barclays online, no options WITHout pinsentry

mgdavid

kAos wrote: »

Is this just me finding it shocking that in order to log in to my barclays on-line account (using pins entry) apart from my 4-digit pin number all other information is actually printed on my debit card. All a fraudster need is to have a look at me card, write down my name and the numbers there and they just need to guess (or use a few pinsentry "calculators") a four-digit pin, and they are in, able to transfer all my money off the account. I'm truly shocked with this lack of security!

Coupled this with their site's incompatibility with my browser/operating systems, I'm unable to contact them on-line for explanation (or even for looking up the details of my own account).

I'm livid and transferring my money out of them as soon as I get to one of their branches...

Incorrect. need possession of the card itself, and the PIN.
BTW where are all the 'Pinsentry calculators' you speak of?

TotallyBroke

wiggy68 wrote: »

TotallyBroke - it works across all banks because it uses an industry standard design, the security and personalisation is in the chip on your card, not in the card reader, which is just that a "card-reader".

It does not connect to the back systems as all it is doing is validating that the PIN number entered belongs to the card. It works standalone - which is why it is so secure as it is not connected to the internet or the computer - it can not be compromised by viruses.

Thank you for that.. but being totally stupid.. I don't get it
If I wanted to pay some money on a regular basis to say your account I need the PINsentry to do so. I put in my normal details, name, membership, passcode and then need to connect my debit card into card reader and put in my pin... If it doesn't connect to the banking system what is it verifying? You can't set up standing orders or bank transfers without PINsentry

callum9999

TotallyBroke wrote: »

Thank you for that.. but being totally stupid.. I don't get it
If I wanted to pay some money on a regular basis to say your account I need the PINsentry to do so. I put in my normal details, name, membership, passcode and then need to connect my debit card into card reader and put in my pin... If it doesn't connect to the banking system what is it verifying? You can't set up standing orders or bank transfers without PINsentry

It's verifying that you know your pin. It doesn't need to communicate anything to the banks - you type in your PIN, the card reader submits it to the card, then the card tells the reader whether the number you entered was correct or not.

I'm not sure exactly how it comes up with the code, but I'd imagine it's some kind of algorithm programmed into the card readers and the banks systems, and when you enter it as part of the login stage it just cross-references it.

wiggy68

kAos - the card reader will only work with a physical card, and it will lock the card after 3 failed PIN codes attempts (same as with the cash machine and when in use at a shop). The card reader has no use with no card.

If a fraudster has your card and PIN number (without your knowledge) he can use your card in any retail shop and purchase goods - this has been the cases for a few years - and a easier route for the fraudster as it can not be traced back to anything.

kAos_3

Thanks, All, for the replies! Must admit I haven't researched the topic, but reading about fraudsters cloning cards and reverse engineering CC terminals, I'm still very unhappy about being able to log in to their web front with the card (and all but the pin printed on it) and the 4-digit pin.