We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Annoying Internet Banking!!!
Comments
-
im a bit at a loss to understand why some of you are so against it. you put your card in, plug in your pin and it gives you an authorisation code which you put online. whats the problem with that
extra minute at the most.
doubt there will be many places to go to soon who dont use the system - if it helps with fraud then the banks are going to use it.0 -
the first time i heard about it was when i went to transfer £10000 online and was told to use the card reader, RBS, i knew nothing about it but they said the reader, pin number and card had all been sent out so that was three things that never arrived. they said they would send again and so far have a card reader and a pin number but no card but fortunately its only when it comes to transferring large amounts that i need it so will use telephone banking then.0
-
i've only ever had to use my RBS one so far to set up a payment to my egg savings account0
-
Of all the Internet Banking security devices I've seen, I think the "key fob" is the best solution. I use one of these with an HSBC business account and a HSBC account abroad. These keyfobs are tied to each account, so if its lost, a new one must be assigned to the account.
0 -
The keyfob is an awesome idea, it's small and does the job brilliantly. I have one for my work when I log in from home, and it's a great little device.You're spelling is effecting me so much. Im trying not to be phased by it but your all making me loose my mind on mass!! My head is loosing it's hair. I'm going to take myself off the electoral role like I should of done ages ago and move to the Caribean. I already brought my plane ticket, all be it a refundable 1.0
-
Except the keyfob isn't as secure as the pinsentry type devices.
I can tempt you into a screen which says "sorry - we've lost your details - please re-enter including your latest keyfob pin" ... Then (as a hacker) I just have a little script that quickly logs into the bank, scrapes the site, sets up the payment and transfers out. All in under the time it takes for the keyfob to move to the next number.
The pin pads work better because a) They require the card (so can't just be nicked) b) they require the pin (on nationwide anyway!) so even if you do nick it you have to get my pin and c) they offer a challenge-response mechanism.
This means that, as a hacker, I have to actively set up a session to the bank when I tempt you to my site, relay the challenge and get you to give me the response. In fact - those banks that do it on new payment requests (rather than the silly Barclays login one) make it even harder because the hacker has to initiate a session *once* they've got your login and then get you to put the card in the machine ....
Of course, none of what I'm describing is impossible nor that impractical, but it's all about degrees of practicality.0 -
im a bit at a loss to understand why some of you are so against it. you put your card in, plug in your pin and it gives you an authorisation code which you put online. whats the problem with that extra minute at the most.
doubt there will be many places to go to soon who dont use the system - if it helps with fraud then the banks are going to use it.
I'm not against it, I just don't wish to carry the card and reader around with me when in work, over my mate's, overseas etc. I only want to check my balance! A simple password and number used to do the trick!0 -
Except the keyfob isn't as secure as the pinsentry type devices.
I can tempt you into a screen which says "sorry - we've lost your details - please re-enter including your latest keyfob pin" ... Then (as a hacker) I just have a little script that quickly logs into the bank, scrapes the site, sets up the payment and transfers out. All in under the time it takes for the keyfob to move to the next number.
The pin pads work better because a) They require the card (so can't just be nicked) b) they require the pin (on nationwide anyway!) so even if you do nick it you have to get my pin and c) they offer a challenge-response mechanism.
This means that, as a hacker, I have to actively set up a session to the bank when I tempt you to my site, relay the challenge and get you to give me the response. In fact - those banks that do it on new payment requests (rather than the silly Barclays login one) make it even harder because the hacker has to initiate a session *once* they've got your login and then get you to put the card in the machine ....
Of course, none of what I'm describing is impossible nor that impractical, but it's all about degrees of practicality.
So how is that any different from the card readers number?. What's stopping the 'hackers' from saying 'enter your pinsentry number' instead?. :rotfl:0 -
So how is that any different from the card readers number?. What's stopping the 'hackers' from saying 'enter your pinsentry number' instead?. :rotfl:
Because - as I said - it's a challenge-response in most cases (e.g. Natwest/Nationwide) and I've looked over Barclays demo (not banking with them) - and when you set up a new payee (which is ultimately the hackers goal remember) the system requires you to use pinsentry and enter a number from the site first.
So as a hacker, I have to get you logged into the website without you knowing, then set up the payment, scrape the site for the code - present it back to you - get you to put your card in the system and enter the challenge number and then give me the response ...
That's not impossible - but it's a damn sight harder than simply having a page saying "give me all your login details and your latest number from your dongle"
M.0 -
Except the keyfob isn't as secure as the pinsentry type devices.
I can tempt you into a screen which says "sorry - we've lost your details - please re-enter including your latest keyfob pin" ... Then (as a hacker) I just have a little script that quickly logs into the bank, scrapes the site, sets up the payment and transfers out. All in under the time it takes for the keyfob to move to the next number.
The pin pads work better because a) They require the card (so can't just be nicked) b) they require the pin (on nationwide anyway!) so even if you do nick it you have to get my pin and c) they offer a challenge-response mechanism.
This means that, as a hacker, I have to actively set up a session to the bank when I tempt you to my site, relay the challenge and get you to give me the response. In fact - those banks that do it on new payment requests (rather than the silly Barclays login one) make it even harder because the hacker has to initiate a session *once* they've got your login and then get you to put the card in the machine ....
Of course, none of what I'm describing is impossible nor that impractical, but it's all about degrees of practicality.
I don't have one of these HSBC key fobs, but if they work the same way as my SecurID token to access the NHS network from home you have a pin number that you add prior to entering the number on the token. If anyone's stupid enough to type their pin+number from the fob into a screen asking for your example up above then more fool them!0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.7K Banking & Borrowing
- 253.4K Reduce Debt & Boost Income
- 454K Spending & Discounts
- 244.7K Work, Benefits & Business
- 600.1K Mortgages, Homes & Bills
- 177.3K Life & Family
- 258.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards