Recently, I have heard one of my friend (who I recommended) whos email accounts got hacked. hacker manage to login curve using the magic link which very venerable as curve doesn’t ask any security question and it shows full card detail in the card. she has lost £2000 (of course curve/bank has refunded it now)
why curve can not implement two-step authentication for at least new app sign in
- magic link.
- password/memorable number/text via mobile
I feel curve need to action this with priority to protect its user.