We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Card reader/secure key security...why the collective punishment by banks?
Comments
-
StumpyPumpy wrote: »What you have done there is list some of the ways that you as an individual can reduce your exposure and could be summarized as "don't be stupid" But unfortunately, it is not just stupid people who get caught out. Think of all the people on the Play Station Network who have had their personal details stolen. Ok, so the debate on whether CCs were taken is still ongoing, but names and passwords did go. You can bet your life that there was a surge in failed attempts to log onto various banking systems - this is not the fault of the bank or the customer and a device such as a card reader would go a long way to slow down the bad guys, even for the "not stupid" people.
Another problem is that despite our best efforts, in the modern internet world only the true reclusive leaves few traces behind. While it is unusual for an average individual to be targeted: I will use you as an easy example, I'm not really picking on you, but I could easily find out that you are male, married and have just opened an N&P Gold current account, which gives me some idea of your disposable income levels, plus the fact that you have been in stable employment for many years. As a long term iPhone user, I hope you weren't caught up in the iTunes hacking a few months ago, and hope that Scottish Hydro is not hacked and "leak" your direct debit details. I could go on, and in more detail, but my point isn't about "outing" you, or that random individuals are often targeted (they aren't) simply that people who consider themselves - and indeed, are - "careful" with their info on the internet still leave traces to those who want to find them and it doesn't take long to build up a profile, that can ultimately be used to mount an attack. I only spent 5 minutes doing the research and spent longer than that filtering out some of the details and changing some slightly, with more time I could fill in the missing pieces, and confirm some facts quite easily. It isn't as if I'm practiced at doing this though I have working in and around the computer security industry so know some of the techniques involved, but not, I hasten to add, from the criminal side.
Don't get me wrong, I hate having to use two factor authentication when I just want to pay a bill online, but that is the modern world. I also hate having to carry around bulky keys for my house, car etc., I hate having to sign on to my laptop when I have the only account on it. But the bottom line is unless society changes, this is what is needed and I am left to ponder the alternatives. If a bank like Nationwide said they would offer an online access account that has no or limited validation but if you want to use it you had to sign an affidavit that you will not hold them financially or legally responsible for any fraud that takes place on your account regardless of who was to blame. Would you sign it?
SP
You are mixing up credit card fraud with banking fraud. My post was about the overzealous practices used by some banks when using their internet banking. For example when i was with Nationwide i was forced (yes really) to use my card reader everytime i wanted to make an overpayment from my flexaccount to my NW mortgage through their internet banking! Has anyone ever heard of fraudsters paying off their victims mortgage?:rotfl: At least with Nationwide, you can still log on and see your account balance with your memorable data; HSBC will eventually require all their customers to use their secure key to even check their balance online....and First Direct will be following them soon (which is what they told me last week) hence why i didn't join them.0 -
I'm with NatWest and have had to use a Card Reader for the last year or two for online banking when setting up or changing regular payments.
I can see the pros and cons, but if I'm honest am more happy with the system than I'm annoyed with it. Anything that adds one more level of security is good, as far as I'm concerned.
If I want to be able to tell the time when I'm on holiday, I take my watch - if I want to use onling banking services on holiday, I take my Card Reader. That's as complicated as it gets.
Sorry it annoys you OP, hope you have many enjoyable travels to come! x0 -
baby_frogmella wrote: »After leaving Nationwide due to their card reader requirement, I recently closed my HSBC current account after i got a letter telling me i'll need their secure key to log onto internet banking in future. I've opened a N&P Gold current account which doesn't require any card reader to use their internet banking though i suspect one day they will introduce them.
First of all, let me make clear i'm perfectly aware that anyone can suffer bank account fraud no matter how careful they are. But i'm sure many people will agree that those who take measures such as
1) Not clicking on dodgy email links
2) Having antivirus/firewall software installed on their PC
3) Not giving their debit card PIN to every family member
4) Not leaving their cheque book/debit card on the car dashboard
etc
are far, far less likely to suffer fraud as a result. So why are the banks assuming everyone is at the same risk?
Credit card interest rates vary depending on your credit rating, why don't banks just hand out card readers to all those are deemed to be at high risk of fraud? Perhaps banks could record cases of fraud on a customer's experian report, if a customer has more than 2 cases of fraud reported in a year perhaps only then should they insist on imposing the card reader security on that customer?
Agree to disagree, But i find having a card reader for both my Natwest and Barclays Current Accounts a nice feature, Which makes it slightly harder for people to access my account online.
