We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Card reader/secure key security...why the collective punishment by banks?
Comments
-
Well I'm about to close a Santander account because internet banking with them is impossible because of this 'feature'. Even to logon to view the account I have to start the process of registering my non-existent mobile and then decline its T&Cs.
Read on to the next bit of my post ... where you'll see that I said that I think a combination of Santander's and Halifax's systems would be the ideal, for people like you who do not have a mobile.0 -
Is this new customers only? I'm an ex-A&L customer, and their online banking hasn't changed at all for me. When setting up a new payee, I only have to enter an online banking password - it's not actually needed to log on or move money between Santander accounts. Only to set up a new Payee.Santander will send a code by text message whenever you set up or change a payment. Most of the population will always have their mobile on them, so it's easy and convenient.~share and enjoy~0 -
What you have done there is list some of the ways that you as an individual can reduce your exposure and could be summarized as "don't be stupid" But unfortunately, it is not just stupid people who get caught out. Think of all the people on the Play Station Network who have had their personal details stolen. Ok, so the debate on whether CCs were taken is still ongoing, but names and passwords did go. You can bet your life that there was a surge in failed attempts to log onto various banking systems - this is not the fault of the bank or the customer and a device such as a card reader would go a long way to slow down the bad guys, even for the "not stupid" people.baby_frogmella wrote: »First of all, let me make clear i'm perfectly aware that anyone can suffer bank account fraud no matter how careful they are. But i'm sure many people will agree that those who take measures such as
1) Not clicking on dodgy email links
2) Having antivirus/firewall software installed on their PC
3) Not giving their debit card PIN to every family member
4) Not leaving their cheque book/debit card on the car dashboard
etc
are far, far less likely to suffer fraud as a result. So why are the banks assuming everyone is at the same risk?
Another problem is that despite our best efforts, in the modern internet world only the true reclusive leaves few traces behind. While it is unusual for an average individual to be targeted: I will use you as an easy example, I'm not really picking on you, but I could easily find out that you are male, married and have just opened an N&P Gold current account, which gives me some idea of your disposable income levels, plus the fact that you have been in stable employment for many years. As a long term iPhone user, I hope you weren't caught up in the iTunes hacking a few months ago, and hope that Scottish Hydro is not hacked and "leak" your direct debit details. I could go on, and in more detail, but my point isn't about "outing" you, or that random individuals are often targeted (they aren't) simply that people who consider themselves - and indeed, are - "careful" with their info on the internet still leave traces to those who want to find them and it doesn't take long to build up a profile, that can ultimately be used to mount an attack. I only spent 5 minutes doing the research and spent longer than that filtering out some of the details and changing some slightly, with more time I could fill in the missing pieces, and confirm some facts quite easily. It isn't as if I'm practiced at doing this though I have working in and around the computer security industry so know some of the techniques involved, but not, I hasten to add, from the criminal side.
Don't get me wrong, I hate having to use two factor authentication when I just want to pay a bill online, but that is the modern world. I also hate having to carry around bulky keys for my house, car etc., I hate having to sign on to my laptop when I have the only account on it. But the bottom line is unless society changes, this is what is needed and I am left to ponder the alternatives. If a bank like Nationwide said they would offer an online access account that has no or limited validation but if you want to use it you had to sign an affidavit that you will not hold them financially or legally responsible for any fraud that takes place on your account regardless of who was to blame. Would you sign it?
SPCome on people, it's not difficult: lose means to be unable to find, loose means not being fixed in place. So if you have a hole in your pocket you might lose your loose change.0 -
StumpyPumpy wrote: »Think of all the people on the Play Station Network who have had their personal details stolen. Ok, so the debate on whether CCs were taken is still ongoing, but names and passwords did go.
If you had my credit card number, it would not help you to get into my internet banking.
Ok, you could commit card fraud with it, but that's a completely separate issue to online banking fraud.0 -
My point was that the cc's may not have been taken from PSN but the other info was very valuable and useful, but as you bring it up...If you had my credit card number, it would not help you to get into my internet banking.
Ok, you could commit card fraud with it, but that's a completely separate issue to online banking fraud.
It may not help to get into your internet banking but for others who have a cc and a cash account with the same bank you can often jump from one account to the other without having to log in separately. Some other banks use CC or DD numbers as additional authorisation when logging in. It is another breadcrumb in the trail. A cc number can also be used as a lever in social engineering attacks and impersonation attempts, as well as (obviously) spending on the card itself. Don't write off their usefulness to the bad guys so quickly.Come on people, it's not difficult: lose means to be unable to find, loose means not being fixed in place. So if you have a hole in your pocket you might lose your loose change.0 -
Is this new customers only? I'm an ex-A&L customer, and their online banking hasn't changed at all for me. When setting up a new payee, I only have to enter an online banking password - it's not actually needed to log on or move money between Santander accounts. Only to set up a new Payee.
