Review: Fidor Bank Germany


There’s quite a few posts out there about people’s experiences with the Germany-based pan-European online bank N26, but not as many on Fidor, another German online bank that accepts account holders from outside Germany, and actually predates N26. Not surprising, as the website only supports the German language. This post will serve as a review based on my personal experiences with the bank as well as a guide for anyone else interested in opening an account.

Keep in mind, this review only concerns Fidor Bank Germany hosted at fidor.de, and not Fidor Bank UK hosted at fidorbank.uk.

Registration

Unlike most banks, the registration process actually distinguishes between first and middle names. As someone who uses their middle name, this is always a bit tricky for me. If only one field is provided, I try to get away with using just my middle name, but this is always changed to both names after actual ID verification has taken place. The only exception has been N26, but I can’t think of any other online payment service that’s accepted just my middle name.

I was unsure how to proceed, as the first name field was listed as “Vorname (Rufname),” with “Rufname” meaning “calling name.” I.e., the name you’d actually use on a day-to-day basis. The field for middle names was called “Weitere Vornames” (other names). In the end I put my first name in the “Vorname” field and my middle name in the “Weitere” field, out of fear of having my names reversed otherwise. Unfortunately, this does mean all outbound transfers are listed under “Firstname Lastname,” but it did seem to be the right choice regardless.

Upon requesting a MasterCard, my naming options were “First Last,” “First M. Last,” and “Middle Last.” Other configurations were not available.

Kudos to Fidor for taking into account those of us who use their middle names, and allowing me to order a card with just my middle name listed on it. If anyone feels like registering with their names reversed in order to get their middle name listed on their account as well, please leave a comment telling me how it went.

After registering, you’re required to enter your address. This shows that the site isn’t entirely built for users outside of Germany, as I was unable to enter my postal code.

Postal Code Error

A German PLZ (postleitzahl) consists of 5 digits, whereas a Dutch postal code consists of 4 digits and 2 letters. In the end, I had to enter 4 digits in the “PLZ” field, and add the letters to the “Ort” (Place) field.

Address

Not an issue whatsoever as it all just gets printed onto an envelope anyway, but certainly something that could scare off new users.

Verification

Then came the video verification process. The service agents all spoke excellent English, but nonetheless it was a bit of a hassle. The first time I tried I wasn’t receiving any texts, so I tried again the next day. Then the service agent forgot to speak one of their lines and had to disconnect me, as the entire process had to be restarted from scratch. I also had trouble getting my perfectly-decent phone to focus in on my ID well enough for them to take a picture. Y’know, the usual stuff if you’ve ever dealt with IDNow, Postident, etc. But eventually I managed to get through and had my account activated.

Eager to receive my SmartCard, I ordered one immediately, only to be denied as I hadn’t proven my creditworthiness yet. Creditworthiness can be proven by using the account for a minimum of 3 months, or can be expedited through Boniversum if you live in Germany.

Unfortunately proving my creditworthiness was a bit of a Catch-22 situation. I didn’t wanna use Fidor as my primary bank account without a Maestro/MasterCard SmartCard for POS purchases, but I wouldn’t be able to get that SmartCard without using Fidor as my primary account.

In the next 3 months I tried to prove my creditworthiness by setting up a few direct debits, and transferring over money from my main account to pay for them. I’d also use the Digital MasterCard here and there. In the end, this proved unsuccessful, as I still got denied after 3 months.

Then I got a new job, and I figured this would be the right time to give them my Fidor account as that’d surely do the trick. Sure enough, after a couple months of having my salary deposited onto the account, I was finally able to order the SmartCard.

I should note that if you live in a country with high MasterCard acceptance, there’s also the option to order the physical Debit MasterCard for 15 EUR a year and use that while proving your creditworthiness.

Fidor Cards

The SmartCard

What many don’t realize about the Fidor SmartCard, is that while the Maestro portion is a debit card, the MasterCard portion is technically a proper credit card with a 1000 euro limit. Debit MasterCards are ubiquitous these days, but they have to be online connected at point-of-sale, and have a lower acceptance rate. Many experience difficulties renting cars, for example. The fact that Fidor will actually give you a proper offline MasterCard is a major boon for the service.

That said, I’ve heard that hybrid cards have their own issues when dealing with outdated POS systems, which doesn’t surprise me as I’ve rarely been able to use my European PIN-protected creditcards abroad. The big exception has been South Korea, where all I had to do was hand over my card, draw a a scribble on a dot-matrix screen, and somehow that was enough to buy a pizza. Unfortunately I haven’t had the chance to use my Fidor SmartCard abroad yet, so I can only comment on my experiences using it locally in the Netherlands.