Each to there own i guess, Some like cardreaders etc, Some Don't.' You only live once ! Don't live to regret the past, But to enjoy the future '
Michael.0 -
Thank you for starting this thread Frogmella. I did the same and left Natwest when they introduced one and now I am going to leave HSBC. The only reason for being with them in the first place is because the internet banking is user friendly (definitely not for customer service/value for money).
On this subject can anyone recommend a good bank for internet banking?
***EDIT***
By good I naturally mean one without a card reader!0 -
No, I'm not mixing up anything. I fully understand the differences and the similarities: I suspect a lot more than you do. My only mention of credit cards was in a (perhaps foolish) attempt on my part to divert any comments on what was or wasn't stolen from PSN. Perhaps you might find it enlightening to actually read what I have written.baby_frogmella wrote: »You are mixing up credit card fraud with banking fraud.
So, let me get this straight - you are complaining about having to prove your identity to transfer money from one account (your flexaccount) to a different account (your mortgage) And this seems unreasonable to you?? I will try and make this as simplistic for you as I can with a little scenario. Just say I, as a bad guy, find out - using the same techniques I did before - enough about you to be able to access your online account. I want to transfer all your money to my secret Swiss bank account, but when I try, because that account is unknown to your bank, it asks for your card reader. Danm! my plans for funding a secret underground headquarters have been dashed. But wait a moment, I see that the bank only asks for a reader on transfers to other banks, so what to do? Easy, I have all the info I need to open a new account at your bank in your name. The bank knows me (you) as a customer so the security checks have already been done and so they are happy to set up a new account and provide me with a cash card. So I transfer your life savings into your (my) new account, no reader or other security required and take a trip to the cash machine to start paying for world domination. (And yes, I have deliberately missed out how to do one or two steps in this scenario, for both brevity and security, but they are all easy and possible for people in the know to do)For example when i was with Nationwide i was forced (yes really) to use my card reader everytime i wanted to make an overpayment from my flexaccount to my NW mortgage through their internet banking! Has anyone ever heard of fraudsters paying off their victims mortgage?:rotfl:
That's a bit of a blow, isn't it? Now the bad guys will have to guess how much money you have in your account before deciding the best time to raid it, and they can no longer watch the transactions to see when you're visiting the family and using an ATM abroad, before paying the family home a visit. You seem to have no idea how powerful this information can be in the wrong hands. (Actually, bank statements are more frequently accessed by people like Private Investigators and journalists rather than people after your money, but assuming you haven't taken out a super injunction recently, I'll stick with burglary as an implied use)At least with Nationwide, you can still log on and see your account balance with your memorable data; HSBC will eventually require all their customers to use their secure key to even check their balance online....and First Direct will be following them soon
Of course, I am exaggerating my scenarios for effect, it is highly unlikely this would happen on an individual level. However, it is possible. In fact it is easy to do for people versed in these things. It simply isn't worth it for the criminals most of the time, but you survive unscathed through the complacency of others not through your security. And I have seen the aftermath of very similar scenarios played out, though at a corporate rather than personal level - it isn't pretty. Being secure is like being a virgin: you either are or you aren't, there is no middle ground.
Come up with a way to guarantee the identity of someone making an online transaction that meets both your requirement for ease and everyone else's requirement for security at all times and you will have the banking world beating a path to your door. This additional security causes the banks to do the thing they hate the most: spend money. After all, they didn't bill you for the card reader, did they? They did a risk assessment and the conclusion was... to make use of a card reader. (btw any solution that includes the word "should" is immediately invalidated)
SPCome on people, it's not difficult: lose means to be unable to find, loose means not being fixed in place. So if you have a hole in your pocket you might lose your loose change.0 -
StumpyPumpy, wouldn't one solution be to allow me to nominate accounts to which I can transfer without having to use a card reader? e.g. I could tell my bank account to let me transfer money to my husband or to the council. In return, perhaps I could agree that I consent to any money transfers between my account and the nominated one, which absolves the bank of responsibility in specific circumstances.
My husband can already do this in that he doesn't need to use the card reader when transfering to accounts that he's transfered to before. I have to use the card reader every time.0 -
Fair enough, when I forgot my password it was only a couple of minutes on the phone to get them to reset it (I had to create a new one at next log-on).It's an ex-Abbey account but with internet banking being a recent, short lived, addition.
My ex A&L one is no problem - except every time I logon they ask me to confirm my contact details. But that's just a single click - at the moment
I think they have asked for a further password for some transactions in the past - but it's long enough ago for me to have forgotten them - and the password.......
