Cazoo

[Cocijo]

And this is the organisation.

TrueLayer - Europe's leading open banking platform

We power faster and safer online payments with our open banking payments network. Onboard users, accept payments & make payouts in seconds. Learn more today.

truelayer.com

 

[Lovemyev]

Interesting article.

Truelayer and Cazoo partner for instant payments

TrueLayer, Europe's leading open banking platform, today announced its industry-first collaboration with Cazoo (NYSE:CZOO), the UK’s leading online car retailer, which makes buying or selling a car as seamless as ordering any other product online, to offer instant payments and refunds for its...

www.finextra.com

Just had a very quick read through the great article that you posted ?.
Here is a quote taken from it :-
“TrueLayer’s open banking platform. This authenticates a seller by comparing the account holder name to their bank details in just three clicks”.
At that level, that’s just fine.
Standard requirements , no issues.
Why they would want anything more make me suspicious ?.

 

[prmedloc]

Interesting, i'd seem the "add other bank options" in my banking app but had igored it. It doesn't look like you would need passwords etc.

I've just looked on my Natwest online banking app and you can add accounts from other banks (which is using the same technology). You choose the bank you want to add in the banking app on your phone (Natwest app, and adding HSBC in my case). Then it brings up your HSBC banking app automatically which asks you to confirm you want to give Natwest permissions to read the details.

Seems very sensibly designed tbh.

 

[Cocijo]

The issue for most is that we are quite rightly very sensitive about anything different in this area. My concern is that it is only a matter of time before scammers try to use this as a fraudulent approach. It also needs more reassurances and explanation for the consumer.

 

[Gomev]

Looks like this is just 'open banking' widely used by many and available in all banking apps.

 

[Deleted member 2439]

Hi,

I have indeed done this, today, with Cazoo & was also very nervous about it. So, I called my bank, First Direct, who assured me that it was totally legit and safe. The money arrived in seconds after the Cazoo man pressed the button on his tablet. So, there you go, I’m the forum guinea pig worked for me.

Cheers

 

[JodyS21]

Hi,

I have indeed done this, today, with Cazoo & was also very nervous about it. So, I called my bank, First Direct, who assured me that it was totally legit and safe. The money arrived in seconds after the Cazoo man pressed the button on his tablet. So, there you go, I’m the forum guinea pig worked for me.

Cheers

Did you revoke access straight afterwards?

I don't like the text they state "Your account(s) will be accessed on a recurring basis".

 

[Lovemyev]

Did you revoke access straight afterwards?

I don't like the text they state "Your account(s) will be accessed on a recurring basis".

NO NO NO !.

 

[Deleted member 2439]

Did you revoke access straight afterwards?

I don't like the text they state "Your account(s) will be accessed on a recurring basis".

Er, no, but I will do. Thanks ?

 

[Deleted member 2439]

I’ve spoken to First Direct again & they assured me that the transaction was one off and that would not be able to be used again unless I authorised it again.

 

[Deleted member 2439]

Bank account number and sort code and it stops at that in my book !.
Well dodgy !.
My wife ( now retired ) worked in the fraud department for a large bank.
You should never offer up your banking details that go beyond the account number and sort code.
If that is not enough, then walk.
Use somebody else, please !

Er, I didn’t even do that…….

 

[JodyS21]

I’ve spoken to First Direct again & they assured me that the transaction was one off and that would not be able to be used again unless I authorised it again.

That doesn’t make too much sense what first direct told you.

Anyone can do a transaction to credit an account once they have the sort code/number & name, no one can stop that from happening.

Unless what they’re trying to say is that, they cannot access all your accounts again and that they were only granted access for that one session.
I don’t know the full details of how open banking is implemented, but I thought the idea was that access was granted on an ongoing basis. Potentially there could be an option to only allow access for the current session, but you’d think it would make that clear to the user, whereas in this case they specifically say by doing this you’re allowing access on a reoccurring basis.

For your own security, I’d look on your internet banking for where open banking is setup and check yourself that they’re not still granted access. I presume this must be available to configure on all banks internet banking, I’ve not used it myself.

 

[Deleted member 2439]

I’ve just looked and there are no SO or DDs there that I don’t recognise on any of my accounts.

So, from what you all seem to be saying is that anyone who has your account details can raid your account. Therefore, whenever a cheque is written you provide those quite happily to the beneficiary as they are printed on the cheque! Ergo, cheques aren’t safe - let’s all use cash for everything! DoH ……

I‘m sorry, but there’s a bit too much “pub/forum expertise” going on here for my liking - as with the brake failure post as well. Have I taken sensible precautions and checked with my bank? Yes, I have.

? ?

 

[JodyS21]

I’ve just looked and there are no SO or DDs there that I don’t recognise on any of my accounts.

So, from what you all seem to be saying is that anyone who has your account details can raid your account. Therefore, whenever a cheque is written you provide those quite happily to the beneficiary as they are printed on the cheque! Ergo, cheques aren’t safe - let’s all use cash for everything! DoH ……

I‘m sorry, but there’s a bit too much “pub/forum expertise” going on here for my liking - as with the brake failure post as well. Have I taken sensible precautions and checked with my bank? Yes, I have.

? ?

Sorry if you're taking this the wrong way, I was just suggesting checking to be extra safe - the wording from First Direct "transaction" just doesn't sound like they're talking about their access.

There won't be any SO or DD etc (well unless they have done something very dodgy which you wouldn't expect from an FSA registered company). I don't know where but I presume on every banks internet banking system there will be a section where you can switch off each setup open banking access, that is what I was suggesting checking to make sure they no longer have access.

As you say anyone having your bank sortcode/numer/name can't raid your account, if anyone has suggested this then it is indeed very misleading.

In my previous life over 10 years ago I worked on the design for the security for a certain banks internet banking, but I don't know many details about this recent open banking API that they've all had to provide access for - if access can be for just a session or if re-authentication is always possible (the very wording they use suggests they have reoccurring access).

 

[Deleted member 2439]

That doesn’t make too much sense what first direct told you.

Anyone can do a transaction to credit an account once they have the sort code/number & name, no one can stop that from happening.

Unless what they’re trying to say is that, they cannot access all your accounts again and that they were only granted access for that one session.
I don’t know the full details of how open banking is implemented, but I thought the idea was that access was granted on an ongoing basis. Potentially there could be an option to only allow access for the current session, but you’d think it would make that clear to the user, whereas in this case they specifically say by doing this you’re allowing access on a reoccurring basis.

For your own security, I’d look on your internet banking for where open banking is setup and check yourself that they’re not still granted access. I presume this must be available to configure on all banks internet banking, I’ve not used it myself.

Ok, to be completely clear - First Direct stated that access was granted for one transaction only. I asked them that specific question when they explained how it worked after I expressed concern.

I asked a follow up question about the possibility of the account being accessed again & they said that I would need to go through the approval process again.

 

[JodyS21]

Ok, to be completely clear - First Direct stated that access was granted for one transaction only. I asked them that specific question when they explained how it worked after I expressed concern.

I asked a follow up question about the possibility of the account being accessed again & they said that I would need to go through the approval process again.

That sounds good then

I just looked on my Nationwide internet banking app and there’s a bit you can click on to show any Open Banking Data that is shared, mines empty as I expected.