2007-06-15

Why I might leave my bank: The NatWest Card Reader

nwcardreader.jpgI have received in the post a Card Reader from NatWest.

They have designed this device to beef up the security around the (excellent btw) online banking.

The flaw? The fact that we will eventually have to take the damn thing everywhere you go. And the card of course.

The whole point of online banking is, afaiac, the fact that you can use it anywhere. Now we will only be able to use it IF we have the card reader with us, IF we have the card with us, and IF it actually works. And IF the battery isn’t dead.

I regularly use NWOLB at home and at work, so what do they suggest? “You could use someone else’s.” Well that’s just stupid.

Further issues:

  • I have two accounts with NatWest, both of which are accessible with the same login credentials. However, only one of those accounts has a card new enough to use this card reader. When will I therefore be forced to start using the card reader? I don’t know, but I expect that they will send me a new card (meaning my saved card details at various sites will have to be updated) and probably another card reader.
  • nwcardreaderpackaging.jpgThe amount of plastic, cardboard and paper used to send the card reader is shameful. From the outside in: Plastic postage bag, cardboard box, plastic tray, cardboard box (again), bubble-wrap, plastic bag.
  • It is my joint account which is ready for the card reader, but the other holder (the gf) wasn’t informed, and certainly wasn’t provided with a reader. She has also used NWOLB from work, so that’s four places we already use the service, i.e. three places we now won’t be able unless we carry this thing with us. Which we obviously can’t both do.

I am happy to pay the few extra pennies it would take to cover the fraud that this device might prevent.
I am happy to take the risk that it is my account that is compromised if they just abandon this daft device.

I am genuinely considering moving to another bank if this reader turns out to be compulsory.

(you can digg this article)

Technorati Tags: , , ,

Tags: , , , , , , , , , ,
Filed under Rant | Trackback | Comments RSS | Add Comment

Previous: ‘Groovy Dancing Girl’ Video
Next: Ticketmaster Rip Off!

124 Comments

  1. ian 2007-06-20, 10:06

    I was really surprised when a letter telling me about this turned up. At first I thought it might be some elaborate scam. It’s a really crappy idea. They have lost the plot. Is there any kind of on-line petition to espress our distain of this thing?

  2. Jez McKean 2007-06-20, 14:21

    Not that I know of, but it would be easy to create one. But easy for them to ignore as well…

  3. Graham 2007-06-20, 23:36

    This card reader is ridiculous. I can’t believe they spent so much money sending them out, in all that plastic too.

    I learnt three interesting things today:

    1) When the batteries run out, NatWest will send you a whole new unit(!!) rather than just new batteries (bye bye environment)

    2) NatWest branch staff have no knowledge of the scheme.

    3) HSBC can transfer all my accounts in less than a week without me having to contact NatWest in any way whatsoever.

  4. Jez McKean 2007-06-20, 23:42

    The whole thing does seem rather half-baked doesn’t it?

  5. David 2007-06-27, 21:15

    I welcome the idea of this device. I’ve used similar small devices at previous places, albeit without a debit card to put into the thing!

    I believe you only have to use it when making transfers of money between accounts and to other people.

    My thoughts may obviously change when the thing arrives :)

  6. John Hilton 2007-06-28, 10:13

    The fact that this device can read your card and gives you a chance to try out a pin number means you could in theory spend an hour or 2 trying the 9999 combinations for the pin until you get the right one. this obviously means that if some thieving scumbag gets hold of your card, they can get the pin without having to try it out in a cash machine first!!!

  7. David 2007-06-28, 11:30

    John, The card reader works like any reader in a store. It will lock the card after three incorrect guesses at the PIN number. That gives a thief a 1 in 3333 chance of guessing the PIN number :)

  8. ben 2007-06-30, 10:57

    something tells me that some clever clogs will modify this device to not lock the card after 3 incorrect guesses and thus make a PIN cracking tool out of it.

  9. Jez McKean 2007-06-30, 11:13

    i would actually hope that the card reader has no ability to modify the card in anyway at all.

  10. Ben Walsh 2007-07-3, 13:07

    All processing will take place on the card itself, the card reader is exactly that - a reader. If it is the case that three incorrect PINs lock the card, then it is the card (or more specifically the chip on the card - which is more like a mini computer now-a-days) which will lock itself. Unless the implementation is very poor - you won’t have anything to modify in the card reader - so you won’t be able to try out all 10000 possible PINs without the card getting locked after three.

    As far as the system itself goes, I won’t accept being inconvenienced by it - if Natwest are willing to send out at least 5 card readers - one for each of the machines I use their online banking from - then I may be persuaded. Though TBH I was waiting for something that would push me through the hassle of changing bank - A&L are offering 6+% on up to £2500 on their current account - which when Natwest only offer 0.1%, makes the change pretty much a no brainer now. I resent being made to jump through hoops to reduce the risk and liability to Natwest.

  11. Jez McKean 2007-07-3, 18:16

    If the card is locked so that it can’t be used in shops either then I hate it. If it only locks it for use with the reader then I would hate it less.

  12. Martin 2007-07-6, 17:38

    I welcome the idea - never have trusted internet banking (and it is the field I work in!). When my account was with Barclays, I specifically requested that the internet banking access was disabled. Couldn’t do that with NatWest, so I look forward to the introduction of the Card-Reader…

  13. Anthony Thomas 2007-07-7, 00:04

    This card reader is a complete piece of rubbish. I got mine, enabled it, and thought nothing of it, it was only today when I actually needed to use it, and it hasn’t worked. The auth codes it is giving me keep getting rejected by NWOLB and they now tell me I have one more try or my card will be disabled, not going to try again because I’ve tried about 5 times, so the person I am supposed to be sending money to is being to be very angry and I’m very angry. My NatWest branch are going to get an earful tomorrow.

  14. David 2007-07-7, 17:32

    I think it is a good idea, you don’t have to use to for all online banking actions just some of the more risky ones. You will still be able to do the most comman actions without using it.

  15. Matt Lovett 2007-07-9, 14:28

    Its not a rubbish idea as such. It does help security. However they should have done what HSBC did and made it smaller and a key ring.

    Also all banks will be using similar devices eventually anyway, in the USA every bank uses them.

  16. Jez McKean 2007-07-9, 18:04

    Well that doesn’t sound like an endorsement to me.

  17. Bob 2007-07-9, 23:36

    Evening all, before i start i work for Natwest, who also support RBS Digital, Ulster Anytime, IOMB & Tesco PF, as well as the affiliated offshore Brands. The device itself is a standard issue one, supported and used by ALL UK banks, not just the RBS group ones, this also means that they’re all interchangeable, so your HSBC or Halifax one will work with your Natwest cards. In additon to combating fraud, the system is also being put in order to support a system called Faster Payments, whereby, any payment going to or from one of the APACS group banks will clear in 13 or so seconds rather than 3 days (no more excuses for late payments! :p ), hence a more secure system is needed than just pin, password and Customer Number.

    In relation to battery replacement, the device if used heavily will last 3 years, so your average user will barely touch the batteries on one of these.

    As for usage, it is only needed for second level functionality, ie whenever you currently do risky actions the system asks for 2 more charachters from your pass to re-verify who you are, these are the only points it will ask for authorisation, you don’t need it all the time.

    As for why only one half of of a joint accounts signatories receiving a card reader i’m afraid i can’t explain this without giving too much internal stuff away.

