N26 Discussion & Feedback


(Andre Borie) #1361

Speaking of N26, I’ve just reinstalled the app and tried to make a transfer. It’s asking me to confirm it (why? I made it on the same device to begin with, and it did ask for a confirmation PIN when making the transfer) and errors out with a “device not paired” and asks me to pair it… why is “pairing” even separate from login to begin with?

The pairing process first involves unpairing any old device, which sends a link via email to the web app which asks for the confirmation PIN (or was it just the card PIN? I don’t know but my card PIN worked), the card token (which is used as a reference on the UPS envelopes, so not really secret), and an OTP by text.

After that, pairing a new device only involves logging in and receiving an OTP by text; not even the card PIN.

This is convoluted and completely backwards. Seems like all the security is in unpairing an old device and not pairing a new one (which only requires account login & text OTP). You’re screwed if your device is compromised and you need to revoke its access quickly.

It should be the opposite, revoking trust should be easy, gaining trust should be hard (although even in this case this amount of “security” is overkill and looks more like security theatre than real security, since all the items they ask for are relatively low-security, especially the card token - not the card number which is commonly understood that it needs to be kept secret, but an opaque number on the card’s corner that also happens to be used as the shipping reference).

Seems like someone in the dev team was just like “we need more security”, but without actually thinking about the threat model and UX.

Also if you make a transfer and don’t specify a reference, they silently set one by default as “Sent from N26”. Meh.


#1362

By then, of course, you’re also signed up for the year.


(Dan) #1363

If you’re up for watching another good talk (about N26’s weird ass security, and how the speaker found serious vulnerabilities), here’s the link: https://www.youtube.com/watch?v=KopWe2ZpVQI


(Andre Borie) #1364

It was me who originally posted it here. :joy:


(Dan) #1365

:joy::joy::joy: so you did! In that case, thank you! Haha :rofl:


#1366

My point is simply that issuing a world elite card when it has literally no world elite benefits is purely to mislead costumers


#1367

I have a relative who got his phone stolen in Asia and didn’t bother keeping his number so he just bought new SIM card. Now without his old number or old phone that was “paired” with N26, there is literally no solution given by N26 to pair his account to the new phone as they would need to send a confirmation code to the old number and they also cannot change the associated number unless it’s through the paired phone


(Andre Borie) #1368

This is absolutely bullshit on N26’s part. They could at the very least send a token by physical mail to the last registered address + token of the card + card PIN and use all of those to reset their access.


#1369

I assume this is because they don’t expect people to ever change phone numbers?

Here in Portugal most people have prepaid SIM cards with no contract associated (prepaid SIMs where invented here after all) so it’s pretty easy to just get a new SIM and throw out the old one whenever you want to change mobile carrier or get mugged or whatever else it may be

For a lot of people it’s not worth the hassle of keeping the number between carriers/SIM cards


#1370

@megamaster How awkward is it to move phone numbers in Portugal? I know in some countries it can be a massive hassle and takes forever.

In Canada most people move their number but it takes about 15 minutes for a number to move over and you don’t even need to contact your old network. Most people are running monthly post-paid plans in Canada but a lot of that has to do with the fact that many plans only include local calling (so you’d need to top up everytime you wanted to call another city somewhere else in Canada) and people frequently roam in the US (and historically prepaid plans didn’t work in the US). Often it’s also cheaper to purchase a phone on a monthly plan through the network than it is buying it direct (You’ll sometimes save 300$ or 400$ when deals are on).


#1371

Actually it’s not much of a hassle to move phone numbers here, tough you don’t do it in 15 minutes. You need to send a form to your destination carrier, which is usually done by email and they’ll need to ask permission to the old carrier, which will then usually call you before accepting to move the number to try to convince you to stay with them. Then if you want to still proceed you’ll receive a message saying tomorrow at that hour your old SIM will ceasse to work and you need to insert the new one at that time. Doing all that takes about 3 business days, so not a huge hassle but it’s easier to just buy a new SIM card for 10 Euros at the supermarket and not worry about keeping the number

As for prepaid plans, first it’s worth mentioning telecoms here are much cheaper as a regular post paid plan costs about 25 Euros a month, fully unlimited. Prepaid plans actually work similarly to post paid in the sense that youre basically just paying in advance. As an example, a popular prepaid plan costs 2.75€ a week, you charge money to the SIM card and they take each week the money for the following week. With that you get a monthly allowance of 5gb in data, 10000 minutes of calls to anywhere in the world and unlimited sms. If in a given week you don’t have the money, the monthly allowance is suspended until you recharge the SIM. It’s not a prepaid that you’re paying by the minute or something like that. It’s like a post paid but you get more for your money because you’re paying in advance and there is no contract, you can just stop recharging your SIM.

And we also have the discounted phones, however they’re decoupled from the call/data plans. Instead, when you buy the phone from a carrier and pay say 30 Euros a month for 24 months, the phone is locked to that carrier, so it will only work with their SIMs. Beyond that, there’s no other restriction and phone plans are negotiated separately and you can use a prepaid plan if you want to


#1372

Almost the same happened to me in Ireland, but I was able to change to my new number using the livechat without them sending anything to my phone. They just asked some extra security questions.


#1373

Really? Both new phone and new number and they did it? Just last month they wouldn’t do it. I’ll have to ask my relative if he got the issue sorted out


(Punit Mannari) #1374

How do I use my metal card to gain access to airport lounge and how do I know which lounges are permitted?


#1375

You just hand over your metal card at the lounge and they’ll swipe it and charge you. You should get some login details from n26 for the lounge key site I would have thought.


#1376

If it’s anything like my Canadian World Elite MasterCards, you register at https://airport.mastercard.com The app is generally much more reliable than the card from experience (a lot of lounges don’t have a clue what to do otherwise, especially outside of the UK and North America).


(Punit Mannari) #1377

Has anyone inserted the metal card into atm to activate the card? I am worried it will get stuck…it’s thicker and it’s a lot heavy than a normal card


#1378

If it’s anything like my Revolut Metal (and the cards look like they may be from the same manufacturer), I was concerned myself but used mine a number of times in ATM’s without issue


#1379

ATMs shouldn’t be an issue. Some magstripe readers that suck the card all the way in and out (Like a lot of parking machines in the US and Canada) can be a problem though.


#1380

Yeah, was about 6 months ago. If I remember correctly they asked for my passport number that I’d used as proof of ID