Haha I just wondered with your username 
Itâs not an awful piece but really offers no solutions as basically everything he said has issues. Maybe prompt for pin on first login as well?
1 Like
Prompting for a PIN at first login would be a useful second factor and make the process more secure.
Personally, given the insecurity of email both in transit and at rest, I wouldnât consider magic links to be appropriate at all. Perhaps it could be a choice to enable or disable, as those with password managers already have a system in place to store a vastly more secure password.
I was about to ask how your train set was coming on, having assumed the same 
1 Like
I have a UK passport and also had the video appointment with the whole âRotate it, open it, hold itâ process - most irritating.
Perhaps they got rid of it later. It certainly wasnât a good first impression.
Getting an LPA was the best thing my parents did with my sister. Just being able to handle banks, bills, doctorâs appointments and pharmacies has made it so much easier.
2 Likes
As to The video - I wonder if something should be raised around the Equalities Act for this (another autistic here, and had to reinstall recently -ugh), itâs potentially denying access due to disability?
Out of interest, what would a âreasonable adjustmentâ be, in your view (as youâll know, this is what banks are required to make for customers with differing needs)?
In the case of FD (as @eden raised), as they are part of the HSBC banking group, I suspect they feel they can say âgo to a HSBC branchâ if you are unable to use phone / Internet banking and that may constitute a reasonable adjustment in some cases.
2 Likes
Definitely not an improvement for autistics!
A reasonable adjustment would probably be for someone else to take a photo of the applicant and certify the likeness, maybe doing a selfie themselves
3 Likes
Are you involved in modern-day slavery? Sounds perfect for that industry to take a picture and self-certify their likeness and intentions on their behalf.
Sounds reasonable as a suggestion but itâd leave many open to abuse because of it.
I was thinking more in the context of a lasting power of attorney, not just anyone off the street!!
Maybe also a registered professional, like a GP, who knows the individual?
2 Likes
I was flat refused when I offered to pop in to show my ID instead of having to post the original documents for opening a FD account a year ago.
Since this is good enough for getting a passport, it sounds good to me.
By using say a GP you should be able to confirm a diagnosis of ASD (or other reason to need to use alternative identification procedures), thus preventing fraudsters trying to self-declare ASD to try and obtain accounts by deception.
Did you declare a disability as the reason for wanting to do this, or was it just because you didnât want RM to misplace your passport?
2 Likes
The whole verification thing is not ideal from a user experience standpoint but given that we donât have alternatives (our government is stuck in the dark ages and canât issue an ID smartcard capable of doing cryptographic signatures), a selfie/video seems like the best alternative.
Iâm surprised people make such a big issue out of it. I understand not liking your appearance and not taking selfies for the typical purposes of a selfie, but this is for ID verification and nothing else - nobody cares about how you look as long as it roughly matches whatâs on your ID and wonât be exposed anywhere (and if the bank gets hacked Iâd be more worried about all the other PII in there instead of a picture). Whatâs the big deal, and in this case would you also refuse to take a photo for your passport/ID to begin with?
Regarding GP-provided ASD diagnoses, how do you authenticate that? Given that weâre discussing a method of verification to protect against fraud, we also need to make sure the method that would opt you out of that verification is itself secure.
4 Likes
The anxiety can be off the scale to the point where someone with ASD may prefer to stay in a room, starving and in squalid conditions rather than pop down to the corner shop.
This is likely to stop even those with a less severe condition opening an account.
GPs donât diagnose ASD, thank god. They may refer for diagnosis, but you would have to provide your diagnosis to the GP for them even to know about it. Normally, theyâll know because they need to help manage comorbidities, but not everyone tells their GP.
Solid indirect evidence for adults is usually in the form of some form of benefits certificate, not the diagnosis itself.
5 Likes
My point is that how does the bank verify that 1) whoever wrote that document you provided as âproofâ is indeed a GP, 2) how do they find out the GPâs real contact details (they shouldnât be trusting the details printed on the document itself).
If a bank were to implement this, their KYC process now only becomes as secure as their process for authenticating the exemption letters and the process for writing the exemption letters in the first place (what if the GP is crooked and issues them fraudulently, are there any checks in place for that even?).
I disagree on this. A video selfie is actually a pretty neat âdigital signatureâ that a bank can ask for at a future point (e.g. when you want to raise your limits, take out a loan, etc). I would think that theyâre pretty difficult to fake (and, if you did fake a video, the bank would have perfect video footage of the criminal).
3 Likes
Given the rise of deepfakes, it isnât beyond the realm of possibility of someone making a video of âyouâ for verification. Youâd have no recourse as âyouâ are the one in the video, right? 
1 Like
Running the app in an emulator with an emulated video input isnât beyond the realm of possibility if weâre talking bank account takeover using deepfakes. Granted, unlikely, but not impossible.
1 Like
I did yes, I donât see why I couldnât have spoken to someone in a HSBC branch.
All this has gone waaay off topic 
4 Likes