• [Security feature needed] Need a limit or whitelist system to withdraw account

We are attracted by Bunq for the high interest, especially the saving interest raise to 2.5% now. I think Bunq wants to attract more savings.

However we found out that you can withdraw all of your savings at once to any account, without 2 factor system like google authentication, without limit and whitelist system. This can be dangerous as if you leak your passwords or are forced to send all the money to another person immediately.

We need at least one of the following features:

  1. A limit system, like other banks, to be able to change the withdraw limit which can only be effective after a few hours time
  2. A linked transaction account (whitelist). You can only withdraw your save to the specified account and not a random one. All the other banks are done in this way as saving account by definition should only withdraw to your own transaction account
  3. an optional 2-factor protection code like google authentication when you need to transfer a big amount of money. The password of the phone doesn't count here.

Without it we don't feel Bunq is taking the security risk of withdraw seriously and we have huge concern to put our saving here. Please seriously consider this and have a discussion with the CEO.

Thanks!

    @Yang-Blue-Leopard#276229 Hi Yang, of course if someone would try to log into your account on another device, they are presented with a 2nd factor: they have to go through identity verification to make sure it's you.

      11 days later

      This really needs to be implemented. It's too easy for criminals to get your money at the moment if they get access to your phone. And this is a savings account, so we are talking about large sums of money

        @New-Silver-Dolphin-2018055059#276636 If you enable security on your phone and enable the bunq security code, you should be fine.

          @New-Silver-Dolphin-2018055059#276636 If you're really worried about this scenario, there are these two settings you can change:

          • In the bunq app, set the Auto Logout time in the settings to 0. Each time the bunq app is opened on your phone, you now have to put in your security code.
          • Make sure your phone OS is up-to-date and set an alphanumerical passcode.

          I would argue that both aren't strictly needed, as the 6-digit passcode of your device is already quite strong and unlikely for anyone to break if they're not state-level attackers. Same for the bunq app: even if the attacker unlocks your phone, then figuring out the security code of the bunq app in the few tries that it allows before it locks you out of your account is mathematically quite impossible.

          So I would say if it makes you sleep better at night, sure go ahead and take these additional security measures, but personally I feel safer at bunq compared to other banks, where it's far easier to crack into accounts through social engineering, SS7 attacks, etc. all which bunq is much better protected from.

            3 months later

            I just see the replies of this thread. I see the point from @thijsoost#276637 @Jakob-Y , but here we are talking about a big chunk of money. This 2 factor is far from enough to handle this risk. Especially you are being threated to open the phone to transfer this money immediately.
            In other banks, it is done via a limit system, and you need at least a few hours time to change your daily limit.
            In exchanges, it is done by adding a whitelisted account, and also takes hours to make the change effective.

            In principle this is a fundamental security feature that users needs before they dare to deposit big amount of saving into a bank.

              Yang changed the title to [Security feature needed] Need a limit or whitelist system to withdraw account.

                Agree. Such an important feature that’s missing. Can’t imagine how I need to change my day limit using other major banks (checking account!) even for a few thousand euros while when we are talking about savings account with 5-6 figures with bunq, the money can be immediately transferred to ANY account that easily.

                is there any major technical hurdle for solving this issue or does bunq simply don’t give a f about security?

                  I don‘t want any artificial hurdles when handling my money because I understand IT security.

                  Please bunq, never implement any more stupid artificial limits.
                  Thank you!

                    a month later

                    @master#279604 you don't understand security if you don't know anything about two factor, especially when you talking about a relatively big amount to protect against.
                    This is not stupid, it is a must have in ANY serious banking app. Without it is really stupid.

                      10 days later

                      As @Yang-Blue-Leopard#281511 Yang mentioned, Bunq is currently an attractive platform for savings due to the relatively high interest compared to other banks.

                      The idea of having my savings being protected by nothing more than a 6 digit code on my phone is definitely keeping me from depositing large sums.

                      An opt in white-list which would allow me to limit transactions from my Bunq savings account to another account of mine would be ideal. Applying changes to this white-list could simply require the same authentication as a new device would.

                        4 months later

                        Get's even worse. Now they added a credit card to the savings account.
                        This company really is clueless

                          3 months later

                          Make any of these features opt in, but please do offer them. I was very confused when I could change my transfer limit "on the fly". What's the point of having it then?

                          Allow me to opt in on a 6-8(?) hour delay when changing my withdrawal limit. Notify me by every means possible when I do. And allow me to easily cancel the change, in case I didn't authorize it.

                            Write a Reply...