We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Natwest Card Reader?
Comments
-
I've had my card reader for months but have yet to use it - I thought they had decided not to bother!
0 -
As I have seen a very noticeable lack of news reports of customers complaining of illegal use of their online banking but, see plenty of the card and pin illegal use with a chip and pin then in all honesty this is just scare mongering I see no facts and or figures to justify such a system that requires the extra effort.
The banks don't provide any
There's a noticeable lack of news reports on many things which are still happening. Most reports of chip and PIN fraud have been either with people shoulder-surfing your PIN (which shouldn't really be an issue at your own home) or cloning through hacking chip and PIN readers (which also isn't an issue as the reader isn't connected to anything and CAN'T be connected to anything). Most other card fraud is from skimming magstripes or from card-not-present transactions; Chip and PIN, in and of itself, is very secure against attack, especially in the very controlled environments provided by the banks' PIN readers.0 -
Little_Mama wrote: »
We've had one for a few months now and they are fine. Bit of a nuisance
They are definitely a nuisance
But I haven't had any problem with them, apart from wanting to stamp on them repeatedly just because they are so naff. 0 -
I recently ditched my NatWest account because of this reader. I didn't ask for it and in all honesty have no reason to want to use it :rolleyes:
They use 128 bit encryption via https at online banking and I have a very secure password, theirs more thance someone using my card/pin with 4 numbers only than using a multiple character password on my online banking so to me it's an over exaguration I refuse to comply with
These are a great deal safer than a simple secure password and 128 bit encrytion. It's the equivalent of changing your password every minuite.
The reader generates an 8 digit unique password that's only good for about a minuite. No one without access to your reader. Your card, Your online banking details, and your pin can access your account.
Which is not the case if someone key-logs your computer, and phishes your password, no matter how secure. These card readers make on-line banking extremely secure.0 -
Thanks for your replies
I'm perfectly aware of what the card reader is supposed to be for - I have one!
The card reader is only for certain aspects of your account but, not for any logging in process and general viewing of your account ...etc so if someone was snooping on your account they can still access your online banking, look around, get your account numbers and sort codes, amounts of each account ...
In effect the card reader does nothing from the start for security of your account only after you've logged in and perform certain limited aspects of your account ...
I still see no documented evidence of fraud committed from on-line banking to warrant this card reader Proudly Banking & Saving With:
█ The Co-operative Bank.
█ Castle & Minster Credit Union.
█ Yorkshire Building Society.0 -
I've had one for about six months and haven't had to use it yet. It'll be required if I or a phisher set up a new payee or modify an existing one, isn't required so far for any payments to any of my existing payees.
Phishing routine:
1. get bogus email, go to fake site.
2. phisher opens connection to real site, asks for the login details NW asks for.
3. phisher goes to add new payee screen
4. phisher tells you that as part of the new account security process you're required to use your card, please press OK when you have it ready.
5. click OK
6. phisher starts to add phisher account as new payee, gets card prompt
7. phisher passes on prompt to you and you tell phisher the answer your card reader gives
8. phisher enters the card number and succeeds in adding the new account, transfers all of your money to phisher account.
9. phisher tells you that sorry, there's a manufacturing fault with your card reader and they have to send you a new one. Please try again once the new reader arrives, sorry for the inconvenience.
NW tells you that you're trying to con NW when you complain about the stolen money. Instead you simply believed NW's claim that it made your account more secure and provided the details when NW appeared to be asking for them.
The card won't protect you from phishing at NatWest. Only you, by never following links in emails from your bank but always going to your saved address for the bank, can do that.
Alliance and Leicester uses a shared secret and displays an image and word that only you and the bank (and maybe any employee who looks up your account) know. Not seeing those is a big giveaway that the site you're at is fake and you should leave immediately.0 -
8. phisher enters the card number and succeeds in adding the new account, transfers all of your money to phisher account.
Except that, at least in Barclays' implementation, you need to do the card reader thing AGAIN with an entirely seperate button to make a new payee.NW tells you that you're trying to con NW when you complain about the stolen money. Instead you simply believed NW's claim that it made your account more secure and provided the details when NW appeared to be asking for them.
That's not an argument, that's a scare story.The card won't protect you from phishing at NatWest. Only you, by never following links in emails from your bank but always going to your saved address for the bank, can do that.
Alliance and Leicester uses a shared secret and displays an image and word that only you and the bank (and maybe any employee who looks up your account) know. Not seeing those is a big giveaway that the site you're at is fake and you should leave immediately.
I can't disagree with that bit, but the card WILL protect you from people in different locations being able to get access to your account at will, which is an important positive step.
I don't see why NatWest's system can't be used alongside such a shared secret thing... any possible reasons?0 -
ShelfStacker wrote: »FYI, if you want an account without the readers, avoid Nationwide, Barclays, Lloyds TSB and NatWest at the minimum.
Virtually every 'big' bank is introducing card readers apart from HSBC and First Direct who have ruled them out.
Regards
Sunil0 -
These are a great deal safer than a simple secure password and 128 bit encrytion. It's the equivalent of changing your password every minuite.
The reader generates an 8 digit unique password that's only good for about a minuite.
I'm afraid thats not how the system most of the banks are using works - you can generate your passwords at any time and as long as they are used in order they will work..
The banks are not using time sensitive passwords - such as many companies use to login to IT networks..
Regards
Sunil0 -
I dont think Lloyds TSB are going down the card-reader route.... i think they opted for the far better RSA SecureID token approach, which would not require a bank card. I'm sure i've seen some of these for hsbc too. See below for more info:
http://en.wikipedia.org/wiki/SecurID
By "two factor", it simple means something you KNOW (password) and something you HAVE (the token generator)
Its exactly the same as using a cash machine, when the think you know is your pin and the thing you have is your bank card.
AFAIK, the card readers are the cheap solution to the problem.... the security tokens are more expensive. Tells us something maybe?0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 349.8K Banking & Borrowing
- 252.6K Reduce Debt & Boost Income
- 453K Spending & Discounts
- 242.8K Work, Benefits & Business
- 619.6K Mortgages, Homes & Bills
- 176.4K Life & Family
- 255.7K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 15.1K Coronavirus Support Boards