Manually switching back and forth between browser/app & Starling app … with Starling auth each time… is a bit painful.
+1 for this.
And sort/account number too please…
You can copy account details by going to Cog - Account Management - Account Details.
At least on iOS… I’m not sure about Android.
Yes you can. Just press and hold to copy to clipboard
Yep, it’s a bit odd you can copy account and sort numbers, but not the longer card number.
There’s a bit more security around card PANs than account number and sort code. If it’s being held in memory on the clipboard then any application can get to it. Plenty of ways to mitigate that, but it might be why copying card number wasn’t included up front with the others.
I too feel very uneasy with the possibility of accidentally leaving my card details available in the clipboard.
I would find the ability to copy the card number very useful.
However I also understand the security concerns. It’s something that has cropped up with password management apps - I use 1Password and they have functionality to clear the clipboard after 45 seconds. It seems to rely on a script running, so doesn’t work if you hard close the app before that point.
Might still be worth exploring.
Or for safety have it so you can copy 4 digits at a time, which may also be good for websites where you can not enter a long string of numbers but need to enter each 4 in a different box.
New user here, just having started using Starling. I too would find a solution around this useful but also echo the security concerns.
Perhaps as another idea, whilst on the card details screen, implement a delay to requiring the passcode/PIN when switching between apps.
So, keep the app unlocked for, say, twenty seconds when it’s not in focus - but only on the card details screen (everywhere else, the behaviour is as now). When the focus returns to Starling, the timer is reset allowing the user to switch multiple times between the Starling app and whatever is being used with the card number.
I am not a developer, but I have been giving this some idle thought.
‘Easy’ solution ideas:
I wouldn’t mind if it copied the first 12 digits to the clipboard, and expects me to enter the last 4 manually, though I pity the user experience team trying to make that one idiot-proof for newbies .
Wiping the clipboard after 60 seconds was my first thought, but as mentioned it will fail if the app is hard-shut-down and I don’t know what APIs android gives you access to for that kind of thing, so might not be as simple as it sounds. Could be used alongside the previous suggestion as an extra mitigation.
Blue sky stuff (i.e. design and code and architecture input needed, might not be possible, might not be needed if the simple solutions are secure enough):
You might be able to use tokenisation for card details pasted into web forms, so a token is written to memory instead of card PAN. No idea how that works through an acquirer, probably not possible for now. Apple and Android pay do something like this though, so you never know.
Lastpass securely writes my passwords to apps and web forms. I wonder if a similar approach could be implemented through the Starling app.
True. But you cannot copy account/sort from the [+] on the home page (which is fewer clicks away than account details…).
Having the PAN in the clipboard may be a risk - but its a tradeoff with usability. Switching apps (and auth each time) to type 4 numbers at a time isn’t a great usability story.
Typically you need more than just the PAN (e.g. billing address or cvv or expiry date).
Switching apps to copy 4 numbers at a time wouldn’t be much different to switching apps to type 4 numbers at a time - which is what I need to do now… (I can’t quickly & reliably keep more than 4 numbers in head - perhaps thats my youth slipping away…)
The very small security risk is outweighed by the huge benefit of making something that’s currently annoying very easy. IMHO.
Do we have an idea when this might appear?