judge on what we see, rather than what you hint at. And what I can see isn't very impressive. Why use such a mickey mouse login system when a those used by banks and others by default are so much more secure? It's all very well saying what customers could do if they search for it but shouldn't Ratesetter be ensuring that customers fully understand what they should be doing to make their login secure and making that as easy for them as possible. A first step would to get rid of the daffy email login known to all and sundry and having a customer chosen username instead, and ensuring that less net savvy customers use strong passwords - preferably ones that are required to be entered as random characters. In other words, do as banks, stockbrokers and others with longer experience than Ratesetter do.
|
|