Also, am I the only person in the country who's never had any problems with Santander?:cool:~share and enjoy~0 -
StumpyPumpy wrote: »So, let me get this straight - you are complaining about having to prove your identity to transfer money from one account (your flexaccount) to a different account (your mortgage) And this seems unreasonable to you??
Duh! Both the Flexaccount and a NW mortgage are both Nationwide accounts so Yes i think its absolutely ridiculous to use Nationwide's card reader for internal transfers. You will find other banks/building societies DO NOT require additional security when transferring between internal accounts.StumpyPumpy wrote: »Of course, I am exaggerating my scenarios for effect, it is highly unlikely this would happen on an individual level. However, it is possible. In fact it is easy to do for people versed in these things. It simply isn't worth it for the criminals most of the time, but you survive unscathed through the complacency of others not through your security. And I have seen the aftermath of very similar scenarios played out, though at a corporate rather than personal level - it isn't pretty. Being secure is like being a virgin: you either are or you aren't, there is no middle ground.
Come up with a way to guarantee the identity of someone making an online transaction that meets both your requirement for ease and everyone else's requirement for security at all times and you will have the banking world beating a path to your door. This additional security causes the banks to do the thing they hate the most: spend money. After all, they didn't bill you for the card reader, did they? They did a risk assessment and the conclusion was... to make use of a card reader. (btw any solution that includes the word "should" is immediately invalidated)
You seem to have a problem reading what i said in the very first post, so i'll repeat it: anyone can be a victim of bank account fraud, but those who take the necessary steps are far, far less likely to suffer fraud as a result. IMHO Just like credit card companies mark your experian report, banks should do the same with cases of fraud reported. Perhaps this would be the kick up the arris some people need to take proper security steps.0 -
serious_saver wrote: »Thank you for starting this thread Frogmella. I did the same and left Natwest when they introduced one and now I am going to leave HSBC. The only reason for being with them in the first place is because the internet banking is user friendly (definitely not for customer service/value for money).
On this subject can anyone recommend a good bank for internet banking?
***EDIT***
By good I naturally mean one without a card reader!
Norwich & Peterborough Building society's internet banking is very good (at least the new system). Unlike nationwide and HSBC, you don't get bombarded with ads all over the screen. No stupid card readers, secure keys etc to use, just a 7 digit customer ref, a 10-12 digit password and your DoB. I like the additional security where you have to enter your password whenever doing money transfers.
With their gold account, you also get free overseas debit card transactions, free sentinel gold card protection and top class customer support over the phone..ala First Direct
0 -
Absolutely: some banks have this in place, some don't. It requires a level of granularity that is not always present in the software and/or the procedures they implement. Another example would be the blocking of foreign ATM transactions. Normally, I have a bar in place at my bank that will stop any foreign ATMs dispensing cash, but when I travel abroad, I notify my bank and they loosen the restriction, so I can use my card in a Chinese bar if I wish. I do, though, become more liable for any misdeeds committed with it. This takes time and effort from both sides and does not help security, just my bar bill. The trouble is, the more exceptions there are, the more holes there are so it is in the banks' (and by proxy, the customers') best interests to limit the exceptions.StumpyPumpy, wouldn't one solution be to allow me to nominate accounts to which I can transfer without having to use a card reader? e.g. I could tell my bank account to let me transfer money to my husband or to the council. In return, perhaps I could agree that I consent to any money transfers between my account and the nominated one, which absolves the bank of responsibility in specific circumstances.
My husband can already do this in that he doesn't need to use the card reader when transfering to accounts that he's transfered to before. I have to use the card reader every time.
The important point though is that the banks aren't implementing this security to victimize people, they are doing it to protect everyone's interests and to actively disavow any organisation who does so is showing a lack of understanding of the reasons behind the decision. Hopefully better systems will eventually be realised, the problem is that whenever someone manages to build an idiot proof security system, along comes a better idiot.:) When everything was done "offline" at your local branch, with a manager who knew your family personally, none of this was necessary, but with a few exceptions, those days are gone.
I hate these devices myself, but it is still better than making my way to the local town during "bank hours" to get anything done.Come on people, it's not difficult: lose means to be unable to find, loose means not being fixed in place. So if you have a hole in your pocket you might lose your loose change.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.1K Banking & Borrowing
- 253.5K Reduce Debt & Boost Income
- 454.2K Spending & Discounts
- 245.1K Work, Benefits & Business
- 600.7K Mortgages, Homes & Bills
- 177.4K Life & Family
- 258.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards