Update, over 10 years later… I didn’t switch.
I have received in the post a Card Reader from NatWest.
They have designed this device to beef up the security around the (excellent btw) online banking.
The flaw? The fact that we will eventually have to take the damn thing everywhere you go. And the card of course.
The whole point of online banking is, afaiac, the fact that you can use it anywhere. Now we will only be able to use it IF we have the card reader with us, IF we have the card with us, and IF it actually works. And IF the battery isn’t dead.
I regularly use NWOLB at home and at work, so what do they suggest? “You could use someone else’s.” Well that’s just stupid.
- I have two accounts with NatWest, both of which are accessible with the same login credentials. However, only one of those accounts has a card new enough to use this card reader. When will I therefore be forced to start using the card reader? I don’t know, but I expect that they will send me a new card (meaning my saved card details at various sites will have to be updated) and probably another card reader.
- The amount of plastic, cardboard and paper used to send the card reader is shameful. From the outside in: Plastic postage bag, cardboard box, plastic tray, cardboard box (again), bubble-wrap, plastic bag.
- It is my joint account which is ready for the card reader, but the other holder (the gf) wasn’t informed, and certainly wasn’t provided with a reader. She has also used NWOLB from work, so that’s four places we already use the service, i.e. three places we now won’t be able unless we carry this thing with us. Which we obviously can’t both do.
I am happy to pay the few extra pennies it would take to cover the fraud that this device might prevent.
I am happy to take the risk that it is my account that is compromised if they just abandon this daft device.
I am genuinely considering moving to another bank if this reader turns out to be compulsory.
208 replies on “Why I might leave my bank: The NatWest Card Reader”
I was really surprised when a letter telling me about this turned up. At first I thought it might be some elaborate scam. It’s a really crappy idea. They have lost the plot. Is there any kind of on-line petition to espress our distain of this thing?
Not that I know of, but it would be easy to create one. But easy for them to ignore as well…
This card reader is ridiculous. I can’t believe they spent so much money sending them out, in all that plastic too.
I learnt three interesting things today:
1) When the batteries run out, NatWest will send you a whole new unit(!!) rather than just new batteries (bye bye environment)
2) NatWest branch staff have no knowledge of the scheme.
3) HSBC can transfer all my accounts in less than a week without me having to contact NatWest in any way whatsoever.
The whole thing does seem rather half-baked doesn’t it?
I welcome the idea of this device. I’ve used similar small devices at previous places, albeit without a debit card to put into the thing!
I believe you only have to use it when making transfers of money between accounts and to other people.
My thoughts may obviously change when the thing arrives 🙂
The fact that this device can read your card and gives you a chance to try out a pin number means you could in theory spend an hour or 2 trying the 9999 combinations for the pin until you get the right one. this obviously means that if some thieving scumbag gets hold of your card, they can get the pin without having to try it out in a cash machine first!!!
John, The card reader works like any reader in a store. It will lock the card after three incorrect guesses at the PIN number. That gives a thief a 1 in 3333 chance of guessing the PIN number 🙂
something tells me that some clever clogs will modify this device to not lock the card after 3 incorrect guesses and thus make a PIN cracking tool out of it.
i would actually hope that the card reader has no ability to modify the card in anyway at all.
All processing will take place on the card itself, the card reader is exactly that – a reader. If it is the case that three incorrect PINs lock the card, then it is the card (or more specifically the chip on the card – which is more like a mini computer now-a-days) which will lock itself. Unless the implementation is very poor – you won’t have anything to modify in the card reader – so you won’t be able to try out all 10000 possible PINs without the card getting locked after three.
As far as the system itself goes, I won’t accept being inconvenienced by it – if Natwest are willing to send out at least 5 card readers – one for each of the machines I use their online banking from – then I may be persuaded. Though TBH I was waiting for something that would push me through the hassle of changing bank – A&L are offering 6+% on up to £2500 on their current account – which when Natwest only offer 0.1%, makes the change pretty much a no brainer now. I resent being made to jump through hoops to reduce the risk and liability to Natwest.
If the card is locked so that it can’t be used in shops either then I hate it. If it only locks it for use with the reader then I would hate it less.
I welcome the idea – never have trusted internet banking (and it is the field I work in!). When my account was with Barclays, I specifically requested that the internet banking access was disabled. Couldn’t do that with NatWest, so I look forward to the introduction of the Card-Reader…
This card reader is a complete piece of rubbish. I got mine, enabled it, and thought nothing of it, it was only today when I actually needed to use it, and it hasn’t worked. The auth codes it is giving me keep getting rejected by NWOLB and they now tell me I have one more try or my card will be disabled, not going to try again because I’ve tried about 5 times, so the person I am supposed to be sending money to is being to be very angry and I’m very angry. My NatWest branch are going to get an earful tomorrow.
I think it is a good idea, you don’t have to use to for all online banking actions just some of the more risky ones. You will still be able to do the most comman actions without using it.
Its not a rubbish idea as such. It does help security. However they should have done what HSBC did and made it smaller and a key ring.
Also all banks will be using similar devices eventually anyway, in the USA every bank uses them.
Well that doesn’t sound like an endorsement to me.
Evening all, before i start i work for Natwest, who also support RBS Digital, Ulster Anytime, IOMB & Tesco PF, as well as the affiliated offshore Brands. The device itself is a standard issue one, supported and used by ALL UK banks, not just the RBS group ones, this also means that they’re all interchangeable, so your HSBC or Halifax one will work with your Natwest cards. In additon to combating fraud, the system is also being put in order to support a system called Faster Payments, whereby, any payment going to or from one of the APACS group banks will clear in 13 or so seconds rather than 3 days (no more excuses for late payments! :p ), hence a more secure system is needed than just pin, password and Customer Number.
In relation to battery replacement, the device if used heavily will last 3 years, so your average user will barely touch the batteries on one of these.
As for usage, it is only needed for second level functionality, ie whenever you currently do risky actions the system asks for 2 more charachters from your pass to re-verify who you are, these are the only points it will ask for authorisation, you don’t need it all the time.
As for why only one half of of a joint accounts signatories receiving a card reader i’m afraid i can’t explain this without giving too much internal stuff away.
Any further questions just ask, if you believe i am who i say i am cool, if not…well cool, i don’t care…
As for changing banks if it becomes compulsory; tough, like i said all banks belonging to the APACS clearing group, i.e all of the major ones are making these compulsory.
On a final note, these are proven to work, the RBS/Natwest Bankline services have used them for years. http://www.natest.com/bankline
– Bob –
We live in North Cyprus. My husband’s card is locked out. Not only can’t he get money out. Nat west said he has to go to British ATM to unlock it. But he can’t use it to buy a ticket home. Bloody ridiculous bank.
Every time I try to log on to NatWest I have to use the card reader even if I only want to see what is in my account. Is this a risky action?
It’s certainly unusual. Don’t think I’ve ever had to. Perhaps call them to check.
Ok, Bob, answer me this: I have just received the card reader, yet one of my accounts (the one i use most for online transactions) i don’t even have a card for! I am actually, because it’s solely for state-benefits, not supposed to have a card for such an account anyway. What will happen now i wonder or will i be able to use the card for my other account to administer the second account? Which seems stupid.
if you have 3 incorrect PIN attempts and your PIN is locked, you can unlock it at an ATM (providing you then remember the PIN number) This would be the same if you locked it in a CHIP and PIN device in a shop too.
btw, chances are these devices are going to be used for pretty much all online bankling transactions soon – and that means credit card transactions. oh, you will prob see them used for phone banking too
what did Natwest say in the letter that came with the card reader? obviously didnt state their case for introducing them very well!
JW – if you don’t have a card then you should not need the reader – for that account. you should be able to carry on as normal with that account. it is only when you use the account with the card that you will need the reader. so if you wanted to pay money from this account into your benefit account you would prob need the reader.
Thanks for your comments. I’ve received one of these and quite honestly it’s pee’d me off. I’ve not been informed about it prior to this just dumped with it, but hey that’s not your department 🙂
As for it being a benefit to security, there is some weight in that but also not so.
This will do nothing to combat man in the middle attacks ie: a pishing website pretends to be NW:OLB and takes the customers details. It will talk with the real NW site and the customer will be logged on, unfortunately so will the scammers. This is one of the attacks which already happens and will be able to continue in the same format with the card reader, especially if it is only being used for “less safe” transactions as you put it.
