Moneybase Invest 4+

powered by CCTrader

Calamatta Cuschieri

    • 3.7 • 3 Ratings
    • Free

Description

We have evolved! CCTrader is now Moneybase Invest, forming part of a new Moneybase ecosystem that offers you much more than investing, yet honouring a legacy of providing a wide choice of investments at a low price via a user-friendly and feature rich platform.

We are delighted to offer you your own IBAN which allows you to receive money seamlessly plus improved card deposits. Watch out for a new separate Moneybase app available now in the app store with new functionality to benefit from.

What’s New

Version 3.8.0

Welcome to Moneybase :) With the new Moneybase Invest app, previously known as CCTrader, you can continue to make investments easily. You can now also make use of your new IBAN to receive money and we have also made card deposits much better!

What is more is that you can also install our new Moneybase app which allows you to send & receive bank transfers with your own IBAN, pay friends, get a physical or virtual card all in the same Moneybase ecosystem. Switch between both apps easily and watch out for our weekly updates, we are just getting started!

Ratings and Reviews

3.7 out of 5
3 Ratings

3 Ratings

pizza_dough ,

2FA is not great

CCTrader went ahead and enabled two-factor authentication (2FA) via SMS, not as an opt-in security feature, but as a blocking mechanism for logging into your existing account.

1) SMS should not be used for 2FA if it can be avoided. It is relatively insecure and can be compromised with social engineering, MITM attacks, etc. There is plenty of literature available on this. One of the common ways hackers gain access to accounts is via SIM swaps.

2) If you are traveling and using a different SIM card, or if you cannot connect to a cell network, you are going to have a bad time.

3) If you permanently lose access to your phone number (e.g. change numbers without considering CCTrader first), you are going to have a bad time.

CCTrader should instead,

1) Provide opt-in 2FA support that supports multi-platform authenticator apps like Google Authenticator, Authy, etc. There should be a prompt and easy-to-follow set of instructions to enable it upon successful login. One-time passwords sent by email would also be better than SMS.

OR, even better,

2) Provide 2FA functionality, such as a code generator, directly in their own app (and allow enabling bypass with TouchID or other biometric ID), and associate your preferred *device* (not SIM card) to your account for any 2FA purpose.

A code generator in an app consists of a hash of a shared secret key (e.g. derived from device ID) with the current timestamp. Look into TOTP, RFC6238, RFC4226. I cannot think of a good reason a modern OTP / 2FA implementation should start with SMS when there is already a smartphone app available.

Immediate upgrade to 5 stars when this is improved or made opt-in.

===

The app is a web view. Waiting for the real thing!

I wouldn't normally have a ton of issues with this, but some things need to be tweaked. For example, 1) there is a delay when opening the menu; 2) when you navigate you get the spinner but the view doesn't change until loading is complete (the view should immediately change to some loading or null state); etc. Basic fundamental UI tweaks would make this much better & make it harder to realize that it's a web view.

--

edit: thanks for the response & roadmap tip!

Developer Response ,

Thanks for the feedback, we'll pass this on to our UI team to see what they can do.

In the meantime we welcome you to follow our public roadmap (https://trello.com/b/TOdBkXEv/cctrader-public-roadmap) to view and vote on future features which will be added to the platform.

App Privacy

The developer, Calamatta Cuschieri, indicated that the app’s privacy practices may include handling of data as described below. For more information, see the developer’s privacy policy.

Data Linked to You

The following data may be collected and linked to your identity:

  • Financial Info
  • Contact Info
  • User Content
  • Identifiers

Data Not Linked to You

The following data may be collected but it is not linked to your identity:

  • Location
  • Usage Data
  • Diagnostics

Privacy practices may vary, for example, based on the features you use or your age. Learn More

You Might Also Like

Finance
Finance
Finance
Finance
Finance
Finance