Phone Gone and now - Account Gone!

Just Thinking out loud …

I chanced upon this occurrence a few weeks ago. This may be a silly question but I haven’t found any answer to it (or maybe the crowd I mix with find it an impossibility).

Most of us have our mobile apps on the phone. We unlock our phone, we open the app, we type our credentials, we check our balance - we transfer or buy … blah blah blah …

What if our phone is lost, or even stolen in a crowded place where a near by-stander has overlooked to see our zig-zag phone unlock password while we were too busy!!

Now he steals your phone and unlocks it. He opens a banking app, he sees the user-name saved (for frequent use) but the password field is blank !! He immediately clicks on “forgot password” → a temporary password is sent to him immediately on the same phone via sms (with all the caution in the world stating - “please don’t share”).

Now he has a temporary password … he can log in and do whatever he wants - even change the password to one he wants!! In case the owner hasn’t realized that his phone has been stolen yet, lots of things can be done by then.

This is quite a plausible scenario. How does a neo-bank build additional guard-rails for these types of situations?

Regards
Mario

1 Like

Hey Mario, not only neobanks but most banks currently have a robust ‘forgot my pin’ flow. As you’ve described a single forgot my password won’t lead you to getting a password prompt on your phone.

Generally post verifying the phone # and registered device, additional details are asked before a temporary password or setting up a new password is allowed (Eg: Debit Card No. and Pin, Secret Question, etc.)

So I think you should be rest assured it’s rare you will lose your bank details only with a phone lost. Things get a bit complicated if you lose you phone along with a wallet (which may have your cards/ identity cards like aadhaar, PAN)

2 Likes

Hello Sneh,

Thanks. So here is my recommendation - should an individual biometric type of authentication also be used alongside the other methods to authenticate - especially for the loss of a pin?

Either face recognition or voice recognition?

Regards
Mario

1 Like

Sure thing Mario, biometrics could be a possible type of authentication.
As this authentication depends on the type of device and OS you are on it most likely be used as an option with something else?

Think of a forgot pin you as a user want to initiate from your bankwebsite. Biometrics wouldn’t be able to really help in that case.

App only journeys could might as well have biometrics as valid authentication.

Hello Sneh,

You’re right. If you consider multiple digital channels - then maybe face recognition would be a better choice (since the web-cam could be used to authenticate).

However, I guess this is one area that could still have human intervention. In fact in ICICI to authenticate an account, they get on a video call to authenticate you. Getting access back into one’s system would after all the most important critical thing for a customer in case he is locked out, phone lost or stolen.

Regards
Mario

2 Likes

Here human intervention acts as an act that provides solace. Much needed in times of anxiety (Getting locked out of your account in this case). Interesting to see if there are any other examples where customer anxiety is handled in some otherway (Except Video call).

One such case I can think of is a lost card, you call a hot line (with or without an agent) to directly block your card.

jupiter logo

Built with love in India

India's first co-created digital banking experience

Community

What does co-creation mean at Jupiter?

You can post your Finance Blogs here!

Sign-up for Beta!