Card reader/secure key security...why the collective punishment by banks?

baby_frogmella

After leaving Nationwide due to their card reader requirement, I recently closed my HSBC current account after i got a letter telling me i'll need their secure key to log onto internet banking in future. I've opened a N&P Gold current account which doesn't require any card reader to use their internet banking though i suspect one day they will introduce them.

First of all, let me make clear i'm perfectly aware that anyone can suffer bank account fraud no matter how careful they are. But i'm sure many people will agree that those who take measures such as

1) Not clicking on dodgy email links
2) Having antivirus/firewall software installed on their PC
3) Not giving their debit card PIN to every family member
4) Not leaving their cheque book/debit card on the car dashboard
etc

are far, far less likely to suffer fraud as a result. So why are the banks assuming everyone is at the same risk?

Credit card interest rates vary depending on your credit rating, why don't banks just hand out card readers to all those are deemed to be at high risk of fraud? Perhaps banks could record cases of fraud on a customer's experian report, if a customer has more than 2 cases of fraud reported in a year perhaps only then should they insist on imposing the card reader security on that customer?

p00hsticks

baby_frogmella wrote: »

Perhaps banks could record cases of fraud on a customer's experian report, if a customer has more than 2 cases of fraud reported in a year perhaps only then should they insist on imposing the card reader security on that customer?

Surely the aim is to try to stop fraud happening in the first place ,not shut the stable door after the horse has bolted ?

and why do you regard use of a card reader as 'punishment' ?

catfish50

The banks are protecting themselves from liability, which they have a right to do.

rb10

Firstly, there are lots of different types of fraud that can occur on an account. It seems that you are posting about internet banking fraud, in which case only (1) and (2) of the measures that you have listed are really relevant here. If I left my cheque book on the car dashboard - or, indeed, posted it to you! - it wouldn't help you to hack into my online banking.

Without knowing real statistics on exactly what online banking fraud occurs, it's very difficult for us to comment in any meaningful way. I don't know that there are any stats in the public domain. However, I think it's safe to say that occurrences of online banking fraud are far fewer than of card or cheque fraud.

The UK Payments Administration says that:

Banking online
In the UK more than 21.5 million people now bank online. Most fraud on online bank accounts involves a customer being duped into giving away their user passwords and security information via a phishing scam, or by their PC being infected with spyware designed to steal the information. If you are a victim of online banking fraud you have protection through The Banking Code, which states that you will not be liable for any losses unless you have acted fraudulently or without reasonable care.
The two most common attempted scams currently used by online fraudsters are phishing and malware.

This certainly gives weight to your argument of only requiring secondary authorisation for those who are considered 'at-risk' to fraud occuring. But choosing who fits into this 'at-risk' category is near impossible - unless they've already had fraud, in which case it's too late, as the bank has already made a loss.

I think that banks should leave the card reader/secure key idea behind, and go for a mix of what Santander and Halifax do, which I think would give the most user-friendly solution.

Santander will send a code by text message whenever you set up or change a payment. Most of the population will always have their mobile on them, so it's easy and convenient.

However, there are two issues here:
1) Some people do not own a mobile phone, or may have poor reception.
2) I nearly always use the same computer for online banking - can they not identify that this is a 'safe' computer?

Which is where the ideas from Halifax would come in ... where they make a phone call with a code when you carry out an unusual transaction (which includes logging in from a different IP address to normal).

Combining these two ideas would, I think, keep everyone's accounts secure (as any hacker would need access to your login details AND your mobile/landline telephone) whilst remaining convenient for the customer, who doesn't have to dig out a card reader each time they want to make a transaction.

baby_frogmella

p00hsticks wrote: »

Surely the aim is to try to stop fraud happening in the first place ,not shut the stable door after the horse has bolted ?

and why do you regard use of a card reader as 'punishment' ?

Its 'punishment' because for those of us who travel a lot and forget to take their card reader with them are !!!!!!ed....after all the card readers don't fit into a wallet where i suspect the majority of people keep their valuables when out and about.

dunstonh

and why do you regard use of a card reader as 'punishment' ?

I am not sure I would class it as a punishment but it is certainly far more inconvenient. I have the LloydsTSB card reader and it really puts me off using online banking.

It is not big issue but you need to have your card reader with you (which you are unlikely to if you are out and about). You need it to log in. You need it to send a payment.

I do my books every friday and dont have too many payments to make online each week. So, its not enough to want to make me look elsewhere but there has to be a better way.

coolesticeking

You can always contact Telephone Banking and make these payments if you do not have a card reader with you.

mrs_deadline

I agree - hate the inconvenience and clutter of the card readers. It's a double layer of security as you have to be logged in to online banking in the first place. I've complained to both Nationwide and Smile without success. I now use phone banking for transactions rather than going through all those interfaces.

LloydsTSB haven't sent a reader as yet, and I find their system about right. They make it easy to keep tabs on your account with personalised SMS alerts (e.g. new payment set up, foreign transaction). There's also a phone confirmation code for new transactions, which you have to enter on a pre-registered phone. This suits me but I don't travel about very much, and would hope not to have to do any online banking (beyond checking balances) while on the move.

jen245

I bank with Natwest, and only need the card reader to set up new payees, and make the first payment to the new payee, after that its not required. I cant remember the last time I used my card reader to be honest. I also have accounts with Halifax, who dont require card readers (at the moment!!)

noodle

It would be nice if banks gave the customer some choice about the security levels - perhaps with a corresponding understanding that the bank would not be liable for any losses which would have been avoided had the customer chosen more security (difficult to establish, I know).

Perhaps it would be like giving air passengers a choice between the plane with the inconvenient security procedures, and the one that anyone can just climb aboard.

From a personal point of view, I don't think readers are necessary to log on to banking and view information, nor to pay beneficiaries that I have previousy set up. I'm happy to use a reader to change any personal details, or create new payees. This means I have a higher risk of someone looking at my statement or paying my own bills than I might otherwise... and I'm happy with that.

My main banking is with Smile, and their security works that way (though that's the default - I had no choice in the matter) and I think that is a sensible compromise. It's also helpful that they use one of those readers that works for multiple banks.. so I have a couple of them and can leave one at home and one in the office - the two places I most commonly execute transactions.

It seems silly to complain about added inconvenience in online banking.. given that before online banking things were immeasurably less convenient.. but, still, a little more respect for the customer wouldn't go amiss sometimes.

mrs_deadline

dunstonh wrote: »

I have the LloydsTSB card reader and it really puts me off using online banking.

It is not big issue but you need to have your card reader with you (which you are unlikely to if you are out and about). You need it to log in. You need it to send a payment.

Oh no! Needing it to log in sounds like a nightmare. Hope they won't force one on me in the near future... I was fondly thinking they were the last bastion of sanity!