Yup. Logging in to NatWest requires that you know your customer number, 3 numbers from a login PIN and 3 letters from a password.
They do use 2-factor authorisation for any new payees, so it's not totally insecure.
On the other hand, their recent 'get cash from the nearest ATM with a code we send to your phone if you've lost your wallet' app was soundly compromised by criminal gangs within days, and the service had to be pulled entirely. They're still advertising it on the homepage, but when you click through it says "We're sorry. Get Cash is not available at the moment. We are currently updating this service to increase the level of security around it."
Reading the blurb for the Get Cash service made a likely compromise route immediately obvious to me: it seems very likely that anyone who's had sight of your debit card could register an arbitrary phone & extract cash from your account, because the only details needed to verify your phone were on the card, or easily guessable (NatWest customer numbers are extremely predictable unfortunately).
If there was anyone obviously better I'd be dumping NatWest, but it's not obvious that any of the other major banks are much of an improvement :(
They do use 2-factor authorisation for any new payees, so it's not totally insecure.
On the other hand, their recent 'get cash from the nearest ATM with a code we send to your phone if you've lost your wallet' app was soundly compromised by criminal gangs within days, and the service had to be pulled entirely. They're still advertising it on the homepage, but when you click through it says "We're sorry. Get Cash is not available at the moment. We are currently updating this service to increase the level of security around it."
Reading the blurb for the Get Cash service made a likely compromise route immediately obvious to me: it seems very likely that anyone who's had sight of your debit card could register an arbitrary phone & extract cash from your account, because the only details needed to verify your phone were on the card, or easily guessable (NatWest customer numbers are extremely predictable unfortunately).
If there was anyone obviously better I'd be dumping NatWest, but it's not obvious that any of the other major banks are much of an improvement :(