    Any further questions just ask, if you believe i am who i say i am cool, if not…well cool, i don’t care…

    As for changing banks if it becomes compulsory; tough, like i said all banks belonging to the APACS clearing group, i.e all of the major ones are making these compulsory.

    On a final note, these are proven to work, the RBS/Natwest Bankline services have used them for years. http://www.natest.com/bankline

    - Bob -

  18. JW 2007-07-11, 13:18

    Ok, Bob, answer me this: I have just received the card reader, yet one of my accounts (the one i use most for online transactions) i don’t even have a card for! I am actually, because it’s solely for state-benefits, not supposed to have a card for such an account anyway. What will happen now i wonder or will i be able to use the card for my other account to administer the second account? Which seems stupid.

  19. john s 2007-07-12, 10:12

    if you have 3 incorrect PIN attempts and your PIN is locked, you can unlock it at an ATM (providing you then remember the PIN number) This would be the same if you locked it in a CHIP and PIN device in a shop too.

    btw, chances are these devices are going to be used for pretty much all online bankling transactions soon - and that means credit card transactions. oh, you will prob see them used for phone banking too

  20. john s 2007-07-12, 10:19

    what did Natwest say in the letter that came with the card reader? obviously didnt state their case for introducing them very well!

  21. rob 2007-07-13, 15:35

    JW - if you don’t have a card then you should not need the reader - for that account. you should be able to carry on as normal with that account. it is only when you use the account with the card that you will need the reader. so if you wanted to pay money from this account into your benefit account you would prob need the reader.

  22. Dave 2007-07-18, 11:38

    Hi Bob,
    Thanks for your comments. I’ve received one of these and quite honestly it’s pee’d me off. I’ve not been informed about it prior to this just dumped with it, but hey that’s not your department :)
    As for it being a benefit to security, there is some weight in that but also not so.
    This will do nothing to combat man in the middle attacks ie: a pishing website pretends to be NW:OLB and takes the customers details. It will talk with the real NW site and the customer will be logged on, unfortunately so will the scammers. This is one of the attacks which already happens and will be able to continue in the same format with the card reader, especially if it is only being used for “less safe” transactions as you put it.
    I cannot understand why something like a RSA keyfob was not chosen. They are used worldwide by very large companies, for secure access to VPN by home users, and by banks themselves in many countries. Typically it seems that we are far behind and in the wrong direction. The Whole Chip and PIN thing was funny in that large sections of Europe have had the system implemented for decades. It still amuses me that the only place I don’t need to use chip and pin is in the bank itself where I can take out the most amount of money. :o/

  23. Beth 2007-07-22, 13:38

    Well Said BOB,

    i work for Direct Banking For RBS, im with a few of the people on here who say it was not communicated very well to customers, and they do look a bit off putting but to be honest why be so annoyed? its to PREVENT fraud. If your happy to let your account be the victim of fraud so be it. The bank are introducing these to help and change banks if they become compulsary? whats the point? as the second largest bank in europe we might be slightly ahead of the game than other banks but they will follow suit, thats a given so you will have to use them wherever you go. just my opinion

  24. Jez McKean 2007-07-22, 18:24

    It’s annoying because it’s inconvenient, and worse, it will soon prevent me from being able to use online banking when I’m elsewhere.
    Stopping legitimate users from doing what they want is clearly a bad idea.

  25. RBS-promote-waste 2007-07-23, 16:32

    It’s a ridiculous idea. I am quite irate, as eventually this will be standard and I am guessing necessary for all transactions.
    RBS have just sent me one. Do they think I really need another piece of crap to carry about with me…..or do they think nobody ever uses internet banking without leaving the house.
    Incidentally it’s not half as bad for me as I am a girl with what could be regarded as a ‘handbag’ to put the damn thing in..(it can live at the bottom with all the other nonsense I don’t need)..how about you blokes with your ever bulging pockets or worse, jackets that you can’t put down for fear of having the thing nicked.
    What I’d like RBS to do is take the thing back and think a bit more carefully before lumbering their customers with unenvironmental and stupid systems. You’d think someone there might have thought to combine the thing into your mobile, or better still thought of a way of avoiding this rubbish altogether……….if anything concentrate on fraudulant email RBS!

  26. MikeW 2007-07-24, 13:28

    If they are so concerned with security, how come none of the ATMs yet use Chip&PIN - unlike in France and Belgium, where all machines use the chip - and where they also let you keep ‘cash’ on the card - surely another missed opportunity for the UK.

  27. JohnH 2007-07-25, 12:51

    It’s not a bad thing to be more secure online though the size of this unit and the packaging does seem to be an issue to some people.
    You should remember that it is new and nobody likes change.
    As time passes and more banks come “on board”, I’m sure feedback from customers will help banks to make future improvements (like a keyfob sized unit).
    My main “niggle” is that these readers seem to be made by some company called Xiring which is a French company (Electrics & France don’t go together!!) - why can’t my bank find a better supplier.

  28. jimi 2007-07-27, 11:21

    Good old Natwest! I’m working abroad and use my online account quite a lot - tried to make a payment to somebody today and - without any explanation - was asked to use my card reader. My card reader? Card reader? What? The ‘help’ box seems to indicate that this is a thing that looks something like a calculator. I search for more help on the website and find no mention at all. Finally a google search shows your page, and I’m able to find out what’s going on - ie, that Natwest have managed to find a whole new way to take my banking experience to as yet undreamed of levels of frustration and rage. Argh! People who claim this has anything to do with online security are obviously in cahoots with the evil swine - this is revenge for all those cutomers claiming back unfair charges. No doubt this will not be the final measure. Maybe they should reintroduce the LENSLOK too? Or perhaps they could eliminate online fraud by replacing our cards with individual pieces of coded paper, of a range of denominations, that, for security purposes, should be handed physically to the person we’re completing a transaction with? Damn you Natwest! Damn you to Hell!

  29. Nathan 2007-07-28, 16:02

    “I am happy to pay the few extra pennies it would take to cover the fraud that this device might prevent”

    Take it from someone who works in the fraud department for lloyds tsb, fraud very rarely occurs in the form of ‘pennies’ and this device is going to be a breath of fresh air when lloyds invest in it. I have an account with Natwest and am looking forward to not having to worry as much about online fraud.

  30. rob 2007-07-30, 14:49

    jimi, did natwest finally manage to send you a card reader to where you are working, or did they expect you to do no online banking at all until you went back home and collected your reader? if that is the case, then pretty shocking i would say

  31. Dunedin397 2007-07-31, 10:20

    Hello Everyone,

    I received a letter from the Royal Bank of Scotland informing me I’d be receiving a card reader. This was the first I’d heard about it and I’m very annoyed about the device itself and the way it’s being introduced.

    I don’t believe that this device provides better security, in fact it does the opposite. With RBS you have a user name and password, nothing else. Now I need my bank card AND this reader. This introduces a physical security risk now that I need to carry this device around with me. This means it could be damaged in transit, lost or stolen, causing massive inconvenience to the customer. Carrying this device around isn’t acceptable.

    If this device is stolen from me and is then used for criminal purposes, what would happen if the device is then recovered by the Police and then traced back to me? I could be implicated in a criminal act. This may seem extreme, but in this day and age where insurance companies and lawyers look to ensure their client isn’t held responsible, it’s very possible.

