Wondering about Starling security? Here’s a rundown

16th May 2017
by:

Chances are if you’re downloading a banking app, you’re well aware of the advantages: convenience, security and control at your fingertips.

But not all accounts are made equal; at Starling, our customer’s security is at the top of our list — an ever-evolving process that gets more sophisticated with many layers of security working together. So, without giving it all away (for obvious reasons), here are some of the things we’re doing to keep you and your money safe.

Setting things up

When you sign up, one of the first things we’ll ask you is to set up a password made up of six or more alphanumeric characters — take mental note because this is always needed when you want to make payments, add payees, change details on your account or if you need to recover your account if you lose your phone.

Legally, we’re obliged to make sure that we check you are who you say you are. That’s why when you setup your account we’ll ask you to record and submit a short live video of yourself  — we’ll let you know what to say, (nothing too embarrassing) — this is for security purposes only and we’ll never use it for marketing. We’ll also need to verify the information on your account by getting you to send us a photo of your UK driving licence or passport. This is manually checked against your account by one of our customer support team members and if it’s all good, it’ll only take a short time to get approved. Later down the track, if we ever need to verify you again — say you’ve forgotten your password — we can get you to re-record a message and compare it to your original video. Simple, but effective.

Once you’re all set up, if you’ve enabled Touch ID or Fingerprint scan to access your phone, your phone’s operating system will have already securely verified you against the data stored on your device. This means we don’t need to ask you for a passcode every time you want to check your balance. But if you want an extra level of privacy, you can enable these features every time you launch the app.

Smarter spending

Ever had a charge on your card in Krakow when you’re at home in Kent? Here’s a hot tip: real-time notifications are not only handy to see exactly how much money you’ve got in your account, but can actually be useful to detect if someone’s trying to access your account fraudulently. This, along with our own tech that monitors card transaction activity, significantly reduces the risk of fraud.

Real time notifications

Giving you the controls to be safer

We recognise that while many people will be happy with the level of security Starling offers by default, feeling secure runs deeper than cyber security — privacy and control are paramount. That’s why we give you the option to add extra layers of security if you want to, such as Touch ID/Fingerprint scan and an app passcode every time you launch the app, for those who weigh privacy above convenience.

Then there’s the handy lock/unlock card toggle, for those times when you kind of think you’ve lost your card, but you’re not quite sure (maybe it’s down the back of your friend’s sofa?). Turning on the lock won’t cancel your card, but it means it can’t be used until it’s unlocked again by you.

Just to note: if you’re an Android user, you might be aware of the concept of rooting your phone — that is, giving your phone privileges by modifying the software code on your device or installing software that your phone manufacturer wouldn’t usually allow you to do. For most people who choose to do this, it’s about customisation and having the flexibility to have total access to the operating system. For users of older phones, it’s useful for keeping up to date with the latest Android version and security patches.

While customisation is appealing, it does come with a few downsides: one of the major ones being the reduction of security. When you root your phone, there’s always the risk that you may have downloaded a compromised app that later accesses your valuable data, or will give your phone a virus. It’s important to us to be able to determine the integrity of your smartphone. When our app is installed it performs a set of checks to determine if the phone is safe for running our mobile app — if it’s been tampered with or modified, our app simply won’t run, protecting our customer accounts from attacks from the insertion of malicious code.

Card Control

Phone gone AWOL?

It’s happened to the best of us: you lose or have your phone stolen. Not to worry; your account is still protected by your device passcode or fingerprint ID, plus your application password, if you have one set. If this happens, just let us know (call or use our website’s live chat) and we’ll sort it for you by invalidating the phone’s ability to access your account.

Conversely, once you’ve registered your phone with your Starling account, only that device can be used to access your account, so not just anyone can add your details without going through the verification process again. If we do happen to get a request that isn’t from your registered device, it’ll be rejected.

One more thing...

Having layers of security helps, but at the end of the day, common sense prevails.  We’ve got to say it: make sure no one can see your login credentials when you log on your app; don’t leave your password written down (especially not on a Post-it Note stuck to the back of your phone) and of course, don’t let anyone else know your details.

Next

An update on our API

We’re available to download in the app stores

We’ve built this bank for you and we’d love your help to make it the best it can be. Download the app now to get started!