Nationwide card reader - rubbish

GeoffTF

savergrant said:

GeoffTF said:

Eco_Miser said:

The OP was apparently asked for the card last 4 digits after being instructed to put the card in the reader.

That is exactly the point. The OP complained that he could not read the last four digits with his card in the card reader. Being asked for the last four digits before having to put the card in the reader should not be an issue.

Quite. It asks you for the last four digits then tells you to insert the card.

I have only a single debit card with Nationwide. I have just tried it. I get a request for the last four digits of my card number before inserting my card, not afterwards when the last four digits are no longer visible.

dumpster_fire2025

savergrant said:

Rob5342 said:

Nationwide are hopelessly old fashioned, progress is something they take very little interest in. Most other banks let you do it very easily in the app without needing a card reader. 

Nationwide offer...in fact heavily promote their app...however i prefer the card reader as it means someone needs my physical card and my pin and not just my phone to authorise a new payee.
True on modern cards you can't see the last four digits when it's inserted (the card number is on the back pointing the other way) but you know it's going to ask you so look before you insert. Worst case scenario leave that bit until last and fill everything else in then take the card out. 

Sure, and if they get your phone they also need a PIN to get in, and then a PIN to get into your Nationwide app (which can be entirely different.) After that they then either need to use the card reader to verify the transaction or you need to pass a biometrics test.

If they have your card they just need your PIN. Which is more secure again?

andygb

savergrant said:

GeoffTF said:

Eco_Miser said:

The OP was apparently asked for the card last 4 digits after being instructed to put the card in the reader.

That is exactly the point. The OP complained that he could not read the last four digits with his card in the card reader. Being asked for the last four digits before having to put the card in the reader should not be an issue.

Quite. It asks you for the last four digits then tells you to insert the card.

It has never done that for me, it simply tells me to put the card in the reader then follow the instructions.

GeoffTF

dumpster_fire2025 said:

savergrant said:

Rob5342 said:

Nationwide are hopelessly old fashioned, progress is something they take very little interest in. Most other banks let you do it very easily in the app without needing a card reader. 

Nationwide offer...in fact heavily promote their app...however i prefer the card reader as it means someone needs my physical card and my pin and not just my phone to authorise a new payee.
True on modern cards you can't see the last four digits when it's inserted (the card number is on the back pointing the other way) but you know it's going to ask you so look before you insert. Worst case scenario leave that bit until last and fill everything else in then take the card out. 

Sure, and if they get your phone they also need a PIN to get in, and then a PIN to get into your Nationwide app (which can be entirely different.) After that they then either need to use the card reader to verify the transaction or you need to pass a biometrics test.

If they have your card they just need your PIN. Which is more secure again?

If your phone is infected with malware that can escalate it privileges (vulnerabilities like that keep getting discovered), it can change any code on your phone and remove those checks. It is more difficult for the attacker if they need to compromise more than one device.

flaneurs_lobster

GeoffTF said:

If your phone is infected with malware that can escalate it privileges (vulnerabilities like that keep getting discovered), it can change any code on your phone and remove those checks. It is more difficult for the attacker if they need to compromise more than one device.

I'd love you to find me one single verified incident where malware has been introduced into a phone and a banking app use to fraudulently move funds without the phone's owner being negligent with the handset and/or not having the usual biometrics in place.

booneruk

GeoffTF said:

dumpster_fire2025 said:

Sure, and if they get your phone they also need a PIN to get in, and then a PIN to get into your Nationwide app (which can be entirely different.) After that they then either need to use the card reader to verify the transaction or you need to pass a biometrics test.

If they have your card they just need your PIN. Which is more secure again?

If your phone is infected with malware that can escalate it privileges (vulnerabilities like that keep getting discovered), it can change any code on your phone and remove those checks. It is more difficult for the attacker if they need to compromise more than one device.

I do think there's a large amount of incorrect assertion here I'm afraid. Phones and banking apps are pretty secure these days.

First of all, in the majority of cases you'd need to do something pretty dumb like rooting your phone and installing malware from outside the official phone app stores. Even if your banking apps would work after doing this (the rooting), the idea that malware can reset pins/biometrics with the banking apps remaining happy with that and waving the bad actor through is not realistic. 

As we keep seeing on these forums (unfortunately), the largest risk factor with fraud is the human authorising payments to bad actors.

Let's not forget that in most cases of genuine banking app security failures leading to loss, the customer will be refunded.