    At this time RBS says it’s only for certain types of transactions. However, how am I supposed to know what sort of transactions I’ll want to do and where I’ll be carrying them out? I could be at my office, another office, a family or friends house, or even abroad on holiday and I need to carry do something quickly. Unless I carry this reader I won’t be able to do that.

    I believe that over time RBS will increase the types of transactions that will require the reader. I also wouldn’t put it past the banks to pass the cost of this device to the customers, requiring them to pay for a replacement.

    I’d also say that this also helps the bank move the onus of security from the bank itself to their customers. They are making their customers be responsible for a device they did not ask for.

    The great thing about online banking is that I can manage my money anytime, anywhere. Now that I’m required to use a physical device, I’m tied to where that device is. The advantage of online banking is therefore removed. I may as well use the phone banking or find a bank with a local branch that I can use!

    I’m all for security, but this device, in my view, compromises it. Right now I already carry a piece of hardware that could be used, it’s my bank card. The numbers on the card could have been used to provide additional security and it’s on a convenient form factor that most people carry around with them.

    Lastly, my PIN number is good enough to take cash out of machines or pay for goods or services. If the PIN is good enough there, it’s good enough for online banking.

    If online banking requires this sort of device, then it’s inherently insecure in the first place.

    Dunedin397

  32. Dunedin397 2007-07-31, 10:23

    Hello Everyone,

    In addition to my post above, I contacted my bank’s branch and lodged a complaint. I did get a reply, but it really boiled down to the bank saying, you’re getting this wether you want it or not.

    If enough people are against this device, why don’t we get together and make a mass complaint to the banking ombudsman?

    Dunedin397

  33. Jez McKean 2007-07-31, 15:43

    Dunedin397, you’ve said (in comment #31) all the stuff I thought but didn’t write in my original post!

    A mass complaint is likely to get more reaction, but I don’t think they’d change anything until after a huge number of customers actually left.

  34. Jake 2007-08-1, 02:50

    Well I share the same concerns as most of you, I just don’t know where to begin!

    The first thing I knew about this card reader is when I unexpectedly received a new card (even though my old card didn’t expire for another 2 years) along with a letter telling me to expect a card reader soon.

    When my card reader first arrived, the way it was packaged made me think it was some sort of free sample, I can’t believe how much packaging is used to send these things, it’s crazy - what a waste!

    What I would really like to know is (and I’m surprised that no one else has brought this up), how does the card reader communicate with my bank? I originally thought I would have to plug this device into my computer but it appears not, surely data is not sent wirelessly to NatWest, is it? How else would the card reader know my pin?

    I found a section dedicated to the NatWest card reader on the NatWest website at http://www.natwest.com/reader but it still leaves a lot of unanswered questions.

  35. Jez McKean 2007-08-1, 07:44

    Jake, the reader doesn’t need to communicate with the bank, it’s just a convoluted way of checking that the person accessing the online banking has the physical card with them. And the bloody card reader of course!

  36. Dunedin397 2007-08-1, 20:21

    Hi Jazzle,

    I’ve actually spoken with the bank and lodged a complaint, so we’ll see what happens.

    Ultimately I don’t think a lot will change, but I believe a lot of non-IT savvy people who’ll get this won’t realise straight away what the implications are. For me, this is as bad as proposing to charge for taking money out of cash machines.

    I’m going to put together a document on why I believe this device isn’t going to add to security, but I want to ensure I’m know as much as I can. Has anyone seen anything published on the web on how US customers have fared with this or if it’s had any effect on online fraud? If so, could you post links here?

    Dunedin397

  37. Delta 2007-08-3, 14:27

    Well, I asked several tellers at two RBS branches about this after I recived my initial (and lacking in detail) letter about this. It was this page that acctualy explained it to me.

    It arrived today, so I took it to my bank and said “I don’t want this”. The teller said “Oh ok, I’ll have it destroyed for you”.

    I don’t think she had a clue what it was, but I’m going to have fun when the system activates next week and I can no longer use digital banking! (as you can tell, I don’t like my bank much)

    I can see another problem with these however. Customers will trust these devices, promised to protect them from fraud. Yet there is no way at glance to tell one from another. Is it not therefore possible that a fraudster could create a skimmer within the exact same casing, and then use it to gain card/pin details from customers?

  38. BOB 2007-08-8, 10:35

    I like it. I feal lyk a yuppie. I feal speshal. My bank likes me. I miss my canculator, this is like a canculator. I hate windows canculator.

  39. Jez McKean 2007-08-8, 18:00

    ^ hmm.
    I don’t really know what to make of that.
    (completely unmoderated btw.)

  40. Paul 2007-08-9, 15:16

    What is up with you lot? Do you really have a braincell amongst you? Does it matter who is saving from reducing losses??? At the end of the day it ultimately affects YOU. Losses will mean even lower interest rates and higher/monthly charges!!!
    Have any of you faced account take over?? If you have you’d know what a total pain in the arse it is?! You loose your credit rating and money and takes a long time to put right. This isnt always your banks fault but quite often yours! And your moaning about keying in a secure number during online transactions?? I will look forward to the increased protection this will give me. If you wanna blame someone, blame the fraudsters or yourselves, when your not so hot in looking after your personal details.

  41. paul 2007-08-9, 15:25

    Oh just to add this reader means you hold not only the card but the PIN too. If you enter the pin online in can be captured which makes your card/data even more vunerable. This proves you have the card and know the pin. Unless you tell me the pin and I have the card, noone can use it with this method. If you tell someone the pin and they use it, sorry its then been proved that you were negligent. Thats your problem. Not mine or the banks!!
    P

  42. Jez McKean 2007-08-9, 16:55

    Only if I tell anyone my customer number and my password and my pin can they use the site.
    If anyone gets in it would be my fault, I’m accepting that.
    We don’t need this card reader to prove that it was me that gave out my details.

  43. Jez McKean 2007-08-9, 16:58

    Only if I tell anyone my customer number and my password and my pin can they use the site.
    If anyone gets in it would be my fault, I’m accepting that.
    We don’t need this card reader (a fourth security element) to prove that it was me that gave out my details.

  44. Paul 2007-08-13, 09:02

    Its stops your details being used a subsequent time!!! If you don’t have this I could currently capture your card details and go shopping. With the card reader, each time it requires a number which changes EVERY time I shop. Thats the clever bit! If you are intercepted, the fraudster still wont benefit from having you details!

  45. Jez McKean 2007-08-13, 18:33

    Woop-de-do. So an attacker can’t use the pin thing again. But if they got far they will already have all the other details. NatWest have clearly said that only some actions will require the card reader. I’m sure that many of the others will be disruptive if taken by the cracker.

  46. Beth 2007-08-13, 23:03

    well it seems that the problem with this is still on going and further research in work i have found out more. the card reader WILL work anywhere in the world as it is not connected directly to the PC. You do not have to have a debit card on EVERY account all u have to do is link one to it, the debit card is for verifcation purposed and as a customer this card is linked to your own profile with the bank NOT you customer number with Digital Banking, You will be able to cross brand (ie use RBS reader with NW) and also cross bank (RBS with HBOS) it is only required for 2nd level things, ie when you set up a new Payee/beneficiary or set up a standing order etc normally where you are asked to again confirm 2 random password characters, i work for the bank and have NOT been sent and new card or reader so its a random selection, So its a v good and safe idea.

  47. Beth 2007-08-13, 23:15

    As for the comment about a skimmer…. how could they get your card details and clone the card unless you used somone eles device of give your device to somone else? then ou would be liable, also as for only needing you customer number password and 4 digit code to get in to digital banking your right… but what if a virus/tracking cookie/keystroke logger gets into your computer how do u know they havent already got thi information.

    And like i said it doesnt matter when this comes into force because as long as you have ONE debit card for ONE of your accounts then it will work.RBS business accounts have been using it for a long time and we did not have this uproar.

    The pin is NOT entered online it i used on the card reader and if your worried about you pin and card number being compromised then this could be done in any store, at any ATM even in your own home. Jut give it a chance. I cant comment on how convienient or not convienient it Actually is as i dont have one but in theory it is a good idea

  48. Thomas 2007-09-10, 17:52

    I welcome the idea of additional security but find this device cumbersome and inconvenient! mostly as I log in from different computers a lot of the time.

    I for one WILL not be carrying this around, each time the device is required I will simply ring action line and carry out the transaction through them.

  49. Darren 2007-09-11, 12:26

    A friend of mine has told me that he’s getting an RSA keyfob to use with his bank account - why couldn’t Natwest do this instead? A keyfob you can attach to your keyring can be taken everywhere with you, who is going to be carrying a card reader to/from work and other places they might want to use NWOLB?

  50. John 2007-09-12, 00:38

    Any Idea, even if it is inconvenient but increases the security of online banking, is welcome. I had been the victim of fraud and clearly see that this small inconvenience may save everyone from disaster.

  51. Mark 2007-09-13, 15:59

    At first my initial reaction was “What a stupid Idea they really didnt think of this?”

    now after much deliberating I am comfortably satisfied that I was right. I am all for extra security, but the device could have been alot smaller. My main concern is that maplins of all places, sell chip readers, and anyone with a tiny bit of programing knowledge can easily access the chip on any card and decode the pin, there is actually software for it. Couple it with the fact that these units could easily be replicated on a computer through the form of the widley known keygen, means that anyone who grabs a card or just happens to see what someones pin number is (remember, cashpoints, cameras readers) will be able to take advantage of this.

    Honestly the idea is good in principal, but it really needs a little extra thought in it. There are many things that can be done to this idea to make it better and more secure, and im a touch worried, they wont be apparent untill the worst happens. Unfortunatley, i now think this makes things easier for people.

  52. TigerMoff 2007-09-15, 16:18

    To whoever said that they would pay a few extra pennies to cover fraud cant have ever had the inconvenience of having their bank account fraudulently used. It takes about 10 working days and a series of phone calls to get things sorted and in the mean time you have an empty bank account.

    The reason why you dont use chip and pin at the bank is because there are still people who do not have chip and pin cards. This includes Americans who dont use chip and pin. Our cashpoints still have to take their cards and until the rest of the western world uses chip and pin we are going to have to wait, which really makes the concept of chip and pin useless. But it is quite useless anyway as has been proved by a university (cant remember which one) who made a chip and pin card reader which allowed the fraudulent use of chip and pin cards.

    This system is a start to stop these groups of fraudsters taking OUR money. They need to be stopped and if this is going to help then I for one am all for it.

  53. Jez McKean 2007-09-15, 21:03

    It was me that said that.
    I’ve had my Credit Card fraudulently used, and it was sorted within 2 days.

    The reason we don’t use C&P at the bank is that we are then dealing directly with people who the bank have authorised already.

    You’ve even managed to contradict yourself - you say that C&P has been compromised and then say that you’re happy to use this system.

  54. annon 2007-09-15, 23:11

    interestingly, natwest are now asking for a pin (via a chip and pin reader) when you make trnasnactions over the counter at m y branch…

  55. Shaun 2007-09-17, 13:57

    Got mine through the post this morning, I don’t see what all the fuss is about. You don’t need it to log on to NWOLB, only to make payments. It’s not like I need to carry it everywhere I go because I wouldn’t feel comfortable making payments on public computers anyway, so it doesn’t make a lot of difference in that respect. In terms of using it on a work computer, yes the thing is bigger than a keyring but it’s still pocket sized. You just got to remember to take it with you. Besides something smaller is more easily lost.

    As far as the joint account issue, just phone up Natwest and ask for a new one. I’m sure they’ll oblige.

  56. Jez McKean 2007-09-17, 18:04

    You just got to remember to take it with you.

    If you can plan that far in advance, why not just do the transaction then?

  57. becs 2007-09-18, 20:03

    This is AWFUL. I have been sent a card reader but no card, so I cannot do ANY onlline transactions. If they send me a new card I cannot use my current cash card until it turns up, and often postmen need you to sign for these, and then they end up in sorting offices, get sent back to the bank,etc. I work away from home a lot, so obviously this card reader thing is a big disaster. I have been with natwest since I was about five (piggy bank) but I am leaving for more ethical and less plastic pastures new. It bugs me that some idiot thought this would make customers happier!??

  58. Den 2007-09-21, 04:21

    You guys are stupid, this system has been introduced in Switzerland for already 5 years and until now everyone likes this system. And as far as i know Swiss banks are the best at everything including security. I think the problem here is that British people hate innovation and they don’t like to evolve. USE IT and you will get used to it. You guys are just too stubborn.

    Guys we are in the 21st century and Britain doesn’t have any more colonial power its just another EU country like the other 25, get over it, integrate with the rest of the world, don’t try to be rejects

  59. Jay 2007-09-21, 06:55

    I think some people have missed a couple of key points here:

    The card reader is generic and not Natwest specific - there is certainly nothing unique about YOUR reader - it will work with ANY chip’n'pin card, just like the ones in the shops. This means that in a year or so, these readers will be very common.

    Okay, so it’s a bit of a hassle now if you are at work and your reader is at home, but you can borrow your colleagues/friends Lloyds TSB reader or Barclays reader - it doesnt matter. You don’t HAVE to use a Natwest Chip’n'Pin machine when you are paying for your shopping at Sainsbury’s do you!

    And remember that you only need to use a reader for 2nd level authorisation - eg. add new payee etc.

    Finally, as bob stated above, if this facilitates faster online payments - 13 seconds vs 3 days I all for it - I’m sick and tired of the banks holding onto the money for all that time.

    But, with that all said the amount of packaging relly is disgusting! Come on Natwest!

  60. ghost in the machine 2007-09-24, 21:39

    Very useful thread that helped put some perspective on the issue.

    I’m left with the conclusion that this is an admission that On-line Banking is not secure (big surprise have you ever dealt with any of their ‘experts’?), and the banks, particularly Natwest at this time, don’t intend to make it so - as its cheaper to assume that its the fault of the customer.

    If the problem is the customer it doesn’t matter what they come up with - so they might as well just cover themselves and protect their revenue. Social engineering is still the biggest problem to any security system in any industry.

    So we receive yet another hoop to jump through before gaining access to our own money (remember that, when they phone you and then ask you to prove who *you* are by “taking you through security”), but we get a whole new breed of potential problems that stop you accessing your money for what may be critical services (hospital insurance payment in a foreign country anyone?):

    1. You don’t have access to a card reader (going to borrow a strangers?)
    2. The card reader may not work for an un-quantifiable number of reasons
    3. Your card may not work
    - you have no/lost your card (which is why you are accessing On-line Banking)
    - you have no pin
    - you have a joint account with only one card (by design - taking cash out is different to making bill payments)
    - broken mag-strip (more common with Oyster carriers these days)
    - broken Chip
    - you deliberately destroyed your card due to the convienience of On-line Banking
    4. The numbers generated may be wrong
    5. The online system for checking the numbers may be faulty
    6. You miss the window or are on the threshold of it for entering your number during long/slow on-line processes

    Current On-line Banking with Natwest has none of these problems.

