I have received in the post a Card Reader from NatWest.
They have designed this device to beef up the security around the (excellent btw) online banking.
The flaw? The fact that we will eventually have to take the damn thing everywhere you go. And the card of course.
The whole point of online banking is, afaiac, the fact that you can use it anywhere. Now we will only be able to use it IF we have the card reader with us, IF we have the card with us, and IF it actually works. And IF the battery isn’t dead.
I regularly use NWOLB at home and at work, so what do they suggest? “You could use someone else’s.” Well that’s just stupid.
Further issues:
- I have two accounts with NatWest, both of which are accessible with the same login credentials. However, only one of those accounts has a card new enough to use this card reader. When will I therefore be forced to start using the card reader? I don’t know, but I expect that they will send me a new card (meaning my saved card details at various sites will have to be updated) and probably another card reader.
The amount of plastic, cardboard and paper used to send the card reader is shameful. From the outside in: Plastic postage bag, cardboard box, plastic tray, cardboard box (again), bubble-wrap, plastic bag.- It is my joint account which is ready for the card reader, but the other holder (the gf) wasn’t informed, and certainly wasn’t provided with a reader. She has also used NWOLB from work, so that’s four places we already use the service, i.e. three places we now won’t be able unless we carry this thing with us. Which we obviously can’t both do.
I am happy to pay the few extra pennies it would take to cover the fraud that this device might prevent.
I am happy to take the risk that it is my account that is compromised if they just abandon this daft device.
I am genuinely considering moving to another bank if this reader turns out to be compulsory.
I don’t understand why people are so upset. This is for your protection. Now, even if you and your grandmother screw up the security of your computer (and have all sorts of keyloggers and software exploits installed), your bank data is safe. The password changes every single time, so just hacking a computer does not work for logging into your account.
Every bank in Switzerland uses this system. I have never seen any reports of money being stolen or transferred without the account owners information.
Also, if the bank determines that your login and password was correctly used for stealing your money, they can deny all wrongdoing, because they did not compromise account security; you did.
If you don’t believe me, look for reports of money being stolen from small business accounts using exactly these techniques. And also, how banks can say that it is not their fault as the online credentials used for the transaction were correct.
my issue is i got a natwest student bank account, and going to uni i have moved house, as you do. now i ordered the card reader, to my new address, in halls, along with my free railcard. waited… waited a bit more. a couple of months went by so i requested new ones, making sure they were being sent to my term time address.
i waited.. and waited. and even though i specifically stated the new adress and online you actually have to type in the postal adress i have still not recieved them, after 5 months. so i rang up again and they said the card reader wouldve been sent to my old address, so i have to go to the bank to change it.
so today i went into the bank and they said i couldnt change my address without a passport or drivers licence with the new address on it. who changes their passport or drivers licence address to live in halls for one year then have to change it again?! so now without spending £80 on a passport or sending my whole driving licence off to get changed i cant do any online banking.
i officially hate natwest and think they should die. im switching banks asap and i shall never have any dealings with them ever again.
You’re talkin’ rubbish. The card reader is for your convenience, for you to use at home; you wouldn’t require more than one or to take it anywhere with you.
Do shops share one machine between all shops? So, nothing will change. What a waste of blog space LOL
I really see no problem with it. All it’s doing is making sure the person trying to make the payment online is the card holder and knows the PIN for the debit card. Therefore a hacker or fraudlent user who has obtained login details through phishing of malicous coding can not pay funds from the hijacked because they don’t have the card and even if they did they wouldn’t know the card PIN unless this had been disclosed by the account holder.
I think the card reader provides a perfect solution that can be implemented by the majority without limiting accessability.
There is no limit to the amount of card readers you can order with most banks, so you can have one at the office too. Also is carrying this device around an inconvience? I don’t think so, would you rather carry around a mobile phone and ring your bank, waste your credit and more than likely not be able to make a faster payment.
The card reader is in no way linked to your account or card, hopefully as this technology becomes the norm and cheques are finally gone it will be common to see card readers present around public computers.
The simple fact is the system reduces fraud at little inconvience to the account holder, I don’t know about you but I like my money.
The card reader is defeating the purpose of internet banking! This is an unnecessary and pedantic security measure which was probably sold into the banks by the OEM of the devices. It is most certainly NOT an Industry standard
I have been using Internet Banking for 10 years now, never have I come across a more silly security measure that takes no consideration of what users want. Designing websites is all about usability, currently, if I leave don’t have the card reader the site is not usable…. simple as that!
The banks should take into consideration the posts on this topic (dating back to 15 June 2007 – almost 3 years now!!!!) and make the necessary arrangements.
My bank account has MY Money in it… If I choose to waiver using the card reader, I should be able to… if not,… simple… I move banks…..
Internet banking is NOT a privilege as some posts claim (probably written by someone at the bank – Steve 2007-10-3, 09:26) it is a standard.
To me, the banks offering the best level of service (and I don’t expect much as all my interaction is online) will get my business… I think this attitude of Banks thinking that they are doing us a favour is absolute poppycock…. especially in light of the recent event….
Bankers… get off your high horse…. stop trying to justify your ludicrous bonuses and start listening to your customers, otherwise they will not be your customers anymore and then when all the customers are gone…. no more bonuses….
And just so that I am clear here, this is not a whinge at Bankers Bonuses, a simple statement that without customers, there is no bank therefore Banks should listen to what their customers are saying… If I choose to waiver my use (and possible insurance coverage) of my card reader.. then this is my problem if my account gets hacked…
At the moment, however, If I have to continue using this stupid device, then I will decide to take my money elsewhere… simple…
so lets talk solutions….
1. I log into my bank account.
2. This action triggers a OTP (One Time Pin) to be sent to my mobile via text and/or pre-defined e-mail address.
3. If I need to enter the higher security areas of my online bank account (change details, transfer funds) then I need to use this PIN which is only valid for my current session….
Yay! Online banking is now usable (and mobile) again!
Simple…
If anyone from the banks would like to hire me as a consultant, please feel free to contact the blog owner for my details….
This Card reader makes it so difficult to carry out any management of MY BANK ACCOUNT by eMail that I must seriously consider removing my account to another Bank.
This Bank already has some accounts with me so it would be a simple matter to transfer MY MONEY across.
Having been in Nat west online since it started I was somwhat peeved when I could not move my money to another bank without this reader. Then to be told I would have to wait probably 15 days to get one and that it would not be delivered using even recorded mail but only the very unreliable Royal Mail.
Maybe Nat west should look at what Lloyds TSB use.
Just to clarify misconceptions abounding, the chip DOES have a processor, it’s not just “RAM”, so your card’s chip actually verifies the PIN sent to it by the card reader (and locks itself if you get it wrong too many times).
(The downside case made by security professionals is that violent criminals could use the card reader to ‘interrogate’ someone in a closed room to get and verify their PIN rather than in the past having to march them to a cashpoint where they could in principle get away.
There was a case not long ago where two people were found dead in a room having been tortured to get their card details.)
Yes they are an added inconvenience, especially if setting up and paying a new payee. Actually if it’s a family member, I always make a 1p payment straight after setting it up so I don’t need the card reader to make any subsequent payments.
The other pain is due to a long-standing problem with Natwest online banking, namely that you can’t have two payees with the same account number and sortcode – obviously different payee references.
So *every time* I want to pay WAGES or EXPENSES from the business account, I have to use the card reader to change payee details, rather than just having two payees with differing references.
Sorry, but I have to say this. Get real and as they say “smell the roses”.
Internet fraud is huge, and your bank account is a prime target. The old text-only based system was a prime target – for example a keylogger trojan on your pc could easily trap your details over the course of a few transactions. Yes, switching the entry sequence of those credentials helps, but really…. who will be crying first when you are cleaned out?
I’ve lived in Amsterdam for 9 years (but also had my Nat West account for 20) and since the start I’ve had a card reader from ABN AMRO. Most European banks would not dream of offering a service without such a device.
Having the reader is simply no problem. I’ll bank from work or home, I generally know I’ll be making payments and have it with me. I don’t bank from cafes! If really needed you can get a second reader from Natwest.
This is the real world and the UK is finally catching up. It’s taken way too long in coming.
A OTP via SMS is an excellent idea (I work in that area) but it has the downside that there’s a transaction cost every time (the cost of the SMS) and I’m sure the complaints would be even louder if you had to pay per transaction.
What would make sense would be an optional “send me a PIN” if you don’t have the card reader to-hand and really (really) need to make an unusual transaction.
Well done Nat West.
wait until you lose your card abroad—no card -you cannot transfer money etc–you have to wait for a new card. Cannot even get funds until card arrives etc
Some really thick folks out there.
This is not to be carried around, its for home use with your online banking account.
I had mine shoved in drawer for a couple of years, was setting up an auto payment and cancelling a Standing order online and required the use of card reader, dug it out ripped the battery tag out shoved card in and followed online instructions. Easy and more secure. Popped back in box and in drawer again.
Its not a big issue like some people make out.
We are with LloydsTSB and were only told about the change over to using Card Readers to access our Business Account about 3 months ago and have had the reader for 2 months.
We now have 2 readers as we need to access the account at home, work and 2 other locations (not counting if we’re out somewhere and need to check the account).
It’s locked our account at least 6 times so we couldn’t access it until contacting Customer Services.
Every time I contact them I make a complaint about the stupid card reader.
We can’t access the account without it, we can’t make payments without it, we can’t pay staff without it and we have to input all the data in to the reader each time for every payment we make. It’s a complete pain in the backside and makes using Internet Banking a lot longer than it used to.
AND as it’s a partnership there are two of us that need to access the account but they’ve only registered my card, so if I’m out with the card my partner can’t access the account (yes we’ve sent the forms to register his card but we haven’t heard anything back yet).
So for us yes it is a big issue.
I agree with everyone who is complaining about these readers for 2 major reasons.
1) It’s MY account, MY money, I am the customer, they are the supplier, they have no right to force anything on me that I did not sign up to.
2) As part of my role, I work with fraud and authentication and the existing measures are more than adequate if you have a reasonable password, so this is total rubbish and unnecessary and I WILL be closing my account with Lloyds TSB as they have locked me out of my business account as of today!!!!!!!!!!!!!!!!!!!!!!!!!!
I lost my card as soon as I moved to a foreign country… I can’t transfer funds to another of my accounts or to a friend’s as I need a card reader… Which I have!!! …but no card to put in it :( stupid thing. Oh and posting things to Russia is both very dubious and very timely!
hi
i always think that fraud like charity starts at home.
so what happens if the girl that you love so much wants more money.
after the card reader has been used a bit u can probably see what the 4 pin numbers are but i am sure an imaginative female could put something on the keys that would rub off quickly to speed up the process. now she only need to know what order the keys fall in there are 4 x 3 x 2 x 1 = 24 possibilities. all she has to do is list the possibilities putting the most likely ones first then try the first one then wait until u successfully log in then try another and so on. obviously it takes time. then she can use his card to draw money out and run off with her lover.
obviously it would be difficult to transfer money to another account because that would traceable which is the biggest reason internet banking is safe.
so i think card readers create yet another way of getting a card pin (could be why they were introduced) but do nothing to improve internet security.
i am sure all fraudsters would see this instantly.
regards
dave
For heavens sake read the site’s information. I have been using Natwest’s online banking for years. I have a card reader – I do not take it out of the house and I can access my bank accounts (all five of them ) without it. You only need it for certain actions for – instance to set up a new payee. I can transfer money between accounts, pay bills and make payments to other people’s accounts without the use of the card reader. When I need to add a new payee I use the card reader. I can only talk about Natwest of course – but surely it’s not the end of the world to carry the reader in your briefcase/handbag/car!!! Alternatively why don’t you all transfer to Natwest!!!!
And dave – I think you need a new girlfriend!
regards
Deanne
Right, so today i lost 8k out of my account… the funny thing is, I was asked to use my card reader when logging onto natwest (checked website and security down bottom) However this apparently was a hack in natwests website, and in using my card reader to log in gave them full access to my account. Had I not ordered a card reader they would NEVER had been able to steal from me.
The sooner these go the better!
Phone banking is the way forward untill they sort their website secuirty out.
Card readers are a big time PITA. I thought Computer Banking was supposed to make life more convenient, not add to the hassle. I wonder what the differential £ benefit has been in terms of fraud prevented per bank account, especially with all these card readers littering desks all around the Country. Not that we will ever know about the cost I guess ?
oh my goodness I’m glad that someone else finds this system ridiculous!!
I am only 18 and I’ve just started up my online account because I needed to transfer some money to a friend who I owe for a holiday I’m going on next week and I just don’t know what to do! It says I need to order one but how long is that going to take, I leave on tuesday!
