I have a vessel captain reporting that while in Mexico, his American bank app will not allow him to login (security issue) while connected to Peplink Wi-Fi network.
However, if he disables Wi-Fi on his phone, the banking app works correctly.
BR2 Pro 5g router → Speedfusion connection to → SFC Relay device in United States
(Captain’s iphone is added to the “Route by LAN Client” white list).
Is this due to the fact that SFC Relay device has been discontinued, an incorrect SFC setting or the Banking app using multiple geo-location security measures?
Only the bank can tell us that. But its likely either GEOIP blocked or the public IP SFC is using shows as being a VPN service and the bank is suspicious of that and blocking it.
I confirmed that the public IP (in use with the SFC) is not blocking it; as captain does not have this issue when the vessel is in the United states (and his iphone is connected to the Peplink wifi network using Router SFC connection to the SFC Relay).
I’m definitely not an IT security specialist, but I’d imagine banking apps are:
cross referencing the iphone’s Wi-Fi, cellular and bluetooth connection details (location)
and an algorithm is in place that makes a determination as to whether or not the device’s current geographic status (location) satisfies minimum security criteria ?
(aka no suspected monkey business w/device location)
Interesting, I was about to say the same thing Martin mentioned. If the captain checks “whatismyip.com,” does he see the same IP address in both out to sea and near shore?
I’m assuming you’re using an SFC endpoint in the US. Are you using a private one on a dedicated server, so the IP address stays consistent on the public internet side (as the bank would see it)? Or are you using one of the Peplink shared SFC locations, which might assign a different WAN IP address each time depending on server load?
I’ve noticed with the Peplink SFC service that even IP addresses within the same data center can affect whether access is blocked or allowed.
'whatismyip.com" - we didn’t have time to troubleshoot this. Will use this test next time
SFC endpoint - It’s a peplink SFC Relay device (SFC-RLY ) installed in USA on an ATT dynamic IP account (home office). Therefore, the WAN IP is changing
Martin, While performing Starlink maintenance on the vessel yesterday I noticed the GPS location feature on the Starlink app (Advanced / “debug data” / “starlink location” / “allow access on local network”).
I noticed this setting was “OFF”.
That said, wouldn’t this likely be the cause of the banking app issue ? (The banking app can’t determine the phone’s Wi-Fi connection Geolocation and cross reference it against the Bluetooth and cellular?)
“Turning on this feature allows devices on your local Starlink network to access your Starlink’s GPS position. This does not allow Starlink customer support to access your Starlink’s position.”
(Note - The peplink router only has one active WAN connection = Starlink.)