    Perhaps there is a nice expensive number to call for ‘technical support’? Or a hidden commitment to ship within 8/12/24hrs a replacement should any of these things inconvienience you? Or you just phone Actionline.

    For all the finger pointing about users being resistant to change, the beneficiaries of not adopting/mis-implementing this are the banks - who get to refuse to innovate on services and keep your money for longer, whilst pointing at each other and stating that they are only following the industries ‘developments’.

    For those who have been a victim of theft/fraud - this is an attack that does not scale, if you are careless with your details, it should not affect my account - be very worried if it does, but this ‘innovation’ won’t help protect against this.

    With all other things being equal the qustion is - why have Natwest managed to mess this up so badly, and do you want them protecting your money?

    Switzerland and RBS, etc have all implemented this and some people seem happy - its the first I’ve heard of it - what did they do right? Why aren’t Natwest adopting a system that already works?

    But don’t just register a protest vote, suggest a better alternative (appeal to someones greed to climb the ladder), and in the meantime I’m going to ‘lose’ 1 of these a day until I can be sure that there is an abundance of them in my vicinity just in case I’m stupid enough to want to use their, by self-admission, insecure system to transfer my money.

    Maybe once they have run out we can get a better v2.0

  61. Sam 2007-09-28, 15:24

    Lets remember that this device won’t actually prevent fraud, merely make it harder for someone other than ‘you’ to login to internet banking. Anyone can make charges to you account so long as they have the card number, expirary etc. When I had fraud done to me, it wasn’t because they logged into my account, its because my details were stolen; probably to make a clone or what not.

  62. Dianne 2007-10-1, 21:09

    So glad to have found this site - I thought I was going mad when I received the Card Reader mailing this weekend as I hadn’t read anything about it elsewhere. If you put “Card Reader” into the NatWest On-line search facility it does not come up with anything relating to the introduction of this irritance. I use NatWest on-line from abroad and am sensible enough to take care of my own security without having to pack their little black box everytime I travel. I note that another poster received a new card way before their old card was due to expire. I recieved a new card 2 weeks ago, with no explanation (just said it was to give me the advantages of chip and PIN early - der, had that since it was introduced). So I called my “personal banker” who told me that it was strange that she had had several calls like mine and that she was instructing people to cut up the NEW cards! Oh to have the benefits of a “joined up” banking service”

  63. Paul 2007-10-2, 12:17

    Don’t think advertising the details everywhere would be too smart, do you???!

    Its here to stop the ‘man in the middle’ attacks - a key logger, for example.

    Still can’t believe how narrow minded some of you are being!

    This isn’t about lack of security at banks online banks. Its about stopping criminals between you and the bank being able to use your details to carry out further transactions.

    This isn’t the responsibility of the bank! They can only do so much to make their site secure - they cant stop someone else picking up your login details, can they?!?!

    If some of the banks don’t know what it is, thats just poor communication and terrible customer service - I’d be looking at taking my banking elsewhere than trust my hard earned with them!

    Easy to slag things off isn’t it, but think just that little bit harder and you’ll see its actually quite a good idea. Certainly less inconvenient than having your account taken over by a crim.
    And yes, I’m an insider and see the effects it can have on people, and why 2 factor authentication (as its called in the industry) is so essential.

  64. Steve 2007-10-3, 09:26

    Ladies and Gentlemen

    Your attention please. Here are a few facts for you to digest. Take your time and think about this:

    1. Online Banking is a privileged “extra” service provided by the banks, they do not have to provide it and most importantly they do not have to provide any protection for using it what so ever. They provide their “security promise” because the rest of the industry does. But by all means, get annoyed with them and boycott their internet bank service, it will just end up not being cost effective and they will take it away from the masses making us an even more backward nation (we already lag behind the US, Japan and a lot of main-land europe). Go for it, be stubborn and bloody minded.

    2. This card reader technology is an industry standard and the majority of the banks are going to be introducing it – or something very much like it – in the near future. It is a future proofing device (and for those of you that are a little on the simple side, future proofing means it’s use could be adapted in the future to cover a wider variety of things on the internet, not just the internet bank). So, by all means, carry out your lame threat of leaving your bank to “teach them a lesson”, I’m sure they will be so very sorry to lose a miserable complainer like yourself. You could leave them to avoid the teething problems they are currently having, and go to another bank but rest assured that “other bank” will be introducing it as well and they will go through the same teething problems so you will just be delaying the inevitable!

    3.Go for it, stand your ground and fight the mite that are the banks, after all they are only trying to secure your money – to become a stronger company – to be able to offer better products. At the end of the day, no one is going to argue that banks are in the business to make money (anyone that does is just lying), but think about it, they make more money by beating the opposition and the only way to do that is to offer better products to the customers (higher savings rates etc). The only way they can offer better products and offer you a better service is to be more efficient to have more money to work with. The internet bank is one of the big holes in their security because they have to rely on us the thick public on our own PC’s. Us thick morons that reply to “phishing” e-mails no matter how many times we are told NOT TO and us simple ones that decide not to have any ANTI-VIRUS software because “it’ll never happen to me”. They can’t help us, despite what they do we just don’t listen and these internet bank facilities are costing them a fortune in lost profits, so they introduce this measure (industry wide) to try to help us realise the value of our money. But what do we do? Complain…shock!

  65. Jannik 2007-10-3, 09:42

    Well, I have just forgotten to bring my card reader to work again!!! Am I stupid, forgetful or simply old-fashioned? Well, I hope not, I’m 26 years old! It would’ve been fine, but as Murphy’s Law would have it, I need to make an important payment, to a new payee. Which now can’t be done, however, as it was politely pointed out to me by a colleagues, why not use the telephone? Well, I could I suppose, but doesn’t that defeat the purpose? I still provide my details over the phone, in full earshot of people in the office. I could go to the bathroom and do it there, but should I really have to go to such lengths?

    Personally I don’t think so. This device has caused me hassle and endless grief. Fortunately being the “narrow-minded” sole that I am, I contacted HSBC and they assured me that I they currently don’t have plans to introduce such a device and they can transfer all my accounts, by simply calling them. My partner is with HSBC and well, she laughs at me every time I have a rant about this thing.

    Well, I have now had enough, I’m taking back control of my banking and leaving Natwest after a long and mostly successful relationship. I must mention that I appreaciate what they are trying to do and that I’m probably ungrateful and “idiotic,” but I was under the impression that efficiency and progress was the name of the game these days. I want to do MY banking when I want and where I want. Hopefully HSBC remains strong in this respect and true to their promise.

  66. Paul 2007-10-3, 10:21

    All banks and B.S. are looking at implementing this over the next 18 months or so. The agro of leaving one, to go to another won’t get you away from it.
    This morning I was watching BBC News and some guy came on who had his identity taken over. It took 2 years to get sorted having lost a property purchase (which made him homeless) due to poor credit ratings etc as a result. 2 days to replace a card, as a previous note suggested, was just a card, not an identify. This reader is another process to help reduce this risk.
    Your current account is the greatest risk owing to the many types of transactions where info can be picked up. This reduces another loophole in these systems / stops another route for crims to capture this info.
    Your choice. Keep fighting against the banks, you wont win. Its not just for their benefit.
    As suggested above, each time you move, you’ll be with another bank just about to launch and learn mistakes. Are you not better off staying with those that sorted their systems and processes early on?

  67. Adrian 2007-10-4, 08:30

    Maybe, but until then I am reeeeeally happy, that I still have my basic HSBC account. I was working in the UK but I moved back to my home country end of June. Today I was going to transfer some money from the Natwest online to a new payee, but I was surprised…card reader??? what the heck??? Probably they sent me a reader, but to my old, UK postal address-so long story cut short I have to transfer the money to may HSBS account /I have got it among the payees/ and from the HSBC online I can send the money further. Crazy! Paranoid society!

  68. Dan 2007-10-4, 23:54

    I just got stung by not having one of these on me. Im in an internet cafe.. lets face it.. this card reader is a bad idea for the consumer.. we get our money back if our accounts are robbed anyway? perhaps all computers will have a card reader as standard.. but for the moment why not enable us to lock our online banking to specified ips?

  69. Stephen Southwell 2007-10-15, 15:59

    having spoken to Natwest by phone I have been informed that the ‘reader’ is only needed for ‘online’ transactions so there will be no need to take it with you anywhere - I have suggested that when they send the letter it should include part of your account number do authenticate the letter as I certainly wasnt sure this was a bona fide letter or a spoof scam attempt.

  70. Jez McKean 2007-10-15, 18:16

    the ‘reader’ is only needed for ‘online’ transactions

    That is the exact problem!

  71. Steevee 2007-10-16, 15:35

    What a bunch of Morons!! Not the Banks, You Guys!!!

    I haven’t received my Card reader yet and i am disappointed about that, i want to be more secure, i want to be safer, i want to be as least vulnerable as possible to fraud and most of all i am open minded and not afraid of change. Majority of my colleagues have the device and are nothing but happy with it, never had any problems, carry their reader around with them no problems. Don’t be so lazy and technophobic, just do it, get on with it and stop complaining - either that or when your chances of being a victim of fraud etc are dramatically higher than those of us that just adopt the “Proven” System then see if you complain so much then.. Its never happened to me but id imagine it is one of the worst financial situations to be in and can leave you entire credit history in pieces which in most cases is irreversable and leaves a black cloud above you head for your whole life preventing you from doing a lot of financial things.

    You think you are the victim now having to adopt to this system, why not think about people that have been a proper victim, but hey i guess it will never happen to people like you will it???!!!

  72. Jez McKean 2007-10-16, 18:08

    Technophobic?!
    I’m a web developer, I hardly think I could be accused of that!
    I genuinely believe that this device is overkill, and a will be a nuisance to many more people than it will unwittingly save.

  73. Steevee 2007-10-17, 13:38

    Ok, but do you not think it is worth it if it can spare even a select number of vulnerable people from online fraud?

  74. Jez McKean 2007-10-17, 17:39

    Honestly, no.
    I’d like to see genuine stats on who’s to blame for online banking fraud, I suspect the individual account holders will not be blameless.

  75. Geeyen 2007-10-17, 22:27

    I just received mine today - Haven’t activated it, I will wait for the automatic activation in 21 days, until which time I don’t need to worry about this!!

    I have gone through the Natwest website help pages and they mention only about the respond key, which seems to be the one that is discussed here for online banking purposes. You get an 8 digit reference which when entered on the card reader will provide you with a secure code to enter in your online banking page.

    However I think there may be more surprises like this in the future. The card reader seems to have other keys with “identify” and “sign” labels. If you press the “sign” label, the reader ask you for your PIN first. Once the PIN is entered correctly it asks for a REFERENCE. I tried 12345678 and then it asks for AMOUNT. If you enter an AMOUNT, then it gives you and 8 digit code.

    Any ideas what these additional keys would do???

  76. Stew Griffin 2007-10-19, 15:39

    Online fraud is rocketing and some banks are trying to help out by increasing security. People used to moan about having too many pins and passwords not that long ago but you don’t hear much about that now. Why? Because eventually it becomes the norm. Just to correct a point from above, no the bank doesn’t just give you your money bank if you have given your security details away. If somebody in a naff NatWest secrurity outfit stood by a cash machine and asked for your pin number before you used the ATM, would you give them it? I think this is a step in the right direction and I have doubt they will improve the offering in future to make it even more user friendly. Also it doesn’t have to be the card reader you recieve that you need to use, you can use any reader as it is your card that is important for these transactions. Stop moaning and be thankful they are trying to combat fraud.

  77. Adrian 2007-10-26, 10:33

    I have just read all of this blog concerning the card reader. It is clear that several of the posters here have not any understanding of security and the Internet. The statement “I am happy to pay the few extra pennies it would take to cover the fraud that this device might prevent” is supporting crime I’m not sure that NatWest would like customers with that attitude!. If you need another reader for use at work, ask and you can have another one FOC.

  78. John Pryor 2007-10-30, 20:32

    Just to add to fuel to the fire - Barclays are going to use their PINsentry card reader when you want to make a payment to someone new and EVERY TIME YOU LOG ON! Now you’d better not leave your reader at home!

  79. James 2007-10-31, 08:15

    Pah

    We will all be paying for banking services soon and this is just the latest manifestation of a loss in consumer power over their bank.

    Fraud isn’t my problem. Its the banks. If somebody fraudulently acquires my details and uses my account then the banks legally have to cough up. This hindrance on my access to my own money is purely so that the banks can make even more money. Its not for my protection at all!

    So I’m looking to shift my money to a new bank and although many others may adopt this annoying system I suspect it will create a market opportunity for smaller players who won’t impose it on it. Its about time I shifted from a high street bank anyway … I’ve been screwed for far too long by interest rates which are 1 - 2% below the current market rate. Natwest you can kiss my £150k savings goodbye and I won’t be buying a mortgage from you either (but then I never would have anyway because although I’ve been stupid/lazy enough to maintain my account with you over the years the time has now come to move).

  80. Ade 2007-11-1, 09:42

    To put this to rest, a colleague of mine just got stung for over £15,000, How you ask? THE SCAMMERS USED A CARD READER!!! They were somehow able to get a Royal mail divert on his mail while he was on a consultancy assignment for 3 months. So all his mail including a new card, a pin number and a card reader were sent to this forwarded address. The scammers then transfered money and did online shopping to their hearts content. Did the card reader help? no it just gave them a direct link to the bank. What is the lesson here? The banks should find more intuitive ways of combatting fraud, not introducing elaborate technology which does not deal with the route of problems.

    I think it is another thing to add to my Mobile phone, Blackberry, Ipod and wallet, car keys and USB Key which I have to carry every day. I have had 4 occasions where I wanted to do something online and couldn’t because my card reader was no where to be found at the time I needed it.

  81. D Man 2007-11-3, 11:36

    I’ve scanned through this thread but I can’t see why people in favour of the card reader think the current NWOLB system is insecure? Phishing or MITM attacks surely won’t work because you only ever type in selected characters from your PIN and password when logging on, and they are never the same combination of characters for a subsequent session. Of course if you have a short password with the same letters repeated the risk increases, but that’s just basic security. NWOLB log-in details are virtually “one-time-only”, and pretty damned secure. I imagine we’re all going to have to get used to this card-thing like it or not, but again, what’s the point? The current system is much better than at other banks like Abbey, where you type in the same full password and pin every time you log on. I can only assume it is risk-management for the banks, dressed up as security for the users.