I cannot understand why something like a RSA keyfob was not chosen. They are used worldwide by very large companies, for secure access to VPN by home users, and by banks themselves in many countries. Typically it seems that we are far behind and in the wrong direction. The Whole Chip and PIN thing was funny in that large sections of Europe have had the system implemented for decades. It still amuses me that the only place I don’t need to use chip and pin is in the bank itself where I can take out the most amount of money. :o/
Well Said BOB,
i work for Direct Banking For RBS, im with a few of the people on here who say it was not communicated very well to customers, and they do look a bit off putting but to be honest why be so annoyed? its to PREVENT fraud. If your happy to let your account be the victim of fraud so be it. The bank are introducing these to help and change banks if they become compulsary? whats the point? as the second largest bank in europe we might be slightly ahead of the game than other banks but they will follow suit, thats a given so you will have to use them wherever you go. just my opinion
So Bob’s comment on changing banks is “Tough,” & Beth asks “Why be so annoyed?” I’m annoyed because I live overseas, need to make a transfer, asked for a card reader a month ago & still haven’t got one even tho’ I’ve asked twice since. No use trying to talk to them either–For one thing I can’t phone my branch nowadays, and when you get someone from that centralized number there’s nothing they can do except tell you to send a fax, which is about as technologically archaic as you can get.
And if I send a fax, they’ll phone me to check on my identity, & if I happen not to be home, then–to quote Bob again–Tough. And they have the nerve to say they can’t authorize transfers by phone?
Here’s another stupidity, too: The people who answer the international phone number aren’t allowed to return a call.
So, Beth, do you begin to see why someone might be annoyed? I’ve been trying to make a transfer now for five weeks. And I know that as sure as the good lord made little green apples, when–if–I get one of these things, IT WON’T WORK.
I’d just like to be able to talk to a smart human being who can do something besides prattle on about our Foreign Payments Team, and our Complaints Team. How about our “Look after the Clients Team”?
It’s annoying because it’s inconvenient, and worse, it will soon prevent me from being able to use online banking when I’m elsewhere.
Stopping legitimate users from doing what they want is clearly a bad idea.
It’s a ridiculous idea. I am quite irate, as eventually this will be standard and I am guessing necessary for all transactions.
RBS have just sent me one. Do they think I really need another piece of crap to carry about with me…..or do they think nobody ever uses internet banking without leaving the house.
Incidentally it’s not half as bad for me as I am a girl with what could be regarded as a ‘handbag’ to put the damn thing in..(it can live at the bottom with all the other nonsense I don’t need)..how about you blokes with your ever bulging pockets or worse, jackets that you can’t put down for fear of having the thing nicked.
What I’d like RBS to do is take the thing back and think a bit more carefully before lumbering their customers with unenvironmental and stupid systems. You’d think someone there might have thought to combine the thing into your mobile, or better still thought of a way of avoiding this rubbish altogether……….if anything concentrate on fraudulant email RBS!
If they are so concerned with security, how come none of the ATMs yet use Chip&PIN – unlike in France and Belgium, where all machines use the chip – and where they also let you keep ‘cash’ on the card – surely another missed opportunity for the UK.
It’s not a bad thing to be more secure online though the size of this unit and the packaging does seem to be an issue to some people.
You should remember that it is new and nobody likes change.
As time passes and more banks come “on board”, I’m sure feedback from customers will help banks to make future improvements (like a keyfob sized unit).
My main “niggle” is that these readers seem to be made by some company called Xiring which is a French company (Electrics & France don’t go together!!) – why can’t my bank find a better supplier.
Good old Natwest! I’m working abroad and use my online account quite a lot – tried to make a payment to somebody today and – without any explanation – was asked to use my card reader. My card reader? Card reader? What? The ‘help’ box seems to indicate that this is a thing that looks something like a calculator. I search for more help on the website and find no mention at all. Finally a google search shows your page, and I’m able to find out what’s going on – ie, that Natwest have managed to find a whole new way to take my banking experience to as yet undreamed of levels of frustration and rage. Argh! People who claim this has anything to do with online security are obviously in cahoots with the evil swine – this is revenge for all those cutomers claiming back unfair charges. No doubt this will not be the final measure. Maybe they should reintroduce the LENSLOK too? Or perhaps they could eliminate online fraud by replacing our cards with individual pieces of coded paper, of a range of denominations, that, for security purposes, should be handed physically to the person we’re completing a transaction with? Damn you Natwest! Damn you to Hell!
“I am happy to pay the few extra pennies it would take to cover the fraud that this device might prevent”
Take it from someone who works in the fraud department for lloyds tsb, fraud very rarely occurs in the form of ‘pennies’ and this device is going to be a breath of fresh air when lloyds invest in it. I have an account with Natwest and am looking forward to not having to worry as much about online fraud.
jimi, did natwest finally manage to send you a card reader to where you are working, or did they expect you to do no online banking at all until you went back home and collected your reader? if that is the case, then pretty shocking i would say
I received a letter from the Royal Bank of Scotland informing me I’d be receiving a card reader. This was the first I’d heard about it and I’m very annoyed about the device itself and the way it’s being introduced.
I don’t believe that this device provides better security, in fact it does the opposite. With RBS you have a user name and password, nothing else. Now I need my bank card AND this reader. This introduces a physical security risk now that I need to carry this device around with me. This means it could be damaged in transit, lost or stolen, causing massive inconvenience to the customer. Carrying this device around isn’t acceptable.
If this device is stolen from me and is then used for criminal purposes, what would happen if the device is then recovered by the Police and then traced back to me? I could be implicated in a criminal act. This may seem extreme, but in this day and age where insurance companies and lawyers look to ensure their client isn’t held responsible, it’s very possible.
At this time RBS says it’s only for certain types of transactions. However, how am I supposed to know what sort of transactions I’ll want to do and where I’ll be carrying them out? I could be at my office, another office, a family or friends house, or even abroad on holiday and I need to carry do something quickly. Unless I carry this reader I won’t be able to do that.
I believe that over time RBS will increase the types of transactions that will require the reader. I also wouldn’t put it past the banks to pass the cost of this device to the customers, requiring them to pay for a replacement.
I’d also say that this also helps the bank move the onus of security from the bank itself to their customers. They are making their customers be responsible for a device they did not ask for.
The great thing about online banking is that I can manage my money anytime, anywhere. Now that I’m required to use a physical device, I’m tied to where that device is. The advantage of online banking is therefore removed. I may as well use the phone banking or find a bank with a local branch that I can use!
I’m all for security, but this device, in my view, compromises it. Right now I already carry a piece of hardware that could be used, it’s my bank card. The numbers on the card could have been used to provide additional security and it’s on a convenient form factor that most people carry around with them.
Lastly, my PIN number is good enough to take cash out of machines or pay for goods or services. If the PIN is good enough there, it’s good enough for online banking.
If online banking requires this sort of device, then it’s inherently insecure in the first place.
We concur with all the comments – the first we new about it was when we went to add a new payee – no prior notice that we could find. We have made an executive decision to revert to cheques and snail mail as have a number of entities around us.
In addition to my post above, I contacted my bank’s branch and lodged a complaint. I did get a reply, but it really boiled down to the bank saying, you’re getting this wether you want it or not.
If enough people are against this device, why don’t we get together and make a mass complaint to the banking ombudsman?
Dunedin397, you’ve said (in comment #31) all the stuff I thought but didn’t write in my original post!
A mass complaint is likely to get more reaction, but I don’t think they’d change anything until after a huge number of customers actually left.
Well I share the same concerns as most of you, I just don’t know where to begin!
The first thing I knew about this card reader is when I unexpectedly received a new card (even though my old card didn’t expire for another 2 years) along with a letter telling me to expect a card reader soon.
When my card reader first arrived, the way it was packaged made me think it was some sort of free sample, I can’t believe how much packaging is used to send these things, it’s crazy – what a waste!
What I would really like to know is (and I’m surprised that no one else has brought this up), how does the card reader communicate with my bank? I originally thought I would have to plug this device into my computer but it appears not, surely data is not sent wirelessly to NatWest, is it? How else would the card reader know my pin?
I found a section dedicated to the NatWest card reader on the NatWest website at http://www.natwest.com/reader but it still leaves a lot of unanswered questions.
Jake, the reader doesn’t need to communicate with the bank, it’s just a convoluted way of checking that the person accessing the online banking has the physical card with them. And the bloody card reader of course!
I’ve actually spoken with the bank and lodged a complaint, so we’ll see what happens.
Ultimately I don’t think a lot will change, but I believe a lot of non-IT savvy people who’ll get this won’t realise straight away what the implications are. For me, this is as bad as proposing to charge for taking money out of cash machines.
I’m going to put together a document on why I believe this device isn’t going to add to security, but I want to ensure I’m know as much as I can. Has anyone seen anything published on the web on how US customers have fared with this or if it’s had any effect on online fraud? If so, could you post links here?
Well, I asked several tellers at two RBS branches about this after I recived my initial (and lacking in detail) letter about this. It was this page that acctualy explained it to me.
It arrived today, so I took it to my bank and said “I don’t want this”. The teller said “Oh ok, I’ll have it destroyed for you”.
