CBA (now NCBA) launched LOOP 3 years ago as a banking service targeting millennials. It was all app based and it felt like banking in this smartphone focused world.
Loop, like all banking apps, take security very seriously and they have measures in place to prevent fraud. One way they do this is by authenticating transactions using one time passwords (OTPs) that are sent via text.
Although OTPs are important for securing your transaction, they can get annoying and Loop has decided to change how they conduct sending OTPs with a new update.
Over the weekend, NCBA pushed an update on Loop where they have changed how they will deliver OTPs
“This new version will need you to confirm this device as the one you will use to access your Loop Account. We will thereafter securely deliver OTPs for you to transact easier and faster on Loop,” they said it on the app.
In this new system, all of your transactional OTP messages will be sent instantly to the registered device through a secure and encrypted delivery channel. As you transact, the OTPs will automatically be read and fulfilled. The OTP notifications that you will receive will appear on the notification bar of the authorized device.
This is a much better implementation than the previous one where you had to wait for an OTP text that you manually added to validate a transaction. In this new format, you will get this automatically which is a great move in my opinion.
Interesting enough, the option to disable receiving OTPs is still available on the app, for the daredevils among us If you’re not aware of this feature, it is hidden deep within settings.
This update comes after they made several updates on the Loop platform since May that caused a number of interruptions..
The new update has been effected on version 2.1.59 on the Android app and version 3.1.19 on the iOS app.
In-app OTP is just more convenient and not safer. It actually poses a security risk.
Which security risk if you dont mind expounding further?I really love the new way where we dont have to wait for SMS from Safaricom and the likes.Plus this leaves no trail of messages on my phone on my OTPs to transact
If someone gets their hand on that phone, they no longer need your SIM card to transact as you. Man-in-the-middle attacks will be so much easier now because the attacker has access to the OTP, this is why OTPs are delivered by SMS. The attacker can attack the app, but it is much harder to intercept the SMS at the same time if the SIM card is elsewhere, but now the OTP is on the app which makes it all-under-one-roof shopping for the attacker.
Comments are closed.