  82. Technical Geek 2007-11-21, 08:49

    Well I have a few scenarios which Natwest haven’t thought of and means this system is actually more dangerous than normal online banking.

    Scenario 1: Using system in multiple locations (As well all need to do) - online purchases or internet banking.

    Take card reader with you and card. Lost = no internet banking and no purchases

    Stolen = fraud!

    Scenario 2: Going abroad/away.

    You go away without the card or reader. You need to book a new flight as the one you were on has been cancelled and you want to get home - go online try to buy a new ticket - sorry no card reader.

    You try to check you bank account or make a payment - no card reader

    Scenario 3: At work or internet cafe.

    You take the card and reader with you. try to plug it in but the network guy says you can’t as it is not a “trusted” device. No banking or online purchases - which is great if you use this card for work purchases!

    p.s.

    I’m not bittter. Just know that this scheme will backfire badly and end up costing the customer.

    What if you break the reader - who pays? (free one from bank, takes time, customer ends up paying through bank charges).

    There are safer and better ways of doing this and this system introduced will lose NATWEST many customers - I bet there was a whole team who went - “that’s a great idea it will save us loads of money and effort”.

    One word somes this system up:

    USELESS!!

  83. Technical Geek 2007-11-22, 12:18

    WELL THIS ANOTHER STANDARD RESPONSE! NOT RESOLVING ANY ISSUES OR CONCERNS - BYE BYE NATWEST!

    When managing your finances online using your customer number, PIN and
    password is safe and convenient. But we’re always looking to enhance your
    security, using the latest technology.
    We are adding a new way of protecting important information that passes
    between you and your account online during some transactions. This protects
    you from the increasing sophistication of online fraud. For some
    transactions we already ask you for an additional layer of security - two
    additional letters from your password.
    Instead, we’ll now ask you to use the card-reader we’ve sent you, which
    creates a unique link between you and the Bank for these transactions. It
    uses numbers we will ask you to check to ensure no-one else is reading the
    information you send us.
    The card-reader will verify numbers you enter on its keypad and generate new
    random numbers for you to use online. As these numbers change each time you
    use the card-reader, they can’t be imitated or copied.
    The card-reader has been introduced to help make using the Online banking
    service more secure, however there is no need for it to be used every time
    you log on. The Online service will prompt you when the reader is required.
    This is when you wish to create or amend and payment details whilst using
    Digital banking. For example if you wanted to add a new electricity
    provider, or to amend a payment to an existing 3rd party, the card-reader
    would be required. The reader is not required when making a Maestro payment
    Online.

    The card-reader should not therefore impact your ability to monitor your
    account using the Online service while you are abroad.

    If you are unable to access your Online banking at any time, for any reason
    we do have a 24 hours telephone banking service, Actionline, who will be
    happy to help. The number for Actionline is 08457 888 444.

    The card-reader is a non-optional service and we at The Royal Bank of
    Scotland are one of the first Banks within the UK to introduce the service,
    however soon all Banks and Building Societies will be introducing this
    facility.
    To help our customers gain a better understanding of the card-readers we
    have introduced the following page to our web site, http://www.natwest.com/reader
    . This site contains information regarding the
    card-readers and its impact on your account; it also contains a
    demonstration of how to use the card-reader.

    I hope this resolves your query, however if you have any further questions
    please contact our Enhanced Security Helpdesk on 0845 300 6431* and we will
    be happy to help.

  84. Jez 2007-11-22, 18:10

    Not only is that a stock response, it’s poorly written.

  85. Technical Geek 2007-11-23, 22:12

    Hi Jez,

    Your right - Scenario 3 is not valid. Still a major hassle for the other ones though.

    A little concerned about the comment ” soon all Banks and Building Societies will be introducing this
    facility.”

    hmmmn - could be the death of internet banking and online stores.

  86. vikki 2007-11-25, 21:56

    I have never used one of these before so it shows how crap nat west are. It took me 2 secs to find you equally pissed off people. NAT WEST ARE CRAP. I have had problems with them for years and only stayed with them as it is my husbands account. Now I have had enough. They can officially bog off. Sorry nothing constructive to say I had to vent my feelings. I do not want compensation I want to be able to use my own money!!!

  87. Nicofars 2007-11-26, 00:12

    All these talks are really interesting as I was almost going to move to my sleepy Natwest account and convert it as my main, now for sure there no way I will.
    My friend uses Barclays and got soooo pissed that he is now looking to change because of the inconvenience of the Card Reader too.

    So : what are the alternatives ?
    if all banks are going to use soon ?
    I have Smile as the main bank but their web site is disapointing me as it doesn’t provide any download possible.
    Anyone recommend an online bank with “normal” login and statements download ?
    thanks guys.

  88. Leandro 2007-11-26, 10:03

    I have used the card and I agree with all his arguments. I have been a victim of online fraud a couple of times, but I’ve always had my card covered and all the money was returned to my account. This device is not meant to protect the banks and insurance companies, not the customers. They don’t care if they have caused us inconvenience.

    In fact I think instead of discussing the pros and cons of this card reader, we should all swap banks. That would send them the right signal. I am closing my account for sure, there’s no point in online banking if there’s no portability.

  89. Aaron 2007-12-1, 14:00

    Just two cents worth. I think we have so much misconception here.

    Re-iterating what a load of others have said, the whole point of this is to prevent any fraud happening on your account. Lets say it another way, if people stop following those SPAM or FAKE e-mails advising them to log-in into their account using a URL link (obviously contained in the e-mail), then the world would be a safer place.

    The very fact that loads of people do this, continue to do so, means another prevention activity is required - the only thing that apparently works is a PIN device.

    Yes it’s not full-proof, it’s inconvenient, but if if reduces or removes the risks - what’s the harm?

  90. Barclays Accountholder 2007-12-1, 19:14

    I’m a Barclays accountholder and have received a PINsentry device - which is pretty much a rebranded Natwest device for my Barclays online account.

    I think the card reader is a great idea - looking at the scenarios quoted above:

    1) Online Purchases

    Online purchases/telephone purchases don’t require the card reader - so there’s no reason at all why you can’t use your card fully when you dont have the card reader with you.

    2) Online Banking

    You can access the Barclays OLB and from what I understand, the Natwest OLB system without using the cardreader. It’s only needed for making payments to new third parties (i.e. the risk element of OLB).

    Also, the average Joe Bloggs accesses OLB to make third party payments from only a limited number of locations. (I use it from home & work for e.g.) Barclays are happy to send out additional card readers.

    3) Making Payments without the Cardreader

    In circumstances where you don’t have the cardreader with you, you can still make payments to third parties over the telephone - so it doesn’t put you in a compromised position in an emergency situation.

    4) “Plugging the cardreader in”

    The cardreader doesn’t connect to your computer in any way. It is a standalone device which uses your card to generate a one-time one-use 8 digit number which can be used on online banking.

    5) Batteries

    The idea is that when you get sent out a new card reader (and 5 years is a long time - the technology may well have developed massively by then, bearing in mind online banking has only been around 20 years) - you return the old one to your bank via a freepost address. (My Barclays one came with the details on how to return it if there’s any problems.)