I don’t think she had a clue what it was, but I’m going to have fun when the system activates next week and I can no longer use digital banking! (as you can tell, I don’t like my bank much)
I can see another problem with these however. Customers will trust these devices, promised to protect them from fraud. Yet there is no way at glance to tell one from another. Is it not therefore possible that a fraudster could create a skimmer within the exact same casing, and then use it to gain card/pin details from customers?
I like it. I feal lyk a yuppie. I feal speshal. My bank likes me. I miss my canculator, this is like a canculator. I hate windows canculator.
I don’t really know what to make of that.
(completely unmoderated btw.)
What is up with you lot? Do you really have a braincell amongst you? Does it matter who is saving from reducing losses??? At the end of the day it ultimately affects YOU. Losses will mean even lower interest rates and higher/monthly charges!!!
Have any of you faced account take over?? If you have you’d know what a total pain in the arse it is?! You loose your credit rating and money and takes a long time to put right. This isnt always your banks fault but quite often yours! And your moaning about keying in a secure number during online transactions?? I will look forward to the increased protection this will give me. If you wanna blame someone, blame the fraudsters or yourselves, when your not so hot in looking after your personal details.
Oh just to add this reader means you hold not only the card but the PIN too. If you enter the pin online in can be captured which makes your card/data even more vunerable. This proves you have the card and know the pin. Unless you tell me the pin and I have the card, noone can use it with this method. If you tell someone the pin and they use it, sorry its then been proved that you were negligent. Thats your problem. Not mine or the banks!!
Only if I tell anyone my customer number and my password and my pin can they use the site.
If anyone gets in it would be my fault, I’m accepting that.
We don’t need this card reader to prove that it was me that gave out my details.
Only if I tell anyone my customer number and my password and my pin can they use the site.
If anyone gets in it would be my fault, I’m accepting that.
We don’t need this card reader (a fourth security element) to prove that it was me that gave out my details.
Its stops your details being used a subsequent time!!! If you don’t have this I could currently capture your card details and go shopping. With the card reader, each time it requires a number which changes EVERY time I shop. Thats the clever bit! If you are intercepted, the fraudster still wont benefit from having you details!
Woop-de-do. So an attacker can’t use the pin thing again. But if they got far they will already have all the other details. NatWest have clearly said that only some actions will require the card reader. I’m sure that many of the others will be disruptive if taken by the cracker.
well it seems that the problem with this is still on going and further research in work i have found out more. the card reader WILL work anywhere in the world as it is not connected directly to the PC. You do not have to have a debit card on EVERY account all u have to do is link one to it, the debit card is for verifcation purposed and as a customer this card is linked to your own profile with the bank NOT you customer number with Digital Banking, You will be able to cross brand (ie use RBS reader with NW) and also cross bank (RBS with HBOS) it is only required for 2nd level things, ie when you set up a new Payee/beneficiary or set up a standing order etc normally where you are asked to again confirm 2 random password characters, i work for the bank and have NOT been sent and new card or reader so its a random selection, So its a v good and safe idea.
As for the comment about a skimmer…. how could they get your card details and clone the card unless you used somone eles device of give your device to somone else? then ou would be liable, also as for only needing you customer number password and 4 digit code to get in to digital banking your right… but what if a virus/tracking cookie/keystroke logger gets into your computer how do u know they havent already got thi information.
And like i said it doesnt matter when this comes into force because as long as you have ONE debit card for ONE of your accounts then it will work.RBS business accounts have been using it for a long time and we did not have this uproar.
The pin is NOT entered online it i used on the card reader and if your worried about you pin and card number being compromised then this could be done in any store, at any ATM even in your own home. Jut give it a chance. I cant comment on how convienient or not convienient it Actually is as i dont have one but in theory it is a good idea
I welcome the idea of additional security but find this device cumbersome and inconvenient! mostly as I log in from different computers a lot of the time.
I for one WILL not be carrying this around, each time the device is required I will simply ring action line and carry out the transaction through them.
A friend of mine has told me that he’s getting an RSA keyfob to use with his bank account – why couldn’t Natwest do this instead? A keyfob you can attach to your keyring can be taken everywhere with you, who is going to be carrying a card reader to/from work and other places they might want to use NWOLB?
Any Idea, even if it is inconvenient but increases the security of online banking, is welcome. I had been the victim of fraud and clearly see that this small inconvenience may save everyone from disaster.
At first my initial reaction was “What a stupid Idea they really didnt think of this?”
now after much deliberating I am comfortably satisfied that I was right. I am all for extra security, but the device could have been alot smaller. My main concern is that maplins of all places, sell chip readers, and anyone with a tiny bit of programing knowledge can easily access the chip on any card and decode the pin, there is actually software for it. Couple it with the fact that these units could easily be replicated on a computer through the form of the widley known keygen, means that anyone who grabs a card or just happens to see what someones pin number is (remember, cashpoints, cameras readers) will be able to take advantage of this.
Honestly the idea is good in principal, but it really needs a little extra thought in it. There are many things that can be done to this idea to make it better and more secure, and im a touch worried, they wont be apparent untill the worst happens. Unfortunatley, i now think this makes things easier for people.
To whoever said that they would pay a few extra pennies to cover fraud cant have ever had the inconvenience of having their bank account fraudulently used. It takes about 10 working days and a series of phone calls to get things sorted and in the mean time you have an empty bank account.
The reason why you dont use chip and pin at the bank is because there are still people who do not have chip and pin cards. This includes Americans who dont use chip and pin. Our cashpoints still have to take their cards and until the rest of the western world uses chip and pin we are going to have to wait, which really makes the concept of chip and pin useless. But it is quite useless anyway as has been proved by a university (cant remember which one) who made a chip and pin card reader which allowed the fraudulent use of chip and pin cards.
This system is a start to stop these groups of fraudsters taking OUR money. They need to be stopped and if this is going to help then I for one am all for it.
It was me that said that.
I’ve had my Credit Card fraudulently used, and it was sorted within 2 days.
The reason we don’t use C&P at the bank is that we are then dealing directly with people who the bank have authorised already.
You’ve even managed to contradict yourself – you say that C&P has been compromised and then say that you’re happy to use this system.
interestingly, natwest are now asking for a pin (via a chip and pin reader) when you make trnasnactions over the counter at m y branch…
Got mine through the post this morning, I don’t see what all the fuss is about. You don’t need it to log on to NWOLB, only to make payments. It’s not like I need to carry it everywhere I go because I wouldn’t feel comfortable making payments on public computers anyway, so it doesn’t make a lot of difference in that respect. In terms of using it on a work computer, yes the thing is bigger than a keyring but it’s still pocket sized. You just got to remember to take it with you. Besides something smaller is more easily lost.
As far as the joint account issue, just phone up Natwest and ask for a new one. I’m sure they’ll oblige.
If you can plan that far in advance, why not just do the transaction then?
This is AWFUL. I have been sent a card reader but no card, so I cannot do ANY onlline transactions. If they send me a new card I cannot use my current cash card until it turns up, and often postmen need you to sign for these, and then they end up in sorting offices, get sent back to the bank,etc. I work away from home a lot, so obviously this card reader thing is a big disaster. I have been with natwest since I was about five (piggy bank) but I am leaving for more ethical and less plastic pastures new. It bugs me that some idiot thought this would make customers happier!??
You guys are stupid, this system has been introduced in Switzerland for already 5 years and until now everyone likes this system. And as far as i know Swiss banks are the best at everything including security. I think the problem here is that British people hate innovation and they don’t like to evolve. USE IT and you will get used to it. You guys are just too stubborn.
Guys we are in the 21st century and Britain doesn’t have any more colonial power its just another EU country like the other 25, get over it, integrate with the rest of the world, don’t try to be rejects
I think some people have missed a couple of key points here:
The card reader is generic and not Natwest specific – there is certainly nothing unique about YOUR reader – it will work with ANY chip’n’pin card, just like the ones in the shops. This means that in a year or so, these readers will be very common.
Okay, so it’s a bit of a hassle now if you are at work and your reader is at home, but you can borrow your colleagues/friends Lloyds TSB reader or Barclays reader – it doesnt matter. You don’t HAVE to use a Natwest Chip’n’Pin machine when you are paying for your shopping at Sainsbury’s do you!
And remember that you only need to use a reader for 2nd level authorisation – eg. add new payee etc.
Finally, as bob stated above, if this facilitates faster online payments – 13 seconds vs 3 days I all for it – I’m sick and tired of the banks holding onto the money for all that time.
But, with that all said the amount of packaging relly is disgusting! Come on Natwest!
Very useful thread that helped put some perspective on the issue.
I’m left with the conclusion that this is an admission that On-line Banking is not secure (big surprise have you ever dealt with any of their ‘experts’?), and the banks, particularly Natwest at this time, don’t intend to make it so – as its cheaper to assume that its the fault of the customer.
If the problem is the customer it doesn’t matter what they come up with – so they might as well just cover themselves and protect their revenue. Social engineering is still the biggest problem to any security system in any industry.
So we receive yet another hoop to jump through before gaining access to our own money (remember that, when they phone you and then ask you to prove who *you* are by “taking you through security”), but we get a whole new breed of potential problems that stop you accessing your money for what may be critical services (hospital insurance payment in a foreign country anyone?):
1. You don’t have access to a card reader (going to borrow a strangers?)
2. The card reader may not work for an un-quantifiable number of reasons
3. Your card may not work
– you have no/lost your card (which is why you are accessing On-line Banking)
– you have no pin
– you have a joint account with only one card (by design – taking cash out is different to making bill payments)
– broken mag-strip (more common with Oyster carriers these days)
– broken Chip
– you deliberately destroyed your card due to the convienience of On-line Banking
4. The numbers generated may be wrong
5. The online system for checking the numbers may be faulty
6. You miss the window or are on the threshold of it for entering your number during long/slow on-line processes
Current On-line Banking with Natwest has none of these problems.
Perhaps there is a nice expensive number to call for ‘technical support’? Or a hidden commitment to ship within 8/12/24hrs a replacement should any of these things inconvienience you? Or you just phone Actionline.
For all the finger pointing about users being resistant to change, the beneficiaries of not adopting/mis-implementing this are the banks – who get to refuse to innovate on services and keep your money for longer, whilst pointing at each other and stating that they are only following the industries ‘developments’.
For those who have been a victim of theft/fraud – this is an attack that does not scale, if you are careless with your details, it should not affect my account – be very worried if it does, but this ‘innovation’ won’t help protect against this.
With all other things being equal the qustion is – why have Natwest managed to mess this up so badly, and do you want them protecting your money?
Switzerland and RBS, etc have all implemented this and some people seem happy – its the first I’ve heard of it – what did they do right? Why aren’t Natwest adopting a system that already works?
But don’t just register a protest vote, suggest a better alternative (appeal to someones greed to climb the ladder), and in the meantime I’m going to ‘lose’ 1 of these a day until I can be sure that there is an abundance of them in my vicinity just in case I’m stupid enough to want to use their, by self-admission, insecure system to transfer my money.
Maybe once they have run out we can get a better v2.0
Lets remember that this device won’t actually prevent fraud, merely make it harder for someone other than ‘you’ to login to internet banking. Anyone can make charges to you account so long as they have the card number, expirary etc. When I had fraud done to me, it wasn’t because they logged into my account, its because my details were stolen; probably to make a clone or what not.
So glad to have found this site – I thought I was going mad when I received the Card Reader mailing this weekend as I hadn’t read anything about it elsewhere. If you put “Card Reader” into the NatWest On-line search facility it does not come up with anything relating to the introduction of this irritance. I use NatWest on-line from abroad and am sensible enough to take care of my own security without having to pack their little black box everytime I travel. I note that another poster received a new card way before their old card was due to expire. I recieved a new card 2 weeks ago, with no explanation (just said it was to give me the advantages of chip and PIN early – der, had that since it was introduced). So I called my “personal banker” who told me that it was strange that she had had several calls like mine and that she was instructing people to cut up the NEW cards! Oh to have the benefits of a “joined up” banking service”
Don’t think advertising the details everywhere would be too smart, do you???!
Its here to stop the ‘man in the middle’ attacks – a key logger, for example.
Still can’t believe how narrow minded some of you are being!
This isn’t about lack of security at banks online banks. Its about stopping criminals between you and the bank being able to use your details to carry out further transactions.
This isn’t the responsibility of the bank! They can only do so much to make their site secure – they cant stop someone else picking up your login details, can they?!?!
If some of the banks don’t know what it is, thats just poor communication and terrible customer service – I’d be looking at taking my banking elsewhere than trust my hard earned with them!
Easy to slag things off isn’t it, but think just that little bit harder and you’ll see its actually quite a good idea. Certainly less inconvenient than having your account taken over by a crim.
And yes, I’m an insider and see the effects it can have on people, and why 2 factor authentication (as its called in the industry) is so essential.
Ladies and Gentlemen
Your attention please. Here are a few facts for you to digest. Take your time and think about this:
1. Online Banking is a privileged “extra” service provided by the banks, they do not have to provide it and most importantly they do not have to provide any protection for using it what so ever. They provide their “security promise” because the rest of the industry does. But by all means, get annoyed with them and boycott their internet bank service, it will just end up not being cost effective and they will take it away from the masses making us an even more backward nation (we already lag behind the US, Japan and a lot of main-land europe). Go for it, be stubborn and bloody minded.
2. This card reader technology is an industry standard and the majority of the banks are going to be introducing it – or something very much like it – in the near future. It is a future proofing device (and for those of you that are a little on the simple side, future proofing means it’s use could be adapted in the future to cover a wider variety of things on the internet, not just the internet bank). So, by all means, carry out your lame threat of leaving your bank to “teach them a lesson”, I’m sure they will be so very sorry to lose a miserable complainer like yourself. You could leave them to avoid the teething problems they are currently having, and go to another bank but rest assured that “other bank” will be introducing it as well and they will go through the same teething problems so you will just be delaying the inevitable!
3.Go for it, stand your ground and fight the mite that are the banks, after all they are only trying to secure your money – to become a stronger company – to be able to offer better products. At the end of the day, no one is going to argue that banks are in the business to make money (anyone that does is just lying), but think about it, they make more money by beating the opposition and the only way to do that is to offer better products to the customers (higher savings rates etc). The only way they can offer better products and offer you a better service is to be more efficient to have more money to work with. The internet bank is one of the big holes in their security because they have to rely on us the thick public on our own PC’s. Us thick morons that reply to “phishing” e-mails no matter how many times we are told NOT TO and us simple ones that decide not to have any ANTI-VIRUS software because “it’ll never happen to me”. They can’t help us, despite what they do we just don’t listen and these internet bank facilities are costing them a fortune in lost profits, so they introduce this measure (industry wide) to try to help us realise the value of our money. But what do we do? Complain…shock!
Well, I have just forgotten to bring my card reader to work again!!! Am I stupid, forgetful or simply old-fashioned? Well, I hope not, I’m 26 years old! It would’ve been fine, but as Murphy’s Law would have it, I need to make an important payment, to a new payee. Which now can’t be done, however, as it was politely pointed out to me by a colleagues, why not use the telephone? Well, I could I suppose, but doesn’t that defeat the purpose? I still provide my details over the phone, in full earshot of people in the office. I could go to the bathroom and do it there, but should I really have to go to such lengths?
Personally I don’t think so. This device has caused me hassle and endless grief. Fortunately being the “narrow-minded” sole that I am, I contacted HSBC and they assured me that I they currently don’t have plans to introduce such a device and they can transfer all my accounts, by simply calling them. My partner is with HSBC and well, she laughs at me every time I have a rant about this thing.
Well, I have now had enough, I’m taking back control of my banking and leaving Natwest after a long and mostly successful relationship. I must mention that I appreaciate what they are trying to do and that I’m probably ungrateful and “idiotic,” but I was under the impression that efficiency and progress was the name of the game these days. I want to do MY banking when I want and where I want. Hopefully HSBC remains strong in this respect and true to their promise.
All banks and B.S. are looking at implementing this over the next 18 months or so. The agro of leaving one, to go to another won’t get you away from it.
This morning I was watching BBC News and some guy came on who had his identity taken over. It took 2 years to get sorted having lost a property purchase (which made him homeless) due to poor credit ratings etc as a result. 2 days to replace a card, as a previous note suggested, was just a card, not an identify. This reader is another process to help reduce this risk.
Your current account is the greatest risk owing to the many types of transactions where info can be picked up. This reduces another loophole in these systems / stops another route for crims to capture this info.
Your choice. Keep fighting against the banks, you wont win. Its not just for their benefit.
As suggested above, each time you move, you’ll be with another bank just about to launch and learn mistakes. Are you not better off staying with those that sorted their systems and processes early on?
Maybe, but until then I am reeeeeally happy, that I still have my basic HSBC account. I was working in the UK but I moved back to my home country end of June. Today I was going to transfer some money from the Natwest online to a new payee, but I was surprised…card reader??? what the heck??? Probably they sent me a reader, but to my old, UK postal address-so long story cut short I have to transfer the money to may HSBS account /I have got it among the payees/ and from the HSBC online I can send the money further. Crazy! Paranoid society!
I just got stung by not having one of these on me. Im in an internet cafe.. lets face it.. this card reader is a bad idea for the consumer.. we get our money back if our accounts are robbed anyway? perhaps all computers will have a card reader as standard.. but for the moment why not enable us to lock our online banking to specified ips?
having spoken to Natwest by phone I have been informed that the ‘reader’ is only needed for ‘online’ transactions so there will be no need to take it with you anywhere – I have suggested that when they send the letter it should include part of your account number do authenticate the letter as I certainly wasnt sure this was a bona fide letter or a spoof scam attempt.
That is the exact problem!
What a bunch of Morons!! Not the Banks, You Guys!!!
I haven’t received my Card reader yet and i am disappointed about that, i want to be more secure, i want to be safer, i want to be as least vulnerable as possible to fraud and most of all i am open minded and not afraid of change. Majority of my colleagues have the device and are nothing but happy with it, never had any problems, carry their reader around with them no problems. Don’t be so lazy and technophobic, just do it, get on with it and stop complaining – either that or when your chances of being a victim of fraud etc are dramatically higher than those of us that just adopt the “Proven” System then see if you complain so much then.. Its never happened to me but id imagine it is one of the worst financial situations to be in and can leave you entire credit history in pieces which in most cases is irreversable and leaves a black cloud above you head for your whole life preventing you from doing a lot of financial things.
You think you are the victim now having to adopt to this system, why not think about people that have been a proper victim, but hey i guess it will never happen to people like you will it???!!!
I’m a web developer, I hardly think I could be accused of that!
I genuinely believe that this device is overkill, and a will be a nuisance to many more people than it will unwittingly save.
Ok, but do you not think it is worth it if it can spare even a select number of vulnerable people from online fraud?
I’d like to see genuine stats on who’s to blame for online banking fraud, I suspect the individual account holders will not be blameless.
I just received mine today – Haven’t activated it, I will wait for the automatic activation in 21 days, until which time I don’t need to worry about this!!
I have gone through the Natwest website help pages and they mention only about the respond key, which seems to be the one that is discussed here for online banking purposes. You get an 8 digit reference which when entered on the card reader will provide you with a secure code to enter in your online banking page.
However I think there may be more surprises like this in the future. The card reader seems to have other keys with “identify” and “sign” labels. If you press the “sign” label, the reader ask you for your PIN first. Once the PIN is entered correctly it asks for a REFERENCE. I tried 12345678 and then it asks for AMOUNT. If you enter an AMOUNT, then it gives you and 8 digit code.
Any ideas what these additional keys would do???
Online fraud is rocketing and some banks are trying to help out by increasing security. People used to moan about having too many pins and passwords not that long ago but you don’t hear much about that now. Why? Because eventually it becomes the norm. Just to correct a point from above, no the bank doesn’t just give you your money bank if you have given your security details away. If somebody in a naff NatWest secrurity outfit stood by a cash machine and asked for your pin number before you used the ATM, would you give them it? I think this is a step in the right direction and I have doubt they will improve the offering in future to make it even more user friendly. Also it doesn’t have to be the card reader you recieve that you need to use, you can use any reader as it is your card that is important for these transactions. Stop moaning and be thankful they are trying to combat fraud.
I have just read all of this blog concerning the card reader. It is clear that several of the posters here have not any understanding of security and the Internet. The statement “I am happy to pay the few extra pennies it would take to cover the fraud that this device might prevent” is supporting crime I’m not sure that NatWest would like customers with that attitude!. If you need another reader for use at work, ask and you can have another one FOC.
Just to add to fuel to the fire – Barclays are going to use their PINsentry card reader when you want to make a payment to someone new and EVERY TIME YOU LOG ON! Now you’d better not leave your reader at home!
We will all be paying for banking services soon and this is just the latest manifestation of a loss in consumer power over their bank.
Fraud isn’t my problem. Its the banks. If somebody fraudulently acquires my details and uses my account then the banks legally have to cough up. This hindrance on my access to my own money is purely so that the banks can make even more money. Its not for my protection at all!
So I’m looking to shift my money to a new bank and although many others may adopt this annoying system I suspect it will create a market opportunity for smaller players who won’t impose it on it. Its about time I shifted from a high street bank anyway … I’ve been screwed for far too long by interest rates which are 1 – 2% below the current market rate. Natwest you can kiss my £150k savings goodbye and I won’t be buying a mortgage from you either (but then I never would have anyway because although I’ve been stupid/lazy enough to maintain my account with you over the years the time has now come to move).
To put this to rest, a colleague of mine just got stung for over £15,000, How you ask? THE SCAMMERS USED A CARD READER!!! They were somehow able to get a Royal mail divert on his mail while he was on a consultancy assignment for 3 months. So all his mail including a new card, a pin number and a card reader were sent to this forwarded address. The scammers then transfered money and did online shopping to their hearts content. Did the card reader help? no it just gave them a direct link to the bank. What is the lesson here? The banks should find more intuitive ways of combatting fraud, not introducing elaborate technology which does not deal with the route of problems.
I think it is another thing to add to my Mobile phone, Blackberry, Ipod and wallet, car keys and USB Key which I have to carry every day. I have had 4 occasions where I wanted to do something online and couldn’t because my card reader was no where to be found at the time I needed it.
I’ve scanned through this thread but I can’t see why people in favour of the card reader think the current NWOLB system is insecure? Phishing or MITM attacks surely won’t work because you only ever type in selected characters from your PIN and password when logging on, and they are never the same combination of characters for a subsequent session. Of course if you have a short password with the same letters repeated the risk increases, but that’s just basic security. NWOLB log-in details are virtually “one-time-only”, and pretty damned secure. I imagine we’re all going to have to get used to this card-thing like it or not, but again, what’s the point? The current system is much better than at other banks like Abbey, where you type in the same full password and pin every time you log on. I can only assume it is risk-management for the banks, dressed up as security for the users.
Well I have a few scenarios which Natwest haven’t thought of and means this system is actually more dangerous than normal online banking.
Scenario 1: Using system in multiple locations (As well all need to do) – online purchases or internet banking.
Take card reader with you and card. Lost = no internet banking and no purchases
Stolen = fraud!
Scenario 2: Going abroad/away.
You go away without the card or reader. You need to book a new flight as the one you were on has been cancelled and you want to get home – go online try to buy a new ticket – sorry no card reader.
You try to check you bank account or make a payment – no card reader
Scenario 3: At work or internet cafe.
You take the card and reader with you. try to plug it in but the network guy says you can’t as it is not a “trusted” device. No banking or online purchases – which is great if you use this card for work purchases!
I’m not bittter. Just know that this scheme will backfire badly and end up costing the customer.
What if you break the reader – who pays? (free one from bank, takes time, customer ends up paying through bank charges).
There are safer and better ways of doing this and this system introduced will lose NATWEST many customers – I bet there was a whole team who went – “that’s a great idea it will save us loads of money and effort”.
One word somes this system up:
WELL THIS ANOTHER STANDARD RESPONSE! NOT RESOLVING ANY ISSUES OR CONCERNS – BYE BYE NATWEST!
When managing your finances online using your customer number, PIN and
password is safe and convenient. But we’re always looking to enhance your
security, using the latest technology.
We are adding a new way of protecting important information that passes
between you and your account online during some transactions. This protects
you from the increasing sophistication of online fraud. For some
transactions we already ask you for an additional layer of security – two
additional letters from your password.
Instead, we’ll now ask you to use the card-reader we’ve sent you, which
creates a unique link between you and the Bank for these transactions. It
uses numbers we will ask you to check to ensure no-one else is reading the
information you send us.
The card-reader will verify numbers you enter on its keypad and generate new
random numbers for you to use online. As these numbers change each time you
use the card-reader, they can’t be imitated or copied.
The card-reader has been introduced to help make using the Online banking
service more secure, however there is no need for it to be used every time
you log on. The Online service will prompt you when the reader is required.
This is when you wish to create or amend and payment details whilst using
Digital banking. For example if you wanted to add a new electricity
provider, or to amend a payment to an existing 3rd party, the card-reader
would be required. The reader is not required when making a Maestro payment
The card-reader should not therefore impact your ability to monitor your
account using the Online service while you are abroad.
If you are unable to access your Online banking at any time, for any reason
we do have a 24 hours telephone banking service, Actionline, who will be
happy to help. The number for Actionline is 08457 888 444.
The card-reader is a non-optional service and we at The Royal Bank of
Scotland are one of the first Banks within the UK to introduce the service,
however soon all Banks and Building Societies will be introducing this
To help our customers gain a better understanding of the card-readers we
have introduced the following page to our web site, http://www.natwest.com/reader
. This site contains information regarding the
card-readers and its impact on your account; it also contains a
demonstration of how to use the card-reader.
I hope this resolves your query, however if you have any further questions
please contact our Enhanced Security Helpdesk on 0845 300 6431* and we will
be happy to help.
Not only is that a stock response, it’s poorly written.
Your right – Scenario 3 is not valid. Still a major hassle for the other ones though.
A little concerned about the comment ” soon all Banks and Building Societies will be introducing this
hmmmn – could be the death of internet banking and online stores.
I have never used one of these before so it shows how crap nat west are. It took me 2 secs to find you equally pissed off people. NAT WEST ARE CRAP. I have had problems with them for years and only stayed with them as it is my husbands account. Now I have had enough. They can officially bog off. Sorry nothing constructive to say I had to vent my feelings. I do not want compensation I want to be able to use my own money!!!
All these talks are really interesting as I was almost going to move to my sleepy Natwest account and convert it as my main, now for sure there no way I will.
My friend uses Barclays and got soooo pissed that he is now looking to change because of the inconvenience of the Card Reader too.
So : what are the alternatives ?
if all banks are going to use soon ?
I have Smile as the main bank but their web site is disapointing me as it doesn’t provide any download possible.
Anyone recommend an online bank with “normal” login and statements download ?
I have used the card and I agree with all his arguments. I have been a victim of online fraud a couple of times, but I’ve always had my card covered and all the money was returned to my account. This device is not meant to protect the banks and insurance companies, not the customers. They don’t care if they have caused us inconvenience.
In fact I think instead of discussing the pros and cons of this card reader, we should all swap banks. That would send them the right signal. I am closing my account for sure, there’s no point in online banking if there’s no portability.
Just two cents worth. I think we have so much misconception here.
Re-iterating what a load of others have said, the whole point of this is to prevent any fraud happening on your account. Lets say it another way, if people stop following those SPAM or FAKE e-mails advising them to log-in into their account using a URL link (obviously contained in the e-mail), then the world would be a safer place.
The very fact that loads of people do this, continue to do so, means another prevention activity is required – the only thing that apparently works is a PIN device.
Yes it’s not full-proof, it’s inconvenient, but if if reduces or removes the risks – what’s the harm?
I’m a Barclays accountholder and have received a PINsentry device – which is pretty much a rebranded Natwest device for my Barclays online account.
I think the card reader is a great idea – looking at the scenarios quoted above:
1) Online Purchases
Online purchases/telephone purchases don’t require the card reader – so there’s no reason at all why you can’t use your card fully when you dont have the card reader with you.
2) Online Banking
You can access the Barclays OLB and from what I understand, the Natwest OLB system without using the cardreader. It’s only needed for making payments to new third parties (i.e. the risk element of OLB).
Also, the average Joe Bloggs accesses OLB to make third party payments from only a limited number of locations. (I use it from home & work for e.g.) Barclays are happy to send out additional card readers.
3) Making Payments without the Cardreader
In circumstances where you don’t have the cardreader with you, you can still make payments to third parties over the telephone – so it doesn’t put you in a compromised position in an emergency situation.
4) “Plugging the cardreader in”
The cardreader doesn’t connect to your computer in any way. It is a standalone device which uses your card to generate a one-time one-use 8 digit number which can be used on online banking.
The idea is that when you get sent out a new card reader (and 5 years is a long time – the technology may well have developed massively by then, bearing in mind online banking has only been around 20 years) – you return the old one to your bank via a freepost address. (My Barclays one came with the details on how to return it if there’s any problems.)
It’s very easy to be critical about the system when the banks take the hit for all fraudulent losses, but the fact of the matter is the more fraud goes up, the higher our bank charges and lower our interest rates do. It is most certainly in the banks interest to reduce these – but in the same way we’re saving in the long run, both by getting better services and not having hiked bank charges. Faster payments in themselves save £23 (Natwest CHAPS charge) per payment that you make for same day payments – and revolutionise the banking system.
I’ve just had to use my card reader for the first time.
I was setting up a Standing Order from my main account to my joint account (both NatWest accounts).
Bizarrely, since it’s only my joint account that has been activated for the card reader it was that card that I had to use, that is I had to use the payee’s card!
Obviously this is a slightly unusual situation, but it does still seem odd.
What I find odd is the lack of consistency.
I received my letter followed by card reader about 2 months ago.
My girlfriend is also a Natwest customer and she hasn’t received either.
Is this something to do with the type of account she has (I’m pretty sure it is a standard Current account)?
[…] on Jez McKean’s blog, he has a post similar to this one detailing the woes of using the Natwest card reader. Take a […]
As a Barclays customer, I can also feel your pain. I posted an article on my blog about the woes of using the Barclays card reader and it received a massive response.
I hope you don’t mind but I have linked your article and used a picture of yours to help raise awareness for all banking customers.
Hi there have read all the thread and although it seems that some people have issues with the card reader not actually increasing security it would appear that the main problem is the size!!!!
Its ok Natwest saying that the reader is not required for all transactions but whats happens if im out and about and need to add a new payee and make a payment to somebody? As mentioned before the problem is that people are not going to carry this huge reader around with them everywhere.
It would appear that Natwest need to invest in the small keyfob sized one to at least limit the inconvienence!!
Just my 2 cents
As someone working in this industry, and particularly on this product at an International level (not for a bank), this blog makes interesting reading.
There seems to be only a smattering of problems that people have – mostly to do with logistics – but of course as it’s your money, it’s a huge problem at the time. And I empathise as we’ve all been there at some point.
But, for those that don’t know how to use the readers, try looking here:
For those that think the device is too big to hump around – petition NatWest to look at alternatives, there are plenty available off the shelf in the market (see: http://www.xiring.com/o2s/en-GB/pageLibre000133f3.php), but your current one is designed to be usable by those with various disabilities (i.e. is the non-discriminatory version)
For those that don’t see how it helps with security, the simple fact is that the banks that have introduced this device have already seen upwards of 75% drops in eBanking fraud with those using it. Think about how you’d cope if your current and savings accounts were emptied and you had to spend at least 10 days without any cash.
For those that are moving to HSBC, they’re planning on launching a new system that will mean you have to send and respond to many different SMS messages each time you use eBanking – what fun that will be when you’re on roaming tariff…
The card reader isn’t a perfect solution, but it does provide strong protection from phishing, MITM, account takeover, and piles of other crappy fraud types. It doesn’t make life easier in the short term, but if it’s not easier for you, it’s not easier for those trying to empty your account either. It’s stronger that RSA style key fobs as soon you’ll be able to enter transaction details and create a code unique to the transfer you’re making (sign button) and in the next 6 months or so it means you’ll be able to safely use your debit card online (it ISN’T safe at the moment, so I’d advise you not to do it!). And by next year you’ll be able to use it to authenticate yourself on the phone to your bank – so no more bloody stupid questions that anyone who knows you well could answer.
Am I missing anytbing here? I’m assuming with the Natwest card reader you can use one or the other? If so, why don’t the NatWest allow both forms of authentication with the preferred method being using the card reader?
As someone who works with computers and daily deals with security of them, I was intrested to hear about From Natwest saying that they were sending me a card reader.
What made it so intresting is that I had just being listening to a Podcast all about a simliar systerm which PayPal are staring to use in America.The Podcast go on to talk about the why double factor Authendication is now need on the internet.
The Podcast is a talk with Michael Vergara, PayPal’s Director of Account Protections, the interviwer is Steve Gibson an very well repected Independent Security Expert. to listen to it go to http://www.grc.com/sn/SN-103.htm.
I received the letter back in November, and thought it was a scam. I still have heard nothing about it, ‘most 3 months down the line, and I can’t add a payee or anything.
No answer from the bank whatsoever :/
I phoned to try and opt-out of this service and the staff member who I spoke with said (amongst other things obviously)that they “agree completely, you should be able to opt out” and “I can see how it could be impractical” and suggested I eMail to complain.
I complained, in writing, to RBS about being forced to use the card-reader and the lack of an opt-out option… after a week I got a letter from RBS that will be posted on my own website shortly, but in the meantime here are a few choice quotations showing the general grasp of the English language (or poor stock letter templates) that the RBS seem to have, adding insult to injury considering they didn’t answer any of the points raised in my eMail.
“…we at Royal Bank of Scotland are the first Banks within the UK to introduce…”
“…This is when you wish to create or amend and payment details….”
And last but not least
“I hope this resolves your query, however if you have any further questions please contact our Royal Bank of Scotland on Royal Bank of Scotland* and we will be happy to help”
Believe it or not the letter actually seemed to carry a real signature, so Richard Csizmazia obviously didnt read either my original eMail, or his own reply!!
My original complaint, and their reply is at
The “Enhance Security Helpdesk” really are dismal – can’t even get the name of their department right – missing a D i think (for Dunce perhaps?)
[…] my reservations regarding NatWest’s Card Reader, I wish to voice how impressed I was with their Anti-Fraud […]
Thank you for your blog! We got ours in the post today. What stuns me is the amount of packaging involved not to mention that the device wasnt made in the uk! So when Natwest ask us to offset our carbon footprint by donating the amount in monetry terms they are actually being hypocrites in the first degree.. what about the carbon footprint these devices have generated just in manufacture and being shipped to the UK?!
