I have received in the post a Card Reader from NatWest.
They have designed this device to beef up the security around the (excellent btw) online banking.
The flaw? The fact that we will eventually have to take the damn thing everywhere you go. And the card of course.
The whole point of online banking is, afaiac, the fact that you can use it anywhere. Now we will only be able to use it IF we have the card reader with us, IF we have the card with us, and IF it actually works. And IF the battery isn’t dead.
I regularly use NWOLB at home and at work, so what do they suggest? “You could use someone else’s.” Well that’s just stupid.
Further issues:
- I have two accounts with NatWest, both of which are accessible with the same login credentials. However, only one of those accounts has a card new enough to use this card reader. When will I therefore be forced to start using the card reader? I don’t know, but I expect that they will send me a new card (meaning my saved card details at various sites will have to be updated) and probably another card reader.
The amount of plastic, cardboard and paper used to send the card reader is shameful. From the outside in: Plastic postage bag, cardboard box, plastic tray, cardboard box (again), bubble-wrap, plastic bag.- It is my joint account which is ready for the card reader, but the other holder (the gf) wasn’t informed, and certainly wasn’t provided with a reader. She has also used NWOLB from work, so that’s four places we already use the service, i.e. three places we now won’t be able unless we carry this thing with us. Which we obviously can’t both do.
I am happy to pay the few extra pennies it would take to cover the fraud that this device might prevent.
I am happy to take the risk that it is my account that is compromised if they just abandon this daft device.
I am genuinely considering moving to another bank if this reader turns out to be compulsory.
My original complaint, and their reply is at
http://www.iross.net/blog/royal-bank-of-scotland-card-reader-complaint/
The “Enhance Security Helpdesk” really are dismal – can’t even get the name of their department right – missing a D i think (for Dunce perhaps?)
Pingback: Recursive » NatWest Anti-Fraud Team: Impressive
Thank you for your blog! We got ours in the post today. What stuns me is the amount of packaging involved not to mention that the device wasnt made in the uk! So when Natwest ask us to offset our carbon footprint by donating the amount in monetry terms they are actually being hypocrites in the first degree.. what about the carbon footprint these devices have generated just in manufacture and being shipped to the UK?!
I welcome any security measures that will combat fraud, but this is distinct over kill and as I am slightly numerically dyslexic, this really is not going to help me at all.
Having just opened an account at NatWest, I was curious about this card reader, though I’m not sure if or when I’ll be getting one.
I will agree with most people it can be a pain to carry it around everywhere you go, and its a bit worrying if the card reader can be used by other people.
I like the HSBC system – you have a small device that generates a code. The good thing (?) is that the device is tied to only one account, so if its lost or stolen, its no good to anyone else. Plus its very portable, unlike the NW card reader. Right now only HSBC Business customers in the UK have to use these devices, but it will surely be applied to all customers.
I’m fairly neutral on this idea, except for the fact that I knew nothing about it until my dad phoned me today in Malaysia. The postman’s kids are going to love this when they get it, they can try all the cards that my dad tried to forward from the bank.
When he told me, my first response was “online banking card, isn’t that ironic?”, but he assures me it’s plastic.
RSA Key Fobs . . . !
Why oh why could they not use these? ….so much better, convenient and simpler for 2nd level authentication.
Nobody wants a piece of hardware this size to lug about – its just not convenient.
Could have at least made it dual purpose and added a calculator feature. Idiots. I was pretty much 100% happy with NW, but this is one swinging situation to the extreme other end.
Will switch to Lloyds I think, they use RSA key fobs I do believe…
Well I received my card reader the other day, put my card it in (MY ONLY CARD) and it said wrong card.
Very well done. Superb.
FAIL
I am so depressed. I received my card reader today from Natwest. In an effort to find out some more information to supplement that already received I went and asked Mr. Google which is why I’m now here. Unfortunately, I’m too late to make comment. Nevertheless, after spending some time running though some of the comments made above I need to vent.
I have come to the conclusion that assembled here is one of the largest groups of moaning pessimists ever to grace a single blog. I have never seen as much inventive complaining before (e.g. “The online system for checking the numbers may be faulty”). Good grief people! Qu – What’s the difference between half empty and half full? Ans – Perspective.
What a bloody hassle! I’m glad someone else agrees.
I agree with everything you say…
and just one pointer, if your gunna write a blog and think through what to write, how and where….don’t use acronyms, they make you sound like an idiot
If you are going to attempt to give me advice on how to write I suggest that you learn the difference between “you’re” and “your”, that you don’t use non-words and that you learn how to use punctuation.
