Users complain over UK state-owned bank's services as Atos eyes the exit The UK National Savings and Investment bank is being bombarded with complaints over failing online security and authentication features which customers say have locked them out of their accounts. Consumer reviews websites have seen hundreds of one-star assessments awarded to the state-owned bank, many due to failure in its …
Tried to access mine yesterday. No 2FA SMS arrived. Navigated their god awful fake-person voice not-recognition IVR phone system, and got to a person after a long wait.
My phone number is wrong. They never asked me to confirm it was right or wrong before enabling 2FA.
Their fix ? Fill in a form on the website and wait for some dead tree to arrive in the post.
I have to use Safari with no blockers to get the NSandI login to work, which isn't a really a surprise, but when I log in and then enter the 2FA code from the phone the login page pops up for a couple of seconds (with all fields blank) before it goes to my account page (without me having to enter any more details). I don't like this - it feels like a token is bobbling about in free space for a short period and could be snaffled by malware if someone knew what they were doing. I've tried telling NSandI about it but they don't seem to want to know.
I had similar. Wrote letters of complaint and their customer service team just haven't got a clue. Even sent to the chief executive saying, "Don't pass this to the customer service team, pass it to the technical department".... and I still got a useless reply from the customer service team. Eventually had to get the Financial Ombudsman involved (don't ask.) and it's currently ongoing. So seeing this headline today is no surprise.
Well done El Reg for this report. I had thought I may have an issue at my end preventing me logging to my account. Now I know it's down to NS&I. That'll be very helpful when I need to harangue them over this.
For years I had all my financial systems contained with a Linux based VM, which ran nothing else. My other accounts still run fine there. NS&I in their utter disdain for security and customer care now decree that I must use an "approved" browser in Windows, and they still can't make it work!
Useless does not begin to describe this shitshow.
It would be helpful if El Reg would stay on top of this.
I only use Linux, tried to login and got the login loop. Something has changed, I never used to have a problem using Firefox on Linux. I receive the code to my mobile but then it just goes back to the login page with no fields filled. I was able to configure a 6 digit passcode as I've not logged in lately but otherwise the login is TITSUP - Total Inability To See Ure PremiumBonds (that's poor :) )
From nsandi website
'Supported browsers
Safari version 11 or later for macOS and iOS
Google Chrome version 60 or later on Windows, Android, macOS and iOS
Microsoft Edge version 79 or later for Windows and macOS
Mozilla Firefox version 56 or later for Windows and macOS (Firefox for Mobile is not supported)
Opera version 60.3 or later for Windows and macOS (Opera Touch is not supported)'
"some issue with the Firefox engine maybe?"
The issue being that they didn't test with it and therefore didn't tweak for it. Why their site is so badly written that it has to be tested and tweaked for each individual platform is a different matter - I think it's because that's been the industry standard way of doing things for about a couple of decades.
I'm on a Mac. It manifests as a "FF problem" for me in that I can't log in with FF even in troubleshoot mode and I have to use Safari, although I get a worrying glitch even with Safari (see earlier post of mine). I agree with others here that this doesn't necessarily make it a FF problem and it implies that the devs haven't tested with a full range of browsers and OS's.
In my experience over the last couple of months NS&I, two other banks, and a few miscellaneous websites have refused to play nicely (or at all) with Firefox on a Linux platform.
I still favour FF for general work, but note that it claims its security level has been increased, leading me to suspect that it is being more picky about trackers or other cookies.
Chromium mostly 'just works' on these sites, but I have read suggestions that it offers poorer browsing security (and leaks more information to Big G) than FF.
I didn't downvote you.
It's the thin edge of the wedge if websites now say you need a Windows or Mac machine and particular browsers. Websites should be OS and browser agnostic - a poor analogy is that you can only use roads and shops if your drive particular brands of car and with only infernal combustion engines. e.g. No Asian manufacturer cars and no EVs, hydrogen or other power sources.
Oh, for the halcyon days of my childhood when things were so much simpler. There was never a problem getting access to my savings*. I could trot down to any Post Office or sub–Post Office with my Post Office Savings** book and deposit or withdraw money and some kindly old*** person would tally it up and update my savings book. Not once was I ever told to bugger off we can’t take or give you your money. Truly halcyon days. ;)
Seriously though there is a lot to be said for being able to walk into a Post Office and access your account. You certainly won’t be locked out of your account for days well no more than 2 days (weekend). Online banking, 24 hours access is wonderful until the system goes tits up then who knows when you will see your money again.
