Hi Mandy As a software engineer, I disagree with you completely. Its just a software problem and a feature that needs to be developed and developed properly to avoid security issues. This is one of the many challenges of any decent software team: develop new innovative features while keeping the system secure. The 2nd readonly login profile is not a new problem and it has been well solved by other companies already. BTW: What is a real security concern for me is that I had to use my precious internet banking login details just to add this comment on this (community) website. Suggestions for this feature: Make this feature optional and it must be explicitly enabled via then banking app. It cannot be the same password as your "full access" account. There can only be 1 of these extra readonly profiles If someone logs into the banking app/site with this readonly profile, he/she cannot: create beneficaries, transfer money, make payments, cancel accounts, open accounts etc. ALL that should be possible is to view the current balances of your accounts and their entire transaction history. This means if there was a security breach an someone gained access to my readonly profile password all the hacker could do is view my account balances and transaction history Extra security measures: Don't allow concurrent login session with this readonly profile. Provide sms nofitications to the account holder when logins with this readonly profile takes place. Automatically expire this profile every 6 months. Send a warning email out before this happens. Best Regards Craig Hewetson
... View more