I have a vessel captain reporting that while in Mexico, his American bank app will not allow him to login (security issue) while connected to Peplink Wi-Fi network.
However, if he disables Wi-Fi on his phone, the banking app works correctly.
BR2 Pro 5g router → Speedfusion connection to → SFC Relay device in United States
(Captain’s iphone is added to the “Route by LAN Client” white list).
Is this due to the fact that SFC Relay device has been discontinued, an incorrect SFC setting or the Banking app using multiple geo-location security measures?
Only the bank can tell us that. But its likely either GEOIP blocked or the public IP SFC is using shows as being a VPN service and the bank is suspicious of that and blocking it.
I confirmed that the public IP (in use with the SFC) is not blocking it; as captain does not have this issue when the vessel is in the United states (and his iphone is connected to the Peplink wifi network using Router SFC connection to the SFC Relay).
I’m definitely not an IT security specialist, but I’d imagine banking apps are:
cross referencing the iphone’s Wi-Fi, cellular and bluetooth connection details (location)
and an algorithm is in place that makes a determination as to whether or not the device’s current geographic status (location) satisfies minimum security criteria ?
(aka no suspected monkey business w/device location)
Interesting, I was about to say the same thing Martin mentioned. If the captain checks “whatismyip.com,” does he see the same IP address in both out to sea and near shore?
I’m assuming you’re using an SFC endpoint in the US. Are you using a private one on a dedicated server, so the IP address stays consistent on the public internet side (as the bank would see it)? Or are you using one of the Peplink shared SFC locations, which might assign a different WAN IP address each time depending on server load?
I’ve noticed with the Peplink SFC service that even IP addresses within the same data center can affect whether access is blocked or allowed.