Today I come bearing some big news. Something which has been requested by you guys and our product teams have worked very hard on to deliver.
As you know, our members safety is extremely important to us and we try our very best day in day out to ensure our members are safe.
As part of that, we are now launching multi-factor authentication for members requesting a SIM swap or wanting to change the email address linked to their accounts.
This means that when a member wants to do a SIM swap or change their email address, they will receive a text message and an email with a verification code to their mobile number or registered email address. They will then have to pop the code in right before the process is completed.
SIM swap journey:
Changing an email address:
Because this is new to us and we want to make sure it is working as it should, we will be rolling it out gradually over the next few days starting with a small number of members and eventually reaching everyone. We will be closely monitoring its performance and the feedback we get from our members to ensure that everything is working smoothly. This is just the first step in us releasing multi-factor authentication and we plan to expand that to more journeys in the future.
To make sure everyone knows this is happening, we will be reaching out to all of our members via email and let them know. We will also use this opportunity to share more general advice with our members on how to keep their account and personal details secure and point them to this thread if they want to read more.
Hi @endorphin , yes, the system is designed to send an SMS as well as an email for that specific reason. Because this is the first iteration of our implementation of multi-factor authentication, we would very much need your help in keeping an eye on it and making sure it behaves as it should.
If you spot that an email has not been sent, could you please let one of the Educators know? Just please make sure they are checking the email they registered with their account.
In the case of changing an email address, will the verification code be sent to the old address, the new address, or both? I can think of good reasons for each way of doing things.
I'm wondering how this will work in the fairly frequent case that a member needs a sim swap, but uses their phone as their email device and has not set up independent access to another device.
What advice do we give in that case? "You should have thought of that before putting all your eggs in one basket" may be the correct answer, but isn't very helpful when given retrospectively (hence https://community.giffgaff.com/t5/Tips-Guides/Make-sure-you-have-independent-access-to-your-email/m-... but it needs to be done in advance).
Best I can think of is to report the sim as "lost or stolen" and get a special replacement by post, assuming that giffgaff has the correct address on record. But that's 3-5 working days which is rather a long time to be without emails, calls, texts, internet access (other than via wifi) and 2FA for the bank.