It's an ex-Abbey account but with internet banking being a recent, short lived, addition.
My ex A&L one is no problem - except every time I logon they ask me to confirm my contact details. But that's just a single click - at the moment
I think they have asked for a further password for some transactions in the past - but it's long enough ago for me to have forgotten them - and the password.......0 -
Perhaps those people so opposed to using 2 step security should offer to bear the liability of fraud upon their accounts?0
-
mrs_deadline wrote: »Oh no! Needing it to log in sounds like a nightmare. Hope they won't force one on me in the near future... I was fondly thinking they were the last bastion of sanity!
Lloyds have said its for business accounts only at the moment.
What is look likes and how it works is below:
http://www.lloydstsbbusiness.com/internetbanking/cardreader.aspI am an Independent Financial Adviser (IFA). The comments I make are just my opinion and are for discussion purposes only. They are not financial advice and you should not treat them as such. If you feel an area discussed may be relevant to you, then please seek advice from an Independent Financial Adviser local to you.0 -
StumpyPumpy wrote: »My point was that the cc's may not have been taken from PSN but the other info was very valuable and useful, but as you bring it up...
It may not help to get into your internet banking but for others who have a cc and a cash account with the same bank you can often jump from one account to the other without having to log in separately. Some other banks use CC or DD numbers as additional authorisation when logging in. It is another breadcrumb in the trail. A cc number can also be used as a lever in social engineering attacks and impersonation attempts, as well as (obviously) spending on the card itself. Don't write off their usefulness to the bad guys so quickly.
I am afraid I am with Stumpy on both the posts so far..
My wife and I both bank online. My wifes details are relatively simple.
I have a card reader which I use to log on, set up new payments. I do my banking from home and the reader sits happily in the draw.
I also have the ability to log in do a subset of functions. I rarely use this since I received my card reader (I asked for it).
I am happy to have whatever security they want to provide because I have seen the issues from the other side- not in the depth that stumpy does (I would love to learn though) -and I know which option I think is best.
Internet fraud is growing and the banks are suffering.
What I personally like is should I be attacked and lose out at least I can say to my bank I did everything I was asked to do - over to you.
I doubt whether many people would sign up to an account where you absolved the bank of blame. If they did I am sure that they would be first to attack the banks for allowing it to happen despite the T&Cs.
If you don't like the set up choose an alternative provider.
18 months ago I received a call from somewhere purporting to be help desk offering to speed up my PC totally out of the blue. I was on the PC at the time.
I told him to go away, politely and very shortly after I started to get random web searches that didn't go anywhere near where I was pointing. The next time I used my CC to try and pay for something I get an authentication message asking me to input my CC details and PIN. Obviously I didn't and the PC froze anyway. It took many scans and before it was found and resolved.
I do not know if that was pure coincidence or not. I do know another person who has had near identical problems too.
I tried raising it with the CC company fraud department and they weren't the slightest bit interested.:mad: tThey could have at least pretended...
If you don't like the set up choose an alternative provider."If you act like an illiterate man, your learning will never stop... Being uneducated, you have no fear of the future.".....
"big business is parasitic, like a mosquito, whereas I prefer the lighter touch, like that of a butterfly. "A butterfly can suck honey from the flower without damaging it," "Arunachalam Muruganantham0 -
To the OP
The answer is for the same reason we all have to ensure speed cameras now....due to the small minority of drivers who speed all the time everywhere.
I have seen PC's in people homes where the virus checker is never updated, nor are the windows updates done, and finally the PC has several strange errors on startup. I wouldn't trust it with a barge pole - yet they do internet banking on it!
These people are highly educated and read the news etc and STILL they won't take proper action to secure their PC's...and I'd imagine they are not alone. I suppose they think the banks are there to pony up for any fraud that might take place on their accounts.
Short of shooting these people the banks are having to take ever more stringent measures to make their customers improve their security.
The time may come when the banks will require users to comply with some computer specification/security/anti-virus/ whatever rules AND allow their PC's to be remotely accessed by the bank to verify that these are in place - or you won't get your money back.
A bit like your car insurance company not paying out if you have left the key in the ignition in fact.
In short the blame can be placed fairly and squarely on your fellow citizens.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 349.9K Banking & Borrowing
- 252.6K Reduce Debt & Boost Income
- 453K Spending & Discounts
- 242.8K Work, Benefits & Business
- 619.6K Mortgages, Homes & Bills
- 176.4K Life & Family
- 255.7K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 15.1K Coronavirus Support Boards