Yet another Irrate soon to be Ex Natwest Customer.

Although this debate has dried up a little it should be said that every bank will ultimately do this, sadly the general populus are too stupid or too trusting to safely use online banking services and whilst that is the case banks need to do all they can to protect themselves and their customers.

Those in the know will understand the factors of authentication and will be aware that simply having “something you know” will always leave you at the mercy of who else knows it, either via compromise (keylogging malware), deception (phishing) or simply having chosen bad passwords. Due to this inherent threat many companies be they web based or corporate hardware are introducing 2nd factor authentication “something you have” and yes this does make life a little more complicated and banking online a little less convenient but security and convenience seldom coexist.

I was pleased to see that RBSG only use the card reader authentication on high risk transactions rather than login and personaly welcome the enhanced security for a slight tradeoff in convenience.

Just wait until we hit 3rd factor “something you are” then things will get really interesting.!

Trying to replace my Natwest Credit Card, though, appears next to impossible.

Different priorities.

Or are the 3 attempts specifically for each individual card?

Just wanted to know out of curiosity, im not a thief, just annoyed about having to use this damn thing all the time.

I’ve read the entire post and noticed that no-one has mentioned this…

Because it’s a card reader and that you have to enter your cards PIN into the reader for it to be checked against the card, this means that when you put your card in the reader the machine is reading your PIN off the card.

I assume that your PIN is encrypted on the chip on the card otherwise if anyone stole the card they could read your PIN straight off. So while it is encrypted on the chip on the card (with a Natwest specific encryption algorithm?) this reader is either A. decrypting the PIN using that algortihm to plain text, or B. encrypting what you type as your PIN on the keyboard to an encrypted PIN. As somehow this machine matches what you type on the keypad to the PIN stored on the chip on your card.

So i’m thinking that the Natwest encryption algorithm is on the computer chips inside this machine, otherwise how else can it match the plain text digits you type to the PIN on your card? So basically if someone removes the chip out of the machine and dumps the raw code they may be able to hack this if option A (above) is true, i.e. if the machine decrypts the PIN on your card then the hacker will probably be able to make this PIN display automatically on the screen when the card is inserted.

So if they go round stealing cards they can just use pop them in the reader to get the PIN too.

Maybe I’m reading too much into it, or maybe I’m wrong about the encrypting and decrypting of the PIN on the card and machine, but I thought it was worth discussing……..