Card reader/secure key security...why the collective punishment by banks?

DaisyFlower

I love my card reader. Whilst i'm ultra careful over security, fake emails, viruses etc it gives me added peace of mind that the bank are also doing everything they can to help keep accounts secure.

Banks have to pay back millions for fraud, they should be able to protect themselves against that as much as possible.

I presume not many people see locking their house/car and taking keys with them as inconvenient or bulky!

Lifes_Grand_Plan

DaisyFlower wrote: »

I presume not many people see locking their house/car and taking keys with them as inconvenient or bulky!

Totally ridiculous comparison. People access their house every day, multiple times per day and they know they will need to in advance.... the same cannot be said for online bank account access...

noh

Lifes_Grand_Plan wrote: »

Totally ridiculous comparison. People access their house every day, multiple times per day and they know they will need to in advance.... the same cannot be said for online bank account access...

Personally I access my accounts daily and know I will need to. Therefore i have a card reader accessible.

meer53

noh wrote: »

Personally I access my accounts daily and know I will need to. Therefore i have a card reader accessible.

I access my accounts daily too, the HSBC security device is tiny, it's no inconvenience at all. It's smaller than the average bunch of keys.

td_007

DaisyFlower wrote: »

I presume not many people see locking their house/car and taking keys with them as inconvenient or bulky!

A more appropriate analogy would be having one more lock than required on your front door. Imagine if your insurer insisted that you have seven locks or you policy is not valid...

Card reader does not assure 100% security and adding another layer of inconvenience (that is what I think it is) does not make me feel any more secure.

By introducing such measures, banks are simply making it easier for them to shift liability. This is already the case when banks insist that for a card fraud at an ATM, the holder must have compromised the PIN because PIN is infalliable...this ofcourse is not the case.

JuicyJesus

The Secure Key is absolutely tiddly. I slot it into my wallet just fine.

It is a bit more inconvenient, but not anywhere near as much as the alternatives, which would be either calling up on the phone or traipsing down to a branch, and it makes it a lot more secure. It's also a lot more convenient than the card readers, which are at least twice the size and a lot more cumbersome.

If you really, really think that this tiny thing is that big a deal then god help you when something truly inconvenient or frustrating happens... like, say, having someone steal all your money.

td_007 wrote: »

A more appropriate analogy would be having one more lock than required on your front door. Imagine if your insurer insisted that you have seven locks or you policy is not valid...

Your premium will most likely be a lot higher if you only have a Yale lock, as opposed to a deadlock or somesuch.

By introducing such measures, banks are simply making it easier for them to shift liability.

The point is that with Secure Key, which is the thing most people are bleating about, the chance of there being any liability in the first place is incredibly low. For a third party to access your account online they need to have the physical device (or to have broken the cryptographical algorithms behind it, which while well within the realms of possibility is far less likely than finding out someone's security details), know the PIN to it (which you shouldn't be sharing with anyone) and the answers to your memorable questions. It also divorces the telephone security side of things (with the security number) from the Internet side of things, so a compromise on one does not automatically mean a compromise on the other.

Banks lose a lot of money through Internet banking fraud, which after introducing two-factor authentication has dropped dramatically. Why should they continue to lose that money?

ChiefGrasscutter

td_007 wrote: »

Imagine if your insurer insisted that you have seven locks or you policy is not valid...

OK the Seven is a bit much, but certainly I know of places where insurance Co's specify that when leaving the house certain security proceedures are to be taken in respect of likely access point. Additionally all locks are required to conform to a certain standard (as another poster commented) and they may require more than one on external doors - I've seen two regularly. Then there is the constantly monitored alarm they also require, so when working at/in such a house you need to be given a code by the owners allocated to you etc.
If the owners don't comply then indeed the insurance don't pay - and yes they do come and check after an 'event' to make sure all their requirements were adhered to.

Actually getting into my online bank account is rather easier/quicker!

dzug1

But the insurance companies don't usually actually REQUIRE all those things. True, you can get a discount if you do have them, and if you take that discount and then don't use them they will not pay, but in normal households they are not mandatory.

dzug1

baby_frogmella wrote: »

a 10-12 digit password and your DoB. I like the additional security where you have to enter your password whenever doing money transfers.

I assume that 10-12 digit password is totally random and has never been written down anywhere? If not it's not particularly secure.

td_007

JuicyJesus wrote: »

Your premium will most likely be a lot higher if you only have a Yale lock, as opposed to a deadlock or somesuch.

No doubt. But my point was what if your were required to have 5 Yale locks? Does this make you feel more secure or then do you think that the insurer is trying to push their liability to you?

JuicyJesus wrote: »

The point is that with Secure Key, which is the thing most people are bleating about, the chance of there being any liability in the first place is incredibly low. For a third party to access your account online they need to have the physical device (or to have broken the cryptographical algorithms behind it, which while well within the realms of possibility is far less likely than finding out someone's security details), know the PIN to it (which you shouldn't be sharing with anyone) and the answers to your memorable questions. It also divorces the telephone security side of things (with the security number) from the Internet side of things, so a compromise on one does not automatically mean a compromise on the other.

Not quite. What is required is the debit card and PIN. One of the ways online accounts are compromised is via phishing that asks for login details. The next obvious step is to also ask for debit card details and PIN and you have all you need to get into someones account!! Ofcourse there are other ways of getting the debit card details and PIN as ATM fraud shows.

Just picked out two articles:
http://www.dailymail.co.uk/news/article-1163167/Chip-PIN-meant-beat-credit-card-fraud-Guess-Its-50.html

http://www.msnbc.msn.com/id/11731365/ns/technology_and_science-security/t/debit-card-thieves-get-around-pin-obstacle/

JuicyJesus wrote: »

Banks lose a lot of money through Internet banking fraud, which after introducing two-factor authentication has dropped dramatically. Why should they continue to lose that money?

There is no way that the "drop" in fraud actually be confirmed - it is in banks' interest to make that claim ...no conspiracies here :-) If that is the case then we have reached the pinnacle of security and should see no other measures being introduced. But I predict that this will not be the case.;)