Wat a piece of shit this card reader system is. How could a street bank would introduce such process with out getting actual feedback from customer. Such a big waste on time, money and customer inconvenience. They could have done with so many other things to prevent online fraud instead of making an online/offline (card reader) combinations which very much itself nullifies the work online banking, convenient banking…shitH#$e
Guys we have to warn Natwest about loosing its business if they don;t take their customer into confidence while using any kind of new technologies. After all its we who make thewir salries acountand not theother way round…
The card reader negates the idea of having an online bank, what if someone steals your card reader!
This is such a stupid idea and their is noway to contact the bank and tell them this is a stupid idea!
Dominic
Add another one who’s also pissed off about the card reader business. It now means I’ll have to carry my card and my card reader everywhere with me when I go overseas, putting both at risk for theft, in case I need to make a payment to somebody I didn’t know I would need to pay before I left (or whatever else requires it). And if I lose them when I’m in the back end of nowhere, how long is it going to take to get a replacement?
Hi
I have a South African Bank Account with internet banking. I receive an sms everytime I (or anybody) logs into my Internet account.
ONLY If I wish to make a one off payment or direct debit to any 3rd party I receive another sms with an short code which I need to enter into the website before proceeding (code only lasts for that session) I always have my moble with me no matter where in the world I am.
The logon security is pretty much the same between my SA account and Natwest which I feel is pretty good (3 separate pieces of info).
I dont welcome this device as it means taking it with me, and not to mention the extra time to actually use it even if its a few seconds.
Wonder if Natwest consulted with the customers on this, as I was not
RM
North West
Im all there with you, im abroad at the moment and for the next 6 months, and just tried to add in a new payee account to pay some money off a credit card of mine and Natwest is now saying i need a stupid card reader… i have never needed one before and i dont have one now. so im stuck abroad with no card reader, meaning the online banking from natwest is utterly useless…
as soon as i can get my money out of natwest, believe me, I will.
I’m no expert in this field so don’t slate me for what i say!
I’ve read the entire post and noticed that no-one has mentioned this…
Because it’s a card reader and that you have to enter your cards PIN into the reader for it to be checked against the card, this means that when you put your card in the reader the machine is reading your PIN off the card.
I assume that your PIN is encrypted on the chip on the card otherwise if anyone stole the card they could read your PIN straight off. So while it is encrypted on the chip on the card (with a Natwest specific encryption algorithm?) this reader is either A. decrypting the PIN using that algortihm to plain text, or B. encrypting what you type as your PIN on the keyboard to an encrypted PIN. As somehow this machine matches what you type on the keypad to the PIN stored on the chip on your card.
So i’m thinking that the Natwest encryption algorithm is on the computer chips inside this machine, otherwise how else can it match the plain text digits you type to the PIN on your card? So basically if someone removes the chip out of the machine and dumps the raw code they may be able to hack this if option A (above) is true, i.e. if the machine decrypts the PIN on your card then the hacker will probably be able to make this PIN display automatically on the screen when the card is inserted.
So if they go round stealing cards they can just use pop them in the reader to get the PIN too.
Maybe I’m reading too much into it, or maybe I’m wrong about the encrypting and decrypting of the PIN on the card and machine, but I thought it was worth discussing……..
What is stopping me from stealing someones card, attempting thier pin twice, then using my own card and entering my pin correctly, then trying the stolen cards pin twice again and repeating the process until i have the stolen cards pin number?
Or are the 3 attempts specifically for each individual card?
Just wanted to know out of curiosity, im not a thief, just annoyed about having to use this damn thing all the time.
NatWest just sent me a card reader to Guatemala, where I am based.
Trying to replace my Natwest Credit Card, though, appears next to impossible.
Different priorities.
It’s the card which holds the pin counts. So swapping another card for the 3rd attempt makes no odds at all.
Although this debate has dried up a little it should be said that every bank will ultimately do this, sadly the general populus are too stupid or too trusting to safely use online banking services and whilst that is the case banks need to do all they can to protect themselves and their customers.
Those in the know will understand the factors of authentication and will be aware that simply having “something you know” will always leave you at the mercy of who else knows it, either via compromise (keylogging malware), deception (phishing) or simply having chosen bad passwords. Due to this inherent threat many companies be they web based or corporate hardware are introducing 2nd factor authentication “something you have” and yes this does make life a little more complicated and banking online a little less convenient but security and convenience seldom coexist.
I was pleased to see that RBSG only use the card reader authentication on high risk transactions rather than login and personaly welcome the enhanced security for a slight tradeoff in convenience.