It did take some getting used to. Upon inserting it into the slot, I have to choose between MasterCard and Maestro, with MasterCard being the default. This means I always need find the “Menu Select” button first, but since all POS hardware in this country is provided by only one or two companies, you get used to it very quick.

I’ve not been able to get contactless payments to work at all and was unable to find an option to toggle it on/off in my account. It’s possible contactless payments only work with MasterCard payments. This means that using the SmartCard is several times slower than grabbing one of my Maestro cards.

One thing that has to be mentioned, is that while the Digital MasterCard does not charge a foreign currency conversion fee, the SmartCard does. My Digital MasterCard was immediately deactivated upon activating the SmartCard, but the option to request a new one remains available in my account. I just haven’t tried it myself out of fear of deactivating my SmartCard in the process.

The Website

The website is, of course, in German. Since their UK counterpart uses the same website but in English, it seems to be a conscious decision on Fidor’s part to not provide an official translation on the German website. Luckily Google Translate has come a long way and is perfectly capable of translating the site should you need to.

The interface is a bit cluttered and has a very “upselly” feel to it. Upon logging in you’re immediately confronted with precious metals, cryptocurrency, insurance, loans, forex, etc. It’s not too big an issue though, as I mostly just click on the “Umsätze” tab to view my transactions, which is much cleaner than the “Cash Manager” default page.

Overall though, as someone who doesn’t make use of most of the features Fidor provides, I do prefer the more minimalist interface of N26.

The App

Getting the app proved to be a bit problematic. It’s advertised everywhere on the Fidor site, but was listed as “incompatible” with my device when accessed from my Dutch Google account, and was not listed on the Google Play app.

Fidor App

I had to login to a VPN service, pick a German server, and register a completely new Google account in order for it to be registered as German by Google. This was the only way to safely install the APK from the app store.

This is a major oversight on Fidor’s part, and completely unnecessary if done intentionally. All it does is push their international users to grab a potentially unsafe APK off the web.

The app itself works a bit differently from what I’m used to. Upon logging for the first time, it asks you to setup a 4-digit PIN, and whether you want to stay logged in for 1 minute, 1 day, or 14 days. Naturally I picked one minute, assuming the PIN would be used to login again. Turns out that your full password is used on every login, while the PIN is only used to make transactions.

I was a bit taken aback by this at first, but on second thought it doesn’t really matter. If anyone manages to access my phone, I’d have bigger things to worry about than them being able to view my transactions.

The interface is standard fare for banking apps these days, and the app should also support contactless payments, which I haven’t been able to test out myself due to lack of an NFC-capable phone.

Overall I’m quite happy with the bank and currently use it as my primary account. I’ve only had to deal with customer service once in order to reset my FIN (Fidor Identification Number) that is used to change your personal information, but this could be done by sending a PDF form through email, and within 24h I had a new FIN. So no complaints there as of yet.

Are there any major reasons to use it over the more well-known N26 Bank which is likely easier to use due to official English support? For most people, probably not, though the issuing of a proper offline MasterCard can be a deciding factor for some.


Dimitri Sneed
Published on 13 January 2019
Comments
Category: Reviews
Tags: banking


Protect your phone in case of loss


A couple months ago I went for an afternoon stroll with my girlfriend and her old man, when we happened across a very expensive phone with a book-style cover containing driver’s license, debit cards, membership cards, etc. With just the information provided by the phone’s lock screen, we were able to quickly track down the owner and return the phone before our walk was over. However, anyone with malicious intent could’ve used that same data to gain access to this person’s entire online presence, and potentially even their bank account.

Based on my own experiences viewing how people around me use their phones, as well as the many used phones I’ve had to process at work, I noticed many of us tend to make the same security oversights this person did. So here’s a guide with a few things you can do to prepare your phone in case of loss.

Being an Android user myself, this guide will explicitly use Android/Google terminology in some cases, though it can certainly be applied to the iPhone as well.

Lock your phone

This probably goes without saying, but yeah, lock your phone. Not all locks are created equal, but any lock is better than none at all. The most secure method is to create a password with a minimum length of 10 characters, consisting of uppercase letters, lowercase letters, numbers, and special characters. Of course, most of us don’t want to type in such a long and complex password just to reply to a text, so it’s best used as a backup to biometric authentication. Just go with whatever method you’re most comfortable with and works best in your situation. Let’s say you’re the type of person to fall asleep in public places with your phone in your hand, then fingerprint scanning probably isn’t for you.

