Nationwide to start a new log in procedure.

Fedz

Geez I ditched Natwest when they sent me one of these damn things & then the co-op mentioned one so I stopped using that account.

I'm now with Nationwide as main account & this could possibly happen sooner or later

Where too next. Are these card readers supposed to be highly regarded for security or something? I'll Wiki & read-up on it

masca

Sadly this change, together with the new charges for using your card abroad, signals the end of my time with Nationwide...

What I would like to know, if anyone can make any suggestions please, is which banks other than Santander provide one time passcodes by SMS rather than by card reader? Thanks!

Fedz

Source: Optimised to fail: Card readers for online banking. [pdf]

A serious problem is that CAP readers may be used during mugging. Since the
roll-out of Chip & PIN, a criminal who has stolen a card needs to know its PIN
to use it in card-present transactions. In July 2008 two French students were
tortured to death in their London residence six days after it was broken into and
a computer stolen. Days after the murders the police revealed that the attackers
were after the students' card PINs [6]. In February 2007, two Manchester men
murdered a 62 year old security guard after he refused to reveal his card's PIN [7].

Previously, muggers marched a victim to an ATM to ensure he gave them
the right PIN. Now, with CAP, criminals have a portable device that will tell
them if their victim is lying. While the EMV protocol always permitted such
a device to be built, that requires technical skill, and wasn't in practice done.
CAP has made the capability ubiquitous. It reduces the risk to muggers, as now
they can keep their victims in a quiet place, and not risk being caught or seen by
CCTV by going near an ATM. It would have been easy enough for the banks to
design CAP without revealing the result of the PIN verication, but they failed
to foresee the risk.

In our view, this was negligent: authentication tokens designed by other rms,
such as the Racal Watchword (also known as Sytek PFX Passport [8]), would
generate an erroneous response if the wrong PIN was entered but would not
indicate this to the user, and so are not vulnerable. Worse, the two banks that
have flooded the UK with CAP readers have thereby placed not only their own
customers in harm's way, but have also endangered the customers of other banks
who have enabled their debit cards for CAP. It remains to be seen whether
customers will be able to demand cards that are not CAP-enabled and thus do
not put them at needless physical risk.

There are other issues related to card theft. For example, if a customer is
issued with an ATM card, the same card and PIN will be used for CAP, and so
the PIN digits on the reader will wear down. Because customers are encouraged
to carry their CAP readers around with them, it may be stolen along with their
cards, perhaps telling the thief which digits to try.

If the PIN has 4 distinctOptimised to Fail: Card Readers for Online Banking 9
digits this leaves 24 dierent orderings, this increases the chance of an attacker
guessing the correct PIN in three attempts from 1 in 3333 to 1 in 8. If a customer
has multiple cards with the same PIN, the attacker has even better odds.

Source: Optimised to fail: Card readers for online banking. [pdf]

samwsmith1

How can they require sign on with a card reader when nationwide doesn't use a card reader?
The only bank I know of that use them is Natwest & Barclays!

simax

samwsmith1 wrote: »

How can they require sign on with a card reader when nationwide doesn't use a card reader?
The only bank I know of that use them is Natwest & Barclays!

Eh? What you on???? :rotfl:

Fedz

samwsmith1 wrote: »

How can they require sign on with a card reader when nationwide doesn't use a card reader?
The only bank I know of that use them is Natwest & Barclays!

Please read: Nationwide to start a new log in procedure.

Frogletina

samwsmith1 wrote: »

How can they require sign on with a card reader when nationwide doesn't use a card reader?
The only bank I know of that use them is Natwest & Barclays!

I have a Nationwide card reader, had it for about 2 years now, and I find it such a pain to use that I rarely use Nationwide now

Paul_Herring

libra10 wrote: »

I can't think of any reasons to stay with Nationwide!

They aren't Santander? (Or LTSB who've recently decided to put all new PPI claims on hold in defiance of the FSA.)

Inactive

It seems to me that Nationwide are hell bent on losing FlexAccount customers, by any means at their disposal, I will certainly close my FlexAccount once this is implemented, I just cannot be arsed with them any longer.

I have a long term HSBC Current account that is far better than Nationwide's dismal offering.

James

Handed mine back to Nationwide and asked for a receipt and for the fact to be recorded. No comeback as yet.

It does say on the Nationwide Page: For those of you who have card readers you will be able to sign on with them.


The Industry should look closely at who takes money frauduletnly from accounts. Where the money ends up and does the bank who allowed the perpetrator to open an account really know their customer.

Visa, MasterCard, Amex etc etc should also Police sites who display their log.

Card Readers could prove to be yet another way of moving the burden of proof for a security blip directly onto the consumer.

So why not return your Card Reader to Nationwide?