Just wait until we hit 3rd factor “something you are” then things will get really interesting.!
As an RBSG employee involved in the implementation of this device across the group’s brands, I’d like to extend my gratitude for the endless LOL’s abounding in this blog and the responses. Thank you. It humours me to no end that of all the ridiculous and atrocious services and products NatWest have to offer, it’s the card reader that is causing so many of you to uproot and join another bank where you will undoubtedly be greeted with exactly the same crap.
I got this anal retentive thing aggggggges ago. This evening I need to urgently transfer my little bro some money. To add him to my list of individual Payees I need to use the reader. Where the hell is it? Ive not used it since I played with it 9months ago…… Misses hasn’t seen it either…. she says “I dont have one of them with my bank.” “You should leave Natwest are crap anyway.”
Yet another Irrate soon to be Ex Natwest Customer.
Ihave been with my branch of Nat West for 40 years,and online banking for 5 years.Today i go to make a single payment to a relative and i need a card reader.Have they sent me one NO.Idid not know they existed.On there website i ask how i can get one.Can they tell me No.Maybe i should change banks.
i agree, bloody useless and is not a practical security measure.. i ‘m not going to carry this thing around!
natwest will have to change their policy soon
Natwest online banking is CRAP. It’s the very worst online banking I have used and doesn’t have a candle to most other banks. It has limited options, provides limited information and should be put in the bin. I can only imagine you have not tried other banks offerings…
well my card stopped working in july 08 so i rang the help centre …. they tod me they had updated some of the cards and and new cards had been sent to me 3 weeks prior … well i had not recieved a new bank card so after they checked my address, they said they will send out another replacement card
Now today (sept 11th ) i wanted to set up a new payee but still not recieved a new card …. so rang them again i explained that the previous 2 cards had not arrived … the operator then enquired with her supervisor about it … she came back to me and said that she was sorry about me not recieving the new cards … but a batch of cards during july and august had gone missing from the company that distributes them …..
GREAT ….. obviously these cards are for enhanced security ……. NOT
Greetings,
Having moved abroad for a year as a student, I am shocked at Natwest’s decision to make it so difficult to transfer money… to myself. Not wanting to pay the 2.75% charge of withdrawing cash in Europe Ive tried transferring my loan to a Nationwide account (at least one bank is on our side when it comes to international cash withdrawals) to find that the only way of completing a SWIFT transfer… is to go into the nearest branch. This is a great idea considering this is currently 1700 miles away. The other option is this stupid card reader, which no doubt they will send to my home address, again… 1700 miles away.
Its the monkeys making these decisions that are gambling billions on corporate ventures that cannot be paid back, and then giving us the bill as the taxpayer for their increasingly inherent gambling addictions. Bye bye economy. Stupid.
Whether this is good because of extra security or bad because of inconvenience., the fact is we have been kept in the dark about this with little or no prior warning. I tried to set up a new payee today and had no idea of this new system and am fuming. Whos going to pay the late payment charges now! Natwest will not be getting my bussiness anymore and i advise you all to do the same.
I work for a bank!
Believe it or not! Its going to be compulsary just like chip and pin!
Sorry guys!
Some stupid idea that is pointless and will have a tiny effect is going to be nessasary!
Who ever said that “online banking is priviledge” needs to immediately report to a local mental health practioner….
I didn’t know about this Card Reader. Wasn’t informed by Natwest, wasn’t sent a reader, just had my access to my internet banking limited one day for no aparent reason….so obviously I called them and was told I need a reader! What the heckis a reader and what does it do?? For the answer I had to search the internet and found this website!! I am only 33 years old and didn’t think current technology had passed me by!! Why was I not told about this and why was I not sent one? I have 2 accounts with Natwest and I received nothing! I have had nothing but problems with Natwest since I first opened my account years ago – they are rubbish!
Quote:
richard kimber 2008-07-12, 15:17
Ihave been with my branch of Nat West for 40 years,and online banking for 5 years.Today i go to make a single payment to a relative and i need a card reader.Have they sent me one NO.Idid not know they existed.On there website i ask how i can get one.Can they tell me No.Maybe i should change banks.
:Unquote
Well, richard, I have been using NatWest for 30 years and I first used online banking at least 10 years ago. NatWest’s online banking is, imo, pretty good.
So, you cannot find how to order a card reader?
It seemed quite easy to me:
Logon to NatWest online and, under something like ‘Services’, there it is: Order Card Reader.
However, I agree with above comments regarding overuse of plastics, etc.
