We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Nationwide online and card reader sign on
Options
david78
Posts: 1,654 Forumite
I was sent a card reader through the post so I can use it with the internet bank. How does the security work when I use this (and my debit card) to sign on?
When I sign on I do the following:
(1) Insert card, press Identify and enter my pin
(2) Enter the response code displayed into the website
Does the code at (2) ever change or is it always the same? If its the same why can't I just write it down so I won't need the card reader or debit card (which is not secure obviously). If its unique, how does it work as there is no communication between my card and the website!!
I would be interested to learn how it works if anyone knows.
PS. I do understand how these cards work in relation to setting up transfers and such, but there you combine the card with an account number to generate a unique response code. But with sign on it doesn't have that.
When I sign on I do the following:
(1) Insert card, press Identify and enter my pin
(2) Enter the response code displayed into the website
Does the code at (2) ever change or is it always the same? If its the same why can't I just write it down so I won't need the card reader or debit card (which is not secure obviously). If its unique, how does it work as there is no communication between my card and the website!!
I would be interested to learn how it works if anyone knows.
PS. I do understand how these cards work in relation to setting up transfers and such, but there you combine the card with an account number to generate a unique response code. But with sign on it doesn't have that.
0
Comments
-
Does the code at (2) ever change or is it always the same?
No, it is unique.If its unique, how does it work as there is no communication between my card and the website!!
It's complicated to explain without a lot of assumed knowledge about IT and crytography.
Essentially the bank will know some information that's on the chip. When they issue a code for you to enter on the website, they will know what result to expect back from the card due to them knowing what's on the chip.
It's hard to explain really without knowing your level of IT knowledge.0 -
Fiddlestick wrote: »It's hard to explain really without knowing your level of IT knowledge.
Its pretty high. I understand RSA and the Secure Hash Algorithms and have coded the latter (well SHA 256) in C++. I dont see what can be on the chip to make each transaction unique.Fiddlestick wrote: »When they issue a code for you to enter on the website, they will know what result to expect back from the card due to them knowing what's on the chip
The code comes from the card reader not the website. But I might use the card in the reader three times and generate three different codes. How do they know which one I will enter???? There could be some kind of counter implemented in the card reader (I don't think there is), but I would be able to totally confuse things since I can use different card readers if I want.0 -
There could be some kind of counter implemented in the card reader (I don't think there is), but I would be able to totally confuse things since I can use different card readers if I want.
There is a counter. It is implemented in the card not the reader. All the "intelligence" is in the card not the reader.
Have a read of this
http://www.cl.cam.ac.uk/~sjm217/papers/fc09optimised.pdf0 -
If its unique, how does it work as there is no communication between my card and the website!!
Just think of this - in a family, both parents can tell how old the children are, without talking to each other! Magic?
However, there's one useful thing that can be deduced from the "no communication" part - you can actually hit identify a couple times, and write down a list of numbers. If your bank is using the identify codes for login (like Barclays do) each of them can be used to log on, but only once. Remember to cross the used number out.
However, this only works with the "identify" part, any other use may (not necessarily will) invalidate the written down numbers - this include any other use of your PIN - purchases, ATM use, any other login type activity.Enjoy the silence...0 -
Thanks noh and chexsum. I think I understand it now. I read the article noh gave in the link and it explains the bit about the counter on the chip and also about the different functions, Identify, Respond, Sign. I use Identify and Sign with Nationwide and Respond with Natwest.0
-
Thanks noh and chexsum. I think I understand it now. I read the article noh gave in the link and it explains the bit about the counter on the chip and also about the different functions, Identify, Respond, Sign. I use Identify and Sign with Nationwide and Respond with Natwest.
Identify used to login
Respond tends to be for setting up payments
Sign - payments also?0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.9K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.9K Work, Benefits & Business
- 598.8K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards