DOZENS OF AIB customers recently complained of being locked out of online and mobile banking, with little explanation offered by the bank.
Hundreds of customers across the country took to Twitter, Reddit and Medium to complain about problems they were experiencing with mobile banking last week.
Many complained that their AIB phone app was telling them that their device was “rooted” – this is where people change the fundamental settings on their phone software, allowing them to override limitations to their phones operating system to add apps and extras that the system would otherwise not authorise.
This meant that the bank could not authenticate their identity – locking them out of their account on their phone.
Customers then found it difficult to get back in, with some complaining that when trying to access their account on a desktop computer, they were told they had to authenticate their identity using the app.
To some, this was the first time they’d heard that their device could be “rooted”. Others said they were confident that their phone had never been changed.
So what happened and why were people locked out of their accounts? The answer lies in new EU regulations, which Irish banks have been rushing to implement alongside banks across Europe.
AIB didn’t mention these EU rules when customers when many took to Twitter to complain about being locked out.
“When the app is installed it performs a series of security checks to determine if the device is safe for running the AIB Mobile app — if the security checks have not been successful, for example a jailbroken or rooted device is identified; our app will not run,” AIB told various customers.
“This security feature is for the protection of our customers and their accounts,” the bank’s Twitter account said.
But major changes to mobile apps have happened, which many customers may not have realised.
One major plank of the regulations, called European Payment Services Directive, is the idea of “Strong Customer Authentication” – this forces banks to ask customers to give two pieces of information to verify their identity when using financial technology like a banking app.
This could be a code, a mobile number or even voice recognition in the future.
The deadline for this was 14 September and there had been warnings that customers could be locked out of their accounts if they didn’t follow the correct instructions from their bank.
Darragh Cassidy from consumer site Bonkers.ie said that the aim of the legislation is to make online banking safer.
“As well as having your code and password, you need a second piece of identification,” he said.
“The vast majority of fraud is done online,” Cassidy said. ”Customer protection and reducing online fraud is at the heart of this.”
There had been some concerns that Irish banks wouldn’t be able to meet the 14 September deadline for making their systems complaint with the EU rules. The Central Bank had committed to developing a “migration plan” to steer Irish banks towards implementing the new rules without causing disruption for customers.
Whether the fault lies with the bank or with customers, that hasn’t seemed to succeed for AIB users.
When contacted by TheJournal.ie, a spokesperson for AIB said that “banks cannot operate on devices that are, or appear to be, rooted or jailbroken”.
“In a small number of cases customers may have installed potentially harmful apps that are not compatible with the security standards required under the new legislation,” the spokesperson said.
“When the AIB mobile app is installed it performs a series of checks to determine if the device is safe for running the app – if the security checks have not been successful our mobile app will not run,” they added.
There have been suggestions that anyone who has been affected may have downloaded apps that don’t pass security checks by the AIB app.
But it remains unclear if this was a fault with AIB’s app – or whether people didn’t realise they had apps that were triggering security concerns.
“The PR response from AIB is that if you have tampered with a phone, that’s not going to work,” Cassidy said.
“It could potentially be AIB’s fault. There could be a bug,” he said. People might also simply have phones they don’t know are jailbroken, he added.
“Anytime something this big is going to be rolled out, there is always the possibility of teething problems,” Cassidy said.
Put simply, there are two clear reasons why people have been locked out of their mobile banking apps.
They may have unwittingly bought a jailbroken phone or, more likely, downloaded a not-entirely-legitimate app that is causing their device to fail security checks.
Or it could be the app’s fault – a bug that AIB should soon correct. In many cases, it could be a combination of both.
But the ultimate takeaway from the incident is that the security of finance technology is becoming increasingly important to lawmakers – so expect plenty more regulations and rules on this well into the future.
With additional reporting by Órla Ryan
To embed this post, copy the code below on your site
have your say