Regards, Fig.
I ordered mine. When it arrived it wouldn’t accept the debit card. I rang up to be told that was because the card was old and had been renewed on 4/11. Guess what, no new card – no use.
Stupid idea. I set my internet banking so i could manage my account while i am traveling. So my natwest debit card won’t work here in Malaysia and when i try to transfer money to my other bank account i’m told to order a card machine. How fast do you recon they can delver to Malaysia?
when i travel abroad, i dont take all my cards.. what would be the point in risking losing them. if u just keep one u can transfer money around with online banking… not anymore. if all banks do this ill have to carry all the cards. and maybe multiple card-readers if they arnt intercompatible. and the ginius who said “chips on a card are micro-computers” needs shooting. they’re just storage devices which act like RAM. they themselves do nothing.
oh and its obvious why they dont want everyone having more than one of these things… ppl cant modify a device they need, but if they have two they can afford to crack one open and mess with the software.
AND IM NOT BEIN FUNNY but why dont these things have a calculator!!! seems like an obvious move.
Why I will definetely leave my bank (NatWest)
A slightly different story.
I´m travelling at the moment and will be away for the next few months. The last thing you want in this case is of course for your card to be cancelled but sh… happens and mine was. Not by any fault of mine – apparently my card was suspected to be potentially cloned and so it hyad to be cancelled. Good on them for being vigilant. The problem is this happened in January and after a couple of weeks of talking to various – incompetent as it turnes out – people in NW and having spent a fortune on phone calls Í´m not much closer to knowing when and whether my card will be replaced and what to do to have my account unblocked. OK, my fault for not being contactable but since I found out what happened and tried to solve the problems I´ve been eternally put on hold and spoke to an army of NatWest employees who gave me contradictory and false information. The level of incompetence of those people is appalling and unparalleled!! Does anyone know if I can sue them for phone call costs and distress? I´m in South America now and without cash. No one accepts credit cards here. If it wasn´t for my friends I would have to cancel my around the world ticket half way through the journey and go home to sort my banking problems. Needles to say I haven´t heard a single´Í´m sorry´from anyone.
Regards
Bernardeta Jakubczyk
Pingback: Security of online payments « Convergence Commerce
I’m also having problems with Natwest!!! I am currently in Pittsburgh for three months and am now without access to my money.
Before I left for Pittsburgh I went into my local Natwest branch to tell them that I’d be in Pittsburgh so that they didn’t block my card thinking that it was stolen etc and I also told themm that I planned to use an HSBC credit card abroad and that I’d need to transfer the money to HSBC as and when I needed it! They told me I could do it using online banking….great!!! But they failed to tell me that I’d have to take the stupid little card reader with me to enable me to set up the transfers!
I have been on the phone to Natwest several times since I found out that I needed the reader (when trying to transfer money online)…..today they have exceeded themselves and told me that they would send me a new reader…fantastic I thought…until I was told that they’ll only send it to the address associated with my account…….how is that any good…I’M NOT THERE!!!!!!!!!!!! or they’d send it to my branch, but I would have to phone them and asked them to mail it to me…..why can’t Natwest just send it straight to me and save themselves one lot of postage!?!?!?!?! idiots!!!!
dont’t you just love this farce of a gadjet.
I have recently come to spain for a holiday with my wife at my parents. After speaking to a Natwest advisor (before I left),I was informed that my wife and I only needed to take one card reader with us as it would work for both cards.
2 weeks into our break we needed to transfer some money from her account into my own. After being locked out I rang technical,who unlocked the card and told me to try again,I got locked out as before.
I was then advised to order a replacement card reader as this would reset the system,and use the reader the next morning.
Suprise suprise …same thing,so i rang again.
Then I was told to call telephone banking as this could be done there.After a lengthy conversation explaining the situation the advisor (telephone banking)said we cannot transfer monies because the card reader was not enabled for my wifes card,a point I had just spent a day and an evening explaining.
I was then advised it must be a card fault(although it reads her pin perfectly) and to order a new one ,which would be posted to her account address… in England!!
As we are here for a further 6 weeks I intend to take a daytrip to Gibraltar,set this all up, send Sadwest the costs..and then change banks when back home.
Left hand seems not to know what right had is doing with this stupid system.
I’ve had nothing but, excuse the french, crap with Natwest. I’ve never had such a hard time online banking.
When I setup my account I remebered to record and write down both my PIN and banking password, and logged in successfully. This week I tried to login, and it would not accept my info.
I tried to reset my details , but again it said they could not verify the details I’d entered.
