We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
RBS card reader
Comments
-
hieveryone wrote: »I got one of these too today, they are so stupid, don't even hook up to the computer?? What's the point! lol
The whole point is that they don't connect to the computer.
They're supposed to be a personal PIN entry mechanism to provide a '3rd' mechanism of protection against fraud, however it's only effectively yet another 'password' on your account.
To be truly secure, there should be three identification 'factors' in any system claiming to be secure:
1) something you know (your account password, your pin)
2) something you have (your account number (at a stretch), your card)
3) and something about yourself (finger prints, iris scans, any biometric really)
All these bank 'security systems' do is add more and more layers on (1) and (2) without doing anything at all about (3), but falsely claim to be implementing '3-factor' authentication while only implementing 2. Repeatedly.
Not that I'm advocating they implement (3) - just that they should stop claiming that adding more (1) and (2) makes stuff safer. It doesn't. Just makes it more arduous for those of us legitimately trying to use the service.Conjugating the verb 'to be":
-o I am humble -o You are attention seeking -o She is Nadine Dorries0 -
Paul_Herring wrote: »Not that I'm advocating they implement (3) - just that they should stop claiming that adding more (1) and (2) makes stuff safer. It doesn't. Just makes it more arduous for those of us legitimately trying to use the service.
In the case of card readers/internet banking, how exactly isn't it any safer? It's significantly harder since it requires you to have the card with a working chip, the PIN and know all the appropriate membership details etc. That's a hell of a lot harder than, say, running a key logger on a public computer. And considering that losses are down substantially, it indeed is comparatively safer.
Plus, I think you're all forgetting the liability shift of card readers.What would William Shatner do?0 -
littlepinkstars44 wrote: »no i done that as soon as i got it, put my card in went through all the online instructions...and nothing it doesn't work
What exactly are you trying to do Littlepinkstars44?Anything that I do say, is strictly my opinion
0 -
Paul_Herring wrote: »Not that I'm advocating they implement (3) - just that they should stop claiming that adding more (1) and (2) makes stuff safer. It doesn't. Just makes it more arduous for those of us legitimately trying to use the service.
Reminds me of those customers who I ask to answer some security questions because they don't have a chip and pin card for authorisation.
Responses I usually get are "Well, I've never had to do this before!" or "It's my money!"
Would you rather I give your money to someone without asking security questions or would you like strangers who know your card details somehow to pay off their bills using your card?
Any kind of prevention is better than cure.Anything that I do say, is strictly my opinion
0 -
BarclaysManager wrote: »In the case of card readers/internet banking, how exactly isn't it any safer?
Because it's relying on only one aspect of verification. Something you know.
It boils down to:
Old method: give us one password
New method: give us two passwords.
Now then. If someone has access to one of those passwords, what's the probability they have the second?
No, I wasn't. I just didn't point it out in that post.Plus, I think you're all forgetting the liability shift of card readers.Conjugating the verb 'to be":
-o I am humble -o You are attention seeking -o She is Nadine Dorries0 -
I'd rather RBS didn't give my money to anyone who I haven't authorised the transaction for.Would you rather I give your money to someone without asking security questions or would you like strangers who know your card details somehow to pay off their bills using your card?
Indeed. But adding a second (or third, or fourth) password isn't any kind of protection when the first has been compromised.Any kind of prevention is better than cure.Conjugating the verb 'to be":
-o I am humble -o You are attention seeking -o She is Nadine Dorries0 -
Paul_Herring wrote: »Because it's relying on only one aspect of verification. Something you know.
It boils down to:
Old method: give us one password
New method: give us two passwords.
Now then. If someone has access to one of those passwords, what's the probability they have the second?
I understand the downfalls of two factor. What I am challenging you over is your assertion that card readers do not make the service safer and only serve to hinder existing users. Online banking fraud is down significantly, as are losses. So much in fact that we (as in BB plc) have increased payment limits because it IS in practice safer.No, I wasn't. I just didn't point it out in that post.
It was addressed at the thread as a whole, not you specifically.
What would William Shatner do?0 -
Paul_Herring wrote: »Indeed. But adding a second (or third, or fourth) password isn't any kind of protection when the first has been compromised.
Except it's not just adding another password.
It's adding a challenge/response mechanism which forces the presence of the card.
As you highlighted earlier - the best security system would have the 3 factors. Previously, most online banking had (and the majority still do) one - the password - which could be obtained through social engineering, key loggers or good old plain phishing.
Now they've introduced the card readers, which require a prompt from the bank, the presense of the card, the knowledge of the pin and then entry of a response.
That means they've definately moved from one factor to two - which is an improvement.
You can't use social engineering (e.g. guessing) to get the physical card ... you can't simply use a key logger to get the pin (it's entered onto a seperate device) - which brings us back to Phishing. So there's definately two methods blocked.
Now the third ... in order to phish the correct code - the phisher would have to set up a very dynamic site, which prompted you for login, then went through the screens behind the scenes fast enough not to alert you, but slow enough not to alert the bank, to set up the payment and get the prompt, then tempt you into following the prompt and entering your card in the reader to ensure that the code was entered.
All of which is much harder to achieve than the standard flat phishing site and means you can't simply sell the online identity because without a resuable password it's pointless. So it's a one-time win rather than a many-time win from a single phish as they get now.
Remember - most phishers aren't going to use your details themselves - they want to sell them on - it's much less risky.
So I'd say they'd done more than simply add another password on.
M.0 -
it's wonderful secure little kit..I've had it for months now0
-
getting back to the OPs original problem, maybe if you have followed all instructions to the letter, it is just a faulty unit and needs to be sent back?0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.7K Banking & Borrowing
- 253.4K Reduce Debt & Boost Income
- 454K Spending & Discounts
- 244.7K Work, Benefits & Business
- 600.1K Mortgages, Homes & Bills
- 177.3K Life & Family
- 258.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards