Hi,

first of all, I am very grateful that bunq seems to take security more seriously after the recent reports published by NOS and others. However, I don't think that the announced new ‘security features‘ will really get to the root cause of the problems regarding phishing. While they are certainly beneficial for making accounts more secure, I think that a implementing real two-factor authentication could enhance security even further.

With ‘real two-factor authentication’, I mostly refer to FIDO2/Webauthn. Webauthn is certainly the most promising standard for authenticating on the web more securely and it has the most potential of gaining widespread adoption with having big backers like Microsoft and Google. It provides a greatly increased security compared to only using passwords, while remaining user-friendly.

I personally do not consider the current authentication using the face scan/video technology very secure. As has been seen in various phishing attempts, this can be easily circumvented by letting the account holder create a video on behalf of the adversary, who can then authenticate with this video to the face recognition service.

Webauthn passkeys/security tokens on the other side do automatically disallow authentication if the domain of the website does not match the original domain which was used to register that token. Thus, phishing attacks become very hard since the user cannot be fooled to enter their credentials on a fake website.

Please do at least consider making authentication using FIDO/Webauthn a possibility for users which desire to increase the level of security on their account. Moreover, reducing other measures like delaying payments could be considered if the user authenticates using FIDO/Webauthn. Optimally, this could be at the user's choice, and disabling increased protection would incur a delay of some time, e.g. a day or maybe even a week. However, said protection should then only be disabled if the user has authenticated themselves using FIDO/Webauthn.

I really hope that bunq continues to take security more seriously, even after the current incidents have fallen out of media coverage again, and implements sensible and serious measures to increase the security of accounts.

Thanks for reading.

Hello,
Currently, I nearly never use the group expenses feature because I still have to sort my money into my subaccounts after I got reimbursed by everyone, i.e. I have to transfer money to the subaccounts which I used to make the payments that I added to the group expense. I would be really nice if this was done automatically, i.e. if I get reimbursed by people, bunq automatically sorts that money into the subaccounts that I used for paying.
Best,
Joshua

Probably you are facing the same issue as discussed in https://together.bunq.com/d/54930-what-is-the-primary-sub-account. Another user has already contacted the support about that, but nothing has changed so far.

Okay, then I'll just hope that there is no internal limit to it. Thank you a lot! :)

I encountered the same problem today and it seems like the account was either selected randomly or based on which is the account for bunq invoices.

Oh, I haven't found that topic. But it describes the same problem as I have, indeed. Thanks!

Hello,
I have activated the new AutoSelect feature for one of my cards, but I have activated EasyBudgeting for two categories. Today, I used one of the cards to make a payment which was not categorised as one of these, hence the money was deducted from a (seemingly) random account. Can I somehow influence which account is used in case there is no account with EasyBudgeting for this category? Can this be done by setting the secondary account for the card? When I made the payment, I didn't have a secondary account set for this card.
Thanks in advance! :)

@thijsoost#260603 Thank you for your quick answer! Currently, I do not need another card, but since I am soon moving to the Netherlands for some time, I might need a Maestro card. I'll send the support a message if I am charged, then. Thanks!

Hello,
when I try to order a new physical card, it says that I will be charged a one-time fee of 9€, so the fee of ordering a new card when you already have three. However, I only have one physical card. I also ordered only one in the past; i accidentally ordered a physical version of a digital card in the past, but I cancelled that order immediately. Since the pricing sheet states that a combination of three cards in included for free in Easy Money, why would I be charged?
Thanks!