Ringing them up I was passed from line to line, and eventually told that new details had to be sent in the post. Bearing in mind it was urgent I needed to see a statement – but as I’d agreed to receive paperless statements, I was pretty screwed.
Such a hard process – and really can’t see how the card reader will make things any better…
had mine from smile and now looking for another bank, I valued on-line transactions but spend time abroad and they won’t say whether the piece of rubbish will work or not, to those who say ‘why fuss’, because I’ll be landed with lots of late payment fees when i get back, that’s why. the tin lid is having to use it to pay my smile creditcard off from, err, my smile current account, but not having to use it when tranferring E5,000 to my agent abroad. Durr.
Absolutely rubbish, the guy who invented this should be strangled!
Natwest could have invested all the money they spent on these stupid card readers to upgrade their security software for safer banking OR they could have made the card reader as thin as the card so it can easily be carried with the card..
Coop Smile (a previously excellent internet bank) have just introduced the card reader. I won’t repeat other people’s comments on this asinine system. Does anybody know which internet banks are NOT introducing them so I can move my accounts?
I wasn’t smiling when Smile sent me this thing. Both cards show “Wrong Card” when I came to use it. A quick phone call to Smile’s helpdesk reveals that it will not work with either of my accounts and that there are new cards to be sent.
I am not going to argue pro/con this system (yet), but they could have at least made a point of telling me (perhaps via a secure message?) about the new cards etc.
Oh and regarding the battery (see comments above). On the smile one a paperclip can be used to release the battery drawer and change it over, so hopefully the banks will not be posting out replacements.
Get a grip people…
You have to type in a code when you make payments – its not the end of the world.
I’m personally annoyed I have to use a pin number with my card. It would be far more convenient just to put it in the machine then take it out again. Why won’t the banks let me do this? It’s so unfair…
I have had an account with The Westminster Bank Limited since 1963 – it was pretty good then – free tea with the manager while I waited – and have sadly witnessed the whole banking process go into steady customer service decline. To day I found out about the card reader by accident, and having read all your comments, I am not very enchanted with prospect of having to use this thing, especially since I now live 8000 miles from my branch. Thinks! Why not make the card the size of a MultiMeaderCard, then my PC can read it? Hmm Perhaps not, since I regulary have to fend off hackers – yes,its not the Bank’s security that’s the problem – its the Customer’s.
I HATE THIS F*****G PIECE OF S**T!!!!
To anyone that THINKS this is a good idea, they have obviously not had it inflicted on them. Let me talk you through the piece of s**t.
1: I need to pay some money to someone (ta dah online banking, simple bank transfer……)
2: I try to transfer money on the online banking but it wont let me, says i need to set up a new payee. So after messing about I phone up the help line “you need a card reader”.. What the f**l for, im not a shop, i dont need to swipe cards etc what are they on about. Well, for a s**t idea they tell me they have to send me a card reader in order to be able o add a new payee into my account to be able to transfer money to that payee. Great, so i need to wait for the thing to arrive, why don’t they give you this and tell you about it when you join up.
3: piece of s**t arrives, packed like a cheap budget calculator from a bubblegum machine.
4: I follow instructions and cannot believe what a f******g piece of sh*t it is. Let me talk you through the process, this is not exaggerated and is actualy clearer then the on screen instructions. How they have made it so long winded is a total joke. So here is the
details of what you need to do:
* Stick card in card reader.
* press respond
* Enter card pin number
* press ok
* enter the 10 digit or so code numbers displayed on the online banking page into the card reader
* a new 8 digit code is displayed on the reader.
* enter 8 digit code into the web page
You now have a payee added.
Now select to pay payee
* Stick card in reader, press ok/respond whatever
* enter pin number
* Enter code displayed on the screen into card reader
* 8 digit code is then displayed on reader, type this code into the web page.
YOU CAN NOW MAKE A PAYMENT!
I HAVE NEVER SEEN ANYTHING AS F*****G STUPIDLY DESIGNED AS THIS.
I HATE IT!!!!!!
Are you meant to carry this piece of cheap cr*p around with you.
ARRRRRRRRRRRGGGGGGGG!!!!!! thank god i find this page and allow me to vent the truth.
If you think this card reader is a good idea you are a f*****g idiot.
Thankyou.
Im with LEO – does any bank NOT HAVE these card readers cos Im moving from smile, I have the fecking things.
It is there for our protection. To those who still live in the dark ages and find it too much trouble to protect your wealth by punching in a few numbers, then maybe you ought to go back to the old method of posting your cash in a plain brown envelope?