Surely there are better ways to make online banking more secure?
does anyone know which uk banks or building societies do not force card readers upon their customers?
i’ve just got locked out of my hsbc again! and they want me to wait until tomorrow morning to call them. (yes, at my expense and time).
There are no security advantages to chip and pin.. just do a bit of research (start with university of cambridge bank security in google).
The Card reader system is ridiculous. Having done all our banking online we now have to make a lot of phone calls.
The Lloyds TSB system is definitely more convenient. It uses double passwords and landline and mobile phone OTP authorisation for new payees.
Does NatWest have less fraud than Lloyds TSB because of the card reader? Well perhaps it does as if other companies are like ours they are phoning in to make a lot of their payments and there are less online payments.
Lloyds doesn’t use SMS for security as far as I know (though there are SMS services including notification whenever your debit card is used abroad), but I don’t think the cost of SMS should be a deterrent. It’s very cheap if bought in the sort of bulk these companies would.
One of our foreign accounts not only does OTP via SMS and other security measures (which aren’t as inconvenient as the NatWest card reader), you can even set it to send an email or SMS in either English or local language to the recipient to notify them a payment has been made to them. And that’s in a developing country.
Most (if not all) that you’ve stated above is utter rubbish, You do not have to use the card reader to sign into Your Natwest Online Banking. At this time all you really need the card reader for is to add a new person to your payee list (money transfer.)
I can’t believe that anyone would complain about being given FREE extra security that could save a lot of hassle for many people.
As for your other issue, It seems your just trying to pick at any old fault, chuck it in the recycling and get over it.
If your honestly thinking about moving banks over this pathetic issue then you obviously have way to much time on your hands, perhaps select a bank based on interest rates ect?
Dave your issue with this is just crazy, please consult your GP.
I also am annoyed by Smile insisting on me using a card reader which they sent me; but it’s not for a new standing order or new payee, it’s to correct an error they have with their Council Tax listings against one of mine!
I tried to explain I have already logged on using 4 levels of security and each time there is a random sequence and different answers.
I am amazed at some of the comments in here about the card reader only being for home use. This means you are no longer able to be mobile when doing on-line banking, you can only do it from home. I do most of my online stuff during the day at work, and I have used libraries or cafes, and then I spend the evening with my family, not doing banking.
A card reader is another device to go wrong or to lose. I have a poor record with external devices anyway. I suggested the idea of sending a passcode to my registered mobile phone but the bank’s computer said ‘No’. I use this successfully on other services (although I have drowned several phones too!)
I’m not convinced they offer anything better.
Interestingly First Direct told me they are not using card readers, yet are part of NatWest. If this is true I will be transferring.
Just give me the chance to opt out!
I use my iPhone to do alot of banking business while on the move – nowadays a lot of people don’t just access their bank “sitting at home”. This is the 21st century, apparently. So I would now have to carry this stupid piece of plastic around with me wherever I go? I have had an account for over 10 years and there’s never been a problem with security.
If you’re dumb enough to let your details slip then that’s your problem and if you lose some money because of it then maybe next time you’ll be more careful! I don’t see why the rest of us have to carry this junk just to make up for the ones who can’t keep a PIN secret. It would be fine if this was an opt-in service then all the grannies could have one to help them feel safer while the rest of us could carry on like we always have.
Incidentally, it seems the majority of bank security issues stem from them sending things to the wrong address not from people mis-using their accounts!
Adam your talking rubbish.
Why complain about using something that prevents fraud. If you refuse to use one they should refuse to pay you out.
SMS Pin, how stupid is that, mobile phones are the most common thing lost or stolen in the uk. So now instead of losing your phone, you lose your cash too. mental.
long live card readers.
I see no problem EXCEPT that of some criminal in your house threatening you and being able to tell instantly if you have disclosed the correct pin or not. Otherwise the card reader should be very useful in hightening security.
I have twice had a card cloned and had no problems sorting this out with the Banks.
In the scenario outlined above, I suppose the answer is to disclose the pin to avoid injury, phone the police and bank immediately they have gone and then claim on your domestic insurance for the theft. Problem solved.
@Adam: FAIL. It’s says quite clearly on nwolb.com that you must not use the card reader to login. And don’t use unsecure programs like internet explorer.