But don’t use Smart Lock

While fingerprint authentication has its faults, like the one scenario described above, it’s still far more secure than Google’s “Smart Lock” offerings. Face recognition is getting better but can still be fooled with a picture. Consider using iris scanning instead if you like this method. GPS-based smart lock is notoriously buggy and has far too large a range to provide any real protection. Keeping your phone unlocked while paired with a bluetooth device isn’t very secure when on the go, but it’s at least a safer alternative to GPS when at home. All in all though, avoid these if you can.

PIN your SIM

As a result of the many ways to lock one’s phone, the traditional SIM PIN is often neglected. Case in point, when my girlfriend got a new phone, she popped in her SIM, typed in the default 4-digit code, and never bothered with it again.

Since that PIN code is widely known to be the default for her provider, anyone who finds her phone could use that SIM, receive her texts, and likely access the majority of her accounts just like that. Accounts which were all displayed right there on the lock screen. In fact, as she didn’t hide her texts, all her two-factor authentication and password reset keys would be displayed on the lock screen as well, without the need to remove the SIM card.

Keep your notifications private

In its default state, your Android phone is likely to publish all of your notifications’ content right to your lock screen, no passcode required. Texts, emails, your email address, WhatsApp messages, it’s all there for everyone to see.

Notification privacy can be set up on a per-app basis, but I personally suggest using it across all apps. You’ll still get all your notifications, but you won’t be able to see their contents without unlocking the phone. It’s a minor inconvenience that makes a world of difference.

Keep your shortcuts to a minimum

For a while I’d been using my phone’s default notification bar shortcuts, until one day I realized they were all usable without unlocking the phone. That includes turning off GPS and data, thus cutting off my ability to find and wipe the phone remotely using Find My Device. Of course, this can also be accomplished by simply turning off the phone and/or removing the SIM card, but if a person has malicious intent, that might not be in their best interest as it could render the lock screen inaccessible, and also activate the SIM PIN.

You’ll want people to have as little access to your phone’s functions as possible. Even the camera, which is typically usable without unlocking the phone, has been a liability in the past and caused lock screens to crash. One way to keep others from accessing the camera from the lock screen, is to simply install a secondary camera app. You will then be prompted to choose your preferred app, which also activates the screen lock.

Encrypt your SD card for use as internal storage

Phones with SD card support will typically offer two different modes: internal and external storage. When an SD card is formatted as internal storage, it’s encrypted and made readable only by that specific phone. If you format the SD card as external storage, all your photos, and whatever other sensitive data might reside on there, can be read by any other SD card-reading device.

Encrypt your phone

Most phones come pre-encrypted these days, so this isn’t something you’ll likely have to worry about. In case your phone didn’t, consider doing so, but keep in mind the process could take an hour.

With your phone encrypted, you will now also have the option to use Secure Startup, which requires a passcode to boot up Android. The concept is the same as the above. Without unlocking the phone, you can be certain no other source will be able to read your data.

Set up Find My Device

If somehow you neglected to activate it during the initial setup of your phone, be sure to do so now. Find My Device will allow you to view your phone’s GPS location, ring it, leave a message, and even put up a call-back button. If all else fails, you can wipe your phone remotely when it becomes clear that the new owner has no intention of returning it and you’re not able to track it down yourself.

Leave a custom message on the lock screen

This is perhaps the easiest and fastest way to get your phone back. Simply leave a permanent message on the lock screen with your contact information. I’ve seen this method used quite often on the phones we get in at work, but people always make the mistake of using their real name and email address. Any information a person has on you can potentially help in gaining access to your phone and accounts, or pose as you when attempting to use social engineering. It’s better to set up a secondary email specifically for this purpose.

Be prepared to lose everything

While your phone might fall into hands of some good samaritans, it’s better to assume it’ll get datamined and/or sold. So at some point you’re gonna have to accept the phone is lost, and if possible, wipe it and render it unusable.

To prepare for this, be sure to backup your user settings to Google, and use a cloud hosting service to backup all your photos and other documents you don’t want to lose. Of course, using cloud storage for sensitive data is opening up a whole other can of worms, but that’s a little bit beyond the scope of this guide.

I hope this post was useful to someone. If you require step-by-step instructions on how to perform some of these actions, please leave a comment and I’ll add them in. This guide is a bit of a work in progress and will certainly be updated should anything change in the future.


Dimitri Sneed
Published on 23 December 2018
Comments
Category: Guides
Tags: phones, security, tech


© Copyright 2018-2019