    It’s very easy to be critical about the system when the banks take the hit for all fraudulent losses, but the fact of the matter is the more fraud goes up, the higher our bank charges and lower our interest rates do. It is most certainly in the banks interest to reduce these - but in the same way we’re saving in the long run, both by getting better services and not having hiked bank charges. Faster payments in themselves save £23 (Natwest CHAPS charge) per payment that you make for same day payments - and revolutionise the banking system.

  91. Jez McKean 2007-12-2, 13:26

    I’ve just had to use my card reader for the first time.
    I was setting up a Standing Order from my main account to my joint account (both NatWest accounts).

    Bizarrely, since it’s only my joint account that has been activated for the card reader it was that card that I had to use, that is I had to use the payee’s card!

    Obviously this is a slightly unusual situation, but it does still seem odd.

  92. David 2007-12-5, 15:29

    What I find odd is the lack of consistency.

    I received my letter followed by card reader about 2 months ago.

    My girlfriend is also a Natwest customer and she hasn’t received either.

    Is this something to do with the type of account she has (I’m pretty sure it is a standard Current account)?

  93. Matt’s Journal | Barclays PinSentry 2007-12-20, 09:21

    [...] on Jez McKean’s blog, he has a post similar to this one detailing the woes of using the Natwest card reader. Take a [...]

  94. Matt Brian 2007-12-20, 09:25

    Hi Jez,

    As a Barclays customer, I can also feel your pain. I posted an article on my blog about the woes of using the Barclays card reader and it received a massive response.

    I hope you don’t mind but I have linked your article and used a picture of yours to help raise awareness for all banking customers.

    http://www.m4tt.net/barclays-pinsentry/

    Regards

    Matt

  95. Stewart 2008-01-7, 15:19

    Hi there have read all the thread and although it seems that some people have issues with the card reader not actually increasing security it would appear that the main problem is the size!!!!

    Its ok Natwest saying that the reader is not required for all transactions but whats happens if im out and about and need to add a new payee and make a payment to somebody? As mentioned before the problem is that people are not going to carry this huge reader around with them everywhere.

    It would appear that Natwest need to invest in the small keyfob sized one to at least limit the inconvienence!!

    Just my 2 cents

  96. acwanaut 2008-01-15, 16:05

    As someone working in this industry, and particularly on this product at an International level (not for a bank), this blog makes interesting reading.

    There seems to be only a smattering of problems that people have - mostly to do with logistics - but of course as it’s your money, it’s a huge problem at the time. And I empathise as we’ve all been there at some point.

    But, for those that don’t know how to use the readers, try looking here:
    http://natwest.com/microsites/general/card-reader-user-guide/index.asp?cmp=reader

    For those that think the device is too big to hump around - petition NatWest to look at alternatives, there are plenty available off the shelf in the market (see: http://www.xiring.com/o2s/en-GB/pageLibre000133f3.php), but your current one is designed to be usable by those with various disabilities (i.e. is the non-discriminatory version)

    For those that don’t see how it helps with security, the simple fact is that the banks that have introduced this device have already seen upwards of 75% drops in eBanking fraud with those using it. Think about how you’d cope if your current and savings accounts were emptied and you had to spend at least 10 days without any cash.

    For those that are moving to HSBC, they’re planning on launching a new system that will mean you have to send and respond to many different SMS messages each time you use eBanking - what fun that will be when you’re on roaming tariff…

    The card reader isn’t a perfect solution, but it does provide strong protection from phishing, MITM, account takeover, and piles of other crappy fraud types. It doesn’t make life easier in the short term, but if it’s not easier for you, it’s not easier for those trying to empty your account either. It’s stronger that RSA style key fobs as soon you’ll be able to enter transaction details and create a code unique to the transfer you’re making (sign button) and in the next 6 months or so it means you’ll be able to safely use your debit card online (it ISN’T safe at the moment, so I’d advise you not to do it!). And by next year you’ll be able to use it to authenticate yourself on the phone to your bank - so no more bloody stupid questions that anyone who knows you well could answer.

  97. Myron 2008-01-15, 17:06

    Am I missing anytbing here? I’m assuming with the Natwest card reader you can use one or the other? If so, why don’t the NatWest allow both forms of authentication with the preferred method being using the card reader?

  98. Alex S 2008-01-17, 20:57

    As someone who works with computers and daily deals with security of them, I was intrested to hear about From Natwest saying that they were sending me a card reader.

    What made it so intresting is that I had just being listening to a Podcast all about a simliar systerm which PayPal are staring to use in America.The Podcast go on to talk about the why double factor Authendication is now need on the internet.

    The Podcast is a talk with Michael Vergara, PayPal’s Director of Account Protections, the interviwer is Steve Gibson an very well repected Independent Security Expert. to listen to it go to http://www.grc.com/sn/SN-103.htm.

  99. John A 2008-01-19, 11:09

    I received the letter back in November, and thought it was a scam. I still have heard nothing about it, ‘most 3 months down the line, and I can’t add a payee or anything.

    No answer from the bank whatsoever :/

  100. Ross 2008-01-24, 19:34

    I phoned to try and opt-out of this service and the staff member who I spoke with said (amongst other things obviously)that they “agree completely, you should be able to opt out” and “I can see how it could be impractical” and suggested I eMail to complain.

    I complained, in writing, to RBS about being forced to use the card-reader and the lack of an opt-out option… after a week I got a letter from RBS that will be posted on my own website shortly, but in the meantime here are a few choice quotations showing the general grasp of the English language (or poor stock letter templates) that the RBS seem to have, adding insult to injury considering they didn’t answer any of the points raised in my eMail.

    “…we at Royal Bank of Scotland are the first Banks within the UK to introduce…”

    “…This is when you wish to create or amend and payment details….”

    And last but not least

    “I hope this resolves your query, however if you have any further questions please contact our Royal Bank of Scotland on Royal Bank of Scotland* and we will be happy to help”

    Believe it or not the letter actually seemed to carry a real signature, so Richard Csizmazia obviously didnt read either my original eMail, or his own reply!!

  101. Ross McKillop 2008-01-25, 13:29

    My original complaint, and their reply is at
    http://www.iross.net/blog/royal-bank-of-scotland-card-reader-complaint/

    The “Enhance Security Helpdesk” really are dismal - can’t even get the name of their department right - missing a D i think (for Dunce perhaps?)

  102. Recursive » NatWest Anti-Fraud Team: Impressive 2008-01-26, 01:02

    [...] my reservations regarding NatWest’s Card Reader, I wish to voice how impressed I was with their Anti-Fraud [...]

  103. C.Collins 2008-03-17, 20:43

    Thank you for your blog! We got ours in the post today. What stuns me is the amount of packaging involved not to mention that the device wasnt made in the uk! So when Natwest ask us to offset our carbon footprint by donating the amount in monetry terms they are actually being hypocrites in the first degree.. what about the carbon footprint these devices have generated just in manufacture and being shipped to the UK?!
    I welcome any security measures that will combat fraud, but this is distinct over kill and as I am slightly numerically dyslexic, this really is not going to help me at all.

  104. Rob L. 2008-03-19, 10:59

    Having just opened an account at NatWest, I was curious about this card reader, though I’m not sure if or when I’ll be getting one.
    I will agree with most people it can be a pain to carry it around everywhere you go, and its a bit worrying if the card reader can be used by other people.
    I like the HSBC system - you have a small device that generates a code. The good thing (?) is tha