Cazoo

Cocijo said:
Interesting article.
www.finextra.com

Truelayer and Cazoo partner for instant payments

TrueLayer, Europe's leading open banking platform, today announced its industry-first collaboration with Cazoo (NYSE:CZOO), the UK’s leading online car retailer, which makes buying or selling a car as seamless as ordering any other product online, to offer instant payments and refunds for its...
www.finextra.com www.finextra.com
Click to expand...
Just had a very quick read through the great article that you posted 👍.
Here is a quote taken from it :-
“TrueLayer’s open banking platform. This authenticates a seller by comparing the account holder name to their bank details in just three clicks”.
At that level, that’s just fine.
Standard requirements , no issues.
Why they would want anything more make me suspicious 😒.
 
Interesting, i'd seem the "add other bank options" in my banking app but had igored it. It doesn't look like you would need passwords etc.

I've just looked on my Natwest online banking app and you can add accounts from other banks (which is using the same technology). You choose the bank you want to add in the banking app on your phone (Natwest app, and adding HSBC in my case). Then it brings up your HSBC banking app automatically which asks you to confirm you want to give Natwest permissions to read the details.

Seems very sensibly designed tbh.
 
The issue for most is that we are quite rightly very sensitive about anything different in this area. My concern is that it is only a matter of time before scammers try to use this as a fraudulent approach. It also needs more reassurances and explanation for the consumer.
 
Looks like this is just 'open banking' widely used by many and available in all banking apps.
 
Hi,

I have indeed done this, today, with Cazoo & was also very nervous about it. So, I called my bank, First Direct, who assured me that it was totally legit and safe. The money arrived in seconds after the Cazoo man pressed the button on his tablet. So, there you go, I’m the forum guinea pig worked for me.

Cheers
 
Lincs Robert said:
Hi,

I have indeed done this, today, with Cazoo & was also very nervous about it. So, I called my bank, First Direct, who assured me that it was totally legit and safe. The money arrived in seconds after the Cazoo man pressed the button on his tablet. So, there you go, I’m the forum guinea pig worked for me.

Cheers
Click to expand...
Did you revoke access straight afterwards?

I don't like the text they state "Your account(s) will be accessed on a recurring basis".
 

Attachments

  • Screen Shot 2021-09-24 at 19.05.04.png
    Screen Shot 2021-09-24 at 19.05.04.png
    63.7 KB · Views: 158
I’ve spoken to First Direct again & they assured me that the transaction was one off and that would not be able to be used again unless I authorised it again.
 
Lovemyev said:
Bank account number and sort code and it stops at that in my book !.
Well dodgy !.
My wife ( now retired ) worked in the fraud department for a large bank.
You should never offer up your banking details that go beyond the account number and sort code.
If that is not enough, then walk.
Use somebody else, please !
Click to expand...
Er, I didn’t even do that…….
 
Lincs Robert said:
I’ve spoken to First Direct again & they assured me that the transaction was one off and that would not be able to be used again unless I authorised it again.
Click to expand...
That doesn’t make too much sense what first direct told you.

Anyone can do a transaction to credit an account once they have the sort code/number & name, no one can stop that from happening.

Unless what they’re trying to say is that, they cannot access all your accounts again and that they were only granted access for that one session.
I don’t know the full details of how open banking is implemented, but I thought the idea was that access was granted on an ongoing basis. Potentially there could be an option to only allow access for the current session, but you’d think it would make that clear to the user, whereas in this case they specifically say by doing this you’re allowing access on a reoccurring basis.

For your own security, I’d look on your internet banking for where open banking is setup and check yourself that they’re not still granted access. I presume this must be available to configure on all banks internet banking, I’ve not used it myself.
 
I’ve just looked and there are no SO or DDs there that I don’t recognise on any of my accounts.

So, from what you all seem to be saying is that anyone who has your account details can raid your account. Therefore, whenever a cheque is written you provide those quite happily to the beneficiary as they are printed on the cheque! Ergo, cheques aren’t safe - let’s all use cash for everything! DoH ……

I‘m sorry, but there’s a bit too much “pub/forum expertise” going on here for my liking - as with the brake failure post as well. Have I taken sensible precautions and checked with my bank? Yes, I have.

🤐 👋
 
Lincs Robert said:
I’ve just looked and there are no SO or DDs there that I don’t recognise on any of my accounts.

So, from what you all seem to be saying is that anyone who has your account details can raid your account. Therefore, whenever a cheque is written you provide those quite happily to the beneficiary as they are printed on the cheque! Ergo, cheques aren’t safe - let’s all use cash for everything! DoH ……

I‘m sorry, but there’s a bit too much “pub/forum expertise” going on here for my liking - as with the brake failure post as well. Have I taken sensible precautions and checked with my bank? Yes, I have.

🤐 👋
Click to expand...

Sorry if you're taking this the wrong way, I was just suggesting checking to be extra safe - the wording from First Direct "transaction" just doesn't sound like they're talking about their access.

There won't be any SO or DD etc (well unless they have done something very dodgy which you wouldn't expect from an FSA registered company). I don't know where but I presume on every banks internet banking system there will be a section where you can switch off each setup open banking access, that is what I was suggesting checking to make sure they no longer have access.

As you say anyone having your bank sortcode/numer/name can't raid your account, if anyone has suggested this then it is indeed very misleading.

In my previous life over 10 years ago I worked on the design for the security for a certain banks internet banking, but I don't know many details about this recent open banking API that they've all had to provide access for - if access can be for just a session or if re-authentication is always possible (the very wording they use suggests they have reoccurring access).
 
JodyS21 said:
That doesn’t make too much sense what first direct told you.

Anyone can do a transaction to credit an account once they have the sort code/number & name, no one can stop that from happening.

Unless what they’re trying to say is that, they cannot access all your accounts again and that they were only granted access for that one session.
I don’t know the full details of how open banking is implemented, but I thought the idea was that access was granted on an ongoing basis. Potentially there could be an option to only allow access for the current session, but you’d think it would make that clear to the user, whereas in this case they specifically say by doing this you’re allowing access on a reoccurring basis.

For your own security, I’d look on your internet banking for where open banking is setup and check yourself that they’re not still granted access. I presume this must be available to configure on all banks internet banking, I’ve not used it myself.
Click to expand...
Ok, to be completely clear - First Direct stated that access was granted for one transaction only. I asked them that specific question when they explained how it worked after I expressed concern.

I asked a follow up question about the possibility of the account being accessed again & they said that I would need to go through the approval process again.
 
Lincs Robert said:
6D6A3FBA-0C7F-4886-A82B-696BC9C45D9E.png
Ok, to be completely clear - First Direct stated that access was granted for one transaction only. I asked them that specific question when they explained how it worked after I expressed concern.

I asked a follow up question about the possibility of the account being accessed again & they said that I would need to go through the approval process again.
Click to expand...
That sounds good then :)

I just looked on my Nationwide internet banking app and there’s a bit you can click on to show any Open Banking Data that is shared, mines empty as I expected.
 
Support us by becoming a Premium Member

Latest MG EVs video

MG3 Hybrid+ & Cyberster Configurator News + hot topics from the MG EVs forums
Published
Subscribe to our YouTube channel
Back
Top Bottom