No, we will be fine, the banks know what they are doing closing all their branches. There is no possibility of their system going tits up, they are not NS&I they are professionals.
* Saturdays, Sundays, pre 9AM and post 5PM excluded.
** That dates it, and the deposit books covers were thin card.
*** At 7 years old all adults looked old.
More recently, of course, Horizon would have cocked up the sub-Post Offices balance and sent the kindly old person to jail for fraud.
Of course as soon as they were no longer able to conceal this the convictions were quashed and a crack team got onto the job of ensuring the victims were properly compensated. What's that? They didn't?
I think they outsource many government IT contracts out to high functioning rabbits. Very clever, but beyond the confines of their hutches, they have no idea about the outside world.
Take DWP for example. They will send you a text to your mobile phone to access the account, and later ask you to help make the account more secure by providing your mobile number, but it must not be the number you use to access your account.
DWP have won the Frans Kafka award several years running.
Have they really just said that they try really hard and really care - and are still rubbish?
That’s like the old school report with an ‘A’ for maximum effort and a’5’ for getting everything wrong.
An ‘oh, we hadn’t realised so hadn’t been trying before, but now we know we’ll put somebody competent on it’ might have been more reassuring.
Since they mentioned Nest in the article. Thought I would mention something about their website that bugs me.
They didn't recognise my password, so I went to change it.
However, for some absurd reason they've blocked copy and paste on the password fields. Like many of you, I use a password manager. So forcing you to type in a password can only encourage poor passwords.
In the end I used the Dev tools and set it via JavaScript.
I've had some Premium Bonds since I was two years old.
Several years ago NS&I invited me to give them an email address and said they wanted my bank details so they could pay me electronically instead of by cheque.
Knowing what I do about government IT procurement, I wrote on the form
NEVER
NEVER
NEVER
and sent it back to them. It seems to have kept them off my back.
A couple of years ago I had lots of problems with NS&I but eventually managed to speak to a real person. She was very apologetic, telling me that their computer system was awful and she was really sorry for the problems it was causing. I told her not to worry about me, I only had to deal with it once, she had to work with it every day. That seemed to make her very happy!
Thanks to her my problem was resolved, using bits of paper through the post.
Relative to the initial comment I would add that ATOS really dont give A Toss. Unless one has suffered a financial loss there doesnt appear to
be any way to get a complaint registered regarding the appalling service against NSandI without writing to my MP. Their record of complaints only seems
to relate to Credit cards??
My complaint is regarding the 2FA system which appears to have been rolled out without NS&I telling customers in advance. It is regarding Premium Bonds.
I have a registered account but have not had reason to log in since 2015. Whilst initially I felt may faculties were failing (Password incorrect)
I am now certain my password was correct.
What I should have known is that the make up of the ....password password Password Password123 Password 123@ or as per the current guidance
with the new temp password ( received 11 days later, so outside the over optimistic 5 Working days ) p9A?s>S&~W?0#r@D at least!!!
Trips easily of the tongue eh and be sure not to write it down! .... has been changed on their system so my password from 2015 "password4" whilst
not incorrect was no longer accepted by their system.
So, received the temp password and eager to buy some more bonds before the end of the month proceed to log in order to initially change the password.
Service fail 2
After input it verifies me by asking me to confirm my telephone number. The number appears correct with 2 digits showing as asterisk.
OK I press continue and get a red warning Telephone number must be completed.
Fine I go back ( using their arrow!!) and try and delete the number or amend it to no avail. So I try the other option which is to say the number is incorrect
so I try that thinking I will then just enter the same number again.
That is no use you have to phone and presumably wait ages then go through security so I gave up and just replied to ongoing request to get them to register a service complaint.
Service fail 3
You will need to call us to have the phone number is mandatory issue resolved. Quite simply your phone number will be recorded on our end without the country code, this will
need to be added to fix the issue. Oh silly me had anyone ever mentioned that before?
The rest of the email convinces me I am getting replied from a AI bot
"To look into your complaint, please reply to this email with your full address and telephone number.
Please be aware that we are unable to open attachments and we do not have access to accounts software. This means we are unable to view your account and are therefore unable to retrieve these details using account numbers, NS&I numbers or by any other means.
Failure to provide the requested details to us may cause delays in complaint resolution or in some cases, closure without resolution."
Still not re registered but still got my bonds bought just sending off the money and quoting bond holders number. So didnt need all that hassle.
Hope it gets it sorted before I need to cash any in.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