I welcome any security measures that will combat fraud, but this is distinct over kill and as I am slightly numerically dyslexic, this really is not going to help me at all.
Having just opened an account at NatWest, I was curious about this card reader, though I’m not sure if or when I’ll be getting one.
I will agree with most people it can be a pain to carry it around everywhere you go, and its a bit worrying if the card reader can be used by other people.
I like the HSBC system – you have a small device that generates a code. The good thing (?) is that the device is tied to only one account, so if its lost or stolen, its no good to anyone else. Plus its very portable, unlike the NW card reader. Right now only HSBC Business customers in the UK have to use these devices, but it will surely be applied to all customers.
I’m fairly neutral on this idea, except for the fact that I knew nothing about it until my dad phoned me today in Malaysia. The postman’s kids are going to love this when they get it, they can try all the cards that my dad tried to forward from the bank.
When he told me, my first response was “online banking card, isn’t that ironic?”, but he assures me it’s plastic.
RSA Key Fobs . . . !
Why oh why could they not use these? ….so much better, convenient and simpler for 2nd level authentication.
Nobody wants a piece of hardware this size to lug about – its just not convenient.
Could have at least made it dual purpose and added a calculator feature. Idiots. I was pretty much 100% happy with NW, but this is one swinging situation to the extreme other end.
Will switch to Lloyds I think, they use RSA key fobs I do believe…
Well I received my card reader the other day, put my card it in (MY ONLY CARD) and it said wrong card.
Very well done. Superb.
I am so depressed. I received my card reader today from Natwest. In an effort to find out some more information to supplement that already received I went and asked Mr. Google which is why I’m now here. Unfortunately, I’m too late to make comment. Nevertheless, after spending some time running though some of the comments made above I need to vent.
I have come to the conclusion that assembled here is one of the largest groups of moaning pessimists ever to grace a single blog. I have never seen as much inventive complaining before (e.g. “The online system for checking the numbers may be faulty”). Good grief people! Qu – What’s the difference between half empty and half full? Ans – Perspective.
What a bloody hassle! I’m glad someone else agrees.
I agree with everything you say…
and just one pointer, if your gunna write a blog and think through what to write, how and where….don’t use acronyms, they make you sound like an idiot
If you are going to attempt to give me advice on how to write I suggest that you learn the difference between “you’re” and “your”, that you don’t use non-words and that you learn how to use punctuation.
Wat a piece of shit this card reader system is. How could a street bank would introduce such process with out getting actual feedback from customer. Such a big waste on time, money and customer inconvenience. They could have done with so many other things to prevent online fraud instead of making an online/offline (card reader) combinations which very much itself nullifies the work online banking, convenient banking…shitH#$e
Guys we have to warn Natwest about loosing its business if they don;t take their customer into confidence while using any kind of new technologies. After all its we who make thewir salries acountand not theother way round…
The card reader negates the idea of having an online bank, what if someone steals your card reader!
This is such a stupid idea and their is noway to contact the bank and tell them this is a stupid idea!
Add another one who’s also pissed off about the card reader business. It now means I’ll have to carry my card and my card reader everywhere with me when I go overseas, putting both at risk for theft, in case I need to make a payment to somebody I didn’t know I would need to pay before I left (or whatever else requires it). And if I lose them when I’m in the back end of nowhere, how long is it going to take to get a replacement?
I have a South African Bank Account with internet banking. I receive an sms everytime I (or anybody) logs into my Internet account.
ONLY If I wish to make a one off payment or direct debit to any 3rd party I receive another sms with an short code which I need to enter into the website before proceeding (code only lasts for that session) I always have my moble with me no matter where in the world I am.
The logon security is pretty much the same between my SA account and Natwest which I feel is pretty good (3 separate pieces of info).
I dont welcome this device as it means taking it with me, and not to mention the extra time to actually use it even if its a few seconds.
Wonder if Natwest consulted with the customers on this, as I was not
Im all there with you, im abroad at the moment and for the next 6 months, and just tried to add in a new payee account to pay some money off a credit card of mine and Natwest is now saying i need a stupid card reader… i have never needed one before and i dont have one now. so im stuck abroad with no card reader, meaning the online banking from natwest is utterly useless…
as soon as i can get my money out of natwest, believe me, I will.
I’m no expert in this field so don’t slate me for what i say!
I’ve read the entire post and noticed that no-one has mentioned this…
Because it’s a card reader and that you have to enter your cards PIN into the reader for it to be checked against the card, this means that when you put your card in the reader the machine is reading your PIN off the card.
I assume that your PIN is encrypted on the chip on the card otherwise if anyone stole the card they could read your PIN straight off. So while it is encrypted on the chip on the card (with a Natwest specific encryption algorithm?) this reader is either A. decrypting the PIN using that algortihm to plain text, or B. encrypting what you type as your PIN on the keyboard to an encrypted PIN. As somehow this machine matches what you type on the keypad to the PIN stored on the chip on your card.
So i’m thinking that the Natwest encryption algorithm is on the computer chips inside this machine, otherwise how else can it match the plain text digits you type to the PIN on your card? So basically if someone removes the chip out of the machine and dumps the raw code they may be able to hack this if option A (above) is true, i.e. if the machine decrypts the PIN on your card then the hacker will probably be able to make this PIN display automatically on the screen when the card is inserted.
So if they go round stealing cards they can just use pop them in the reader to get the PIN too.
Maybe I’m reading too much into it, or maybe I’m wrong about the encrypting and decrypting of the PIN on the card and machine, but I thought it was worth discussing……..
What is stopping me from stealing someones card, attempting thier pin twice, then using my own card and entering my pin correctly, then trying the stolen cards pin twice again and repeating the process until i have the stolen cards pin number?
Or are the 3 attempts specifically for each individual card?
Just wanted to know out of curiosity, im not a thief, just annoyed about having to use this damn thing all the time.
NatWest just sent me a card reader to Guatemala, where I am based.
Trying to replace my Natwest Credit Card, though, appears next to impossible.
It’s the card which holds the pin counts. So swapping another card for the 3rd attempt makes no odds at all.
Although this debate has dried up a little it should be said that every bank will ultimately do this, sadly the general populus are too stupid or too trusting to safely use online banking services and whilst that is the case banks need to do all they can to protect themselves and their customers.
Those in the know will understand the factors of authentication and will be aware that simply having “something you know” will always leave you at the mercy of who else knows it, either via compromise (keylogging malware), deception (phishing) or simply having chosen bad passwords. Due to this inherent threat many companies be they web based or corporate hardware are introducing 2nd factor authentication “something you have” and yes this does make life a little more complicated and banking online a little less convenient but security and convenience seldom coexist.
I was pleased to see that RBSG only use the card reader authentication on high risk transactions rather than login and personaly welcome the enhanced security for a slight tradeoff in convenience.
Just wait until we hit 3rd factor “something you are” then things will get really interesting.!
As an RBSG employee involved in the implementation of this device across the group’s brands, I’d like to extend my gratitude for the endless LOL’s abounding in this blog and the responses. Thank you. It humours me to no end that of all the ridiculous and atrocious services and products NatWest have to offer, it’s the card reader that is causing so many of you to uproot and join another bank where you will undoubtedly be greeted with exactly the same crap.
I got this anal retentive thing aggggggges ago. This evening I need to urgently transfer my little bro some money. To add him to my list of individual Payees I need to use the reader. Where the hell is it? Ive not used it since I played with it 9months ago…… Misses hasn’t seen it either…. she says “I dont have one of them with my bank.” “You should leave Natwest are crap anyway.”
Yet another Irrate soon to be Ex Natwest Customer.
Ihave been with my branch of Nat West for 40 years,and online banking for 5 years.Today i go to make a single payment to a relative and i need a card reader.Have they sent me one NO.Idid not know they existed.On there website i ask how i can get one.Can they tell me No.Maybe i should change banks.
i agree, bloody useless and is not a practical security measure.. i ‘m not going to carry this thing around!
natwest will have to change their policy soon
Natwest online banking is CRAP. It’s the very worst online banking I have used and doesn’t have a candle to most other banks. It has limited options, provides limited information and should be put in the bin. I can only imagine you have not tried other banks offerings…
well my card stopped working in july 08 so i rang the help centre …. they tod me they had updated some of the cards and and new cards had been sent to me 3 weeks prior … well i had not recieved a new bank card so after they checked my address, they said they will send out another replacement card
Now today (sept 11th ) i wanted to set up a new payee but still not recieved a new card …. so rang them again i explained that the previous 2 cards had not arrived … the operator then enquired with her supervisor about it … she came back to me and said that she was sorry about me not recieving the new cards … but a batch of cards during july and august had gone missing from the company that distributes them …..
GREAT ….. obviously these cards are for enhanced security ……. NOT
Having moved abroad for a year as a student, I am shocked at Natwest’s decision to make it so difficult to transfer money… to myself. Not wanting to pay the 2.75% charge of withdrawing cash in Europe Ive tried transferring my loan to a Nationwide account (at least one bank is on our side when it comes to international cash withdrawals) to find that the only way of completing a SWIFT transfer… is to go into the nearest branch. This is a great idea considering this is currently 1700 miles away. The other option is this stupid card reader, which no doubt they will send to my home address, again… 1700 miles away.
Its the monkeys making these decisions that are gambling billions on corporate ventures that cannot be paid back, and then giving us the bill as the taxpayer for their increasingly inherent gambling addictions. Bye bye economy. Stupid.
Whether this is good because of extra security or bad because of inconvenience., the fact is we have been kept in the dark about this with little or no prior warning. I tried to set up a new payee today and had no idea of this new system and am fuming. Whos going to pay the late payment charges now! Natwest will not be getting my bussiness anymore and i advise you all to do the same.
I work for a bank!
Believe it or not! Its going to be compulsary just like chip and pin!
Some stupid idea that is pointless and will have a tiny effect is going to be nessasary!
Who ever said that “online banking is priviledge” needs to immediately report to a local mental health practioner….
I didn’t know about this Card Reader. Wasn’t informed by Natwest, wasn’t sent a reader, just had my access to my internet banking limited one day for no aparent reason….so obviously I called them and was told I need a reader! What the heckis a reader and what does it do?? For the answer I had to search the internet and found this website!! I am only 33 years old and didn’t think current technology had passed me by!! Why was I not told about this and why was I not sent one? I have 2 accounts with Natwest and I received nothing! I have had nothing but problems with Natwest since I first opened my account years ago – they are rubbish!
richard kimber 2008-07-12, 15:17
Ihave been with my branch of Nat West for 40 years,and online banking for 5 years.Today i go to make a single payment to a relative and i need a card reader.Have they sent me one NO.Idid not know they existed.On there website i ask how i can get one.Can they tell me No.Maybe i should change banks.
Well, richard, I have been using NatWest for 30 years and I first used online banking at least 10 years ago. NatWest’s online banking is, imo, pretty good.
So, you cannot find how to order a card reader?
It seemed quite easy to me:
Logon to NatWest online and, under something like ‘Services’, there it is: Order Card Reader.
However, I agree with above comments regarding overuse of plastics, etc.
I ordered mine. When it arrived it wouldn’t accept the debit card. I rang up to be told that was because the card was old and had been renewed on 4/11. Guess what, no new card – no use.
Stupid idea. I set my internet banking so i could manage my account while i am traveling. So my natwest debit card won’t work here in Malaysia and when i try to transfer money to my other bank account i’m told to order a card machine. How fast do you recon they can delver to Malaysia?
when i travel abroad, i dont take all my cards.. what would be the point in risking losing them. if u just keep one u can transfer money around with online banking… not anymore. if all banks do this ill have to carry all the cards. and maybe multiple card-readers if they arnt intercompatible. and the ginius who said “chips on a card are micro-computers” needs shooting. they’re just storage devices which act like RAM. they themselves do nothing.
oh and its obvious why they dont want everyone having more than one of these things… ppl cant modify a device they need, but if they have two they can afford to crack one open and mess with the software.
AND IM NOT BEIN FUNNY but why dont these things have a calculator!!! seems like an obvious move.
Why I will definetely leave my bank (NatWest)
A slightly different story.
I´m travelling at the moment and will be away for the next few months. The last thing you want in this case is of course for your card to be cancelled but sh… happens and mine was. Not by any fault of mine – apparently my card was suspected to be potentially cloned and so it hyad to be cancelled. Good on them for being vigilant. The problem is this happened in January and after a couple of weeks of talking to various – incompetent as it turnes out – people in NW and having spent a fortune on phone calls Í´m not much closer to knowing when and whether my card will be replaced and what to do to have my account unblocked. OK, my fault for not being contactable but since I found out what happened and tried to solve the problems I´ve been eternally put on hold and spoke to an army of NatWest employees who gave me contradictory and false information. The level of incompetence of those people is appalling and unparalleled!! Does anyone know if I can sue them for phone call costs and distress? I´m in South America now and without cash. No one accepts credit cards here. If it wasn´t for my friends I would have to cancel my around the world ticket half way through the journey and go home to sort my banking problems. Needles to say I haven´t heard a single´Í´m sorry´from anyone.
[…] Unconnected Chip-n-PIN readers are being deployed by UK banks to generate OTP (one-time passwords) for secure access to online banking. The simplicity of devices make them secure. They are not connected, therefore are less prone to being attacked by malware. However an additional device to carry around when you travel (or otherwise) is not terribly convenient. […]
I’m also having problems with Natwest!!! I am currently in Pittsburgh for three months and am now without access to my money.
Before I left for Pittsburgh I went into my local Natwest branch to tell them that I’d be in Pittsburgh so that they didn’t block my card thinking that it was stolen etc and I also told themm that I planned to use an HSBC credit card abroad and that I’d need to transfer the money to HSBC as and when I needed it! They told me I could do it using online banking….great!!! But they failed to tell me that I’d have to take the stupid little card reader with me to enable me to set up the transfers!
I have been on the phone to Natwest several times since I found out that I needed the reader (when trying to transfer money online)…..today they have exceeded themselves and told me that they would send me a new reader…fantastic I thought…until I was told that they’ll only send it to the address associated with my account…….how is that any good…I’M NOT THERE!!!!!!!!!!!! or they’d send it to my branch, but I would have to phone them and asked them to mail it to me…..why can’t Natwest just send it straight to me and save themselves one lot of postage!?!?!?!?! idiots!!!!
dont’t you just love this farce of a gadjet.
I have recently come to spain for a holiday with my wife at my parents. After speaking to a Natwest advisor (before I left),I was informed that my wife and I only needed to take one card reader with us as it would work for both cards.
2 weeks into our break we needed to transfer some money from her account into my own. After being locked out I rang technical,who unlocked the card and told me to try again,I got locked out as before.
I was then advised to order a replacement card reader as this would reset the system,and use the reader the next morning.
Suprise suprise …same thing,so i rang again.
Then I was told to call telephone banking as this could be done there.After a lengthy conversation explaining the situation the advisor (telephone banking)said we cannot transfer monies because the card reader was not enabled for my wifes card,a point I had just spent a day and an evening explaining.
I was then advised it must be a card fault(although it reads her pin perfectly) and to order a new one ,which would be posted to her account address… in England!!
As we are here for a further 6 weeks I intend to take a daytrip to Gibraltar,set this all up, send Sadwest the costs..and then change banks when back home.
Left hand seems not to know what right had is doing with this stupid system.
I’ve had nothing but, excuse the french, crap with Natwest. I’ve never had such a hard time online banking.
When I setup my account I remebered to record and write down both my PIN and banking password, and logged in successfully. This week I tried to login, and it would not accept my info.
I tried to reset my details , but again it said they could not verify the details I’d entered.
Ringing them up I was passed from line to line, and eventually told that new details had to be sent in the post. Bearing in mind it was urgent I needed to see a statement – but as I’d agreed to receive paperless statements, I was pretty screwed.
Such a hard process – and really can’t see how the card reader will make things any better…
had mine from smile and now looking for another bank, I valued on-line transactions but spend time abroad and they won’t say whether the piece of rubbish will work or not, to those who say ‘why fuss’, because I’ll be landed with lots of late payment fees when i get back, that’s why. the tin lid is having to use it to pay my smile creditcard off from, err, my smile current account, but not having to use it when tranferring E5,000 to my agent abroad. Durr.
Absolutely rubbish, the guy who invented this should be strangled!
Natwest could have invested all the money they spent on these stupid card readers to upgrade their security software for safer banking OR they could have made the card reader as thin as the card so it can easily be carried with the card..
Coop Smile (a previously excellent internet bank) have just introduced the card reader. I won’t repeat other people’s comments on this asinine system. Does anybody know which internet banks are NOT introducing them so I can move my accounts?
I wasn’t smiling when Smile sent me this thing. Both cards show “Wrong Card” when I came to use it. A quick phone call to Smile’s helpdesk reveals that it will not work with either of my accounts and that there are new cards to be sent.
I am not going to argue pro/con this system (yet), but they could have at least made a point of telling me (perhaps via a secure message?) about the new cards etc.
Oh and regarding the battery (see comments above). On the smile one a paperclip can be used to release the battery drawer and change it over, so hopefully the banks will not be posting out replacements.
Get a grip people…
You have to type in a code when you make payments – its not the end of the world.
I’m personally annoyed I have to use a pin number with my card. It would be far more convenient just to put it in the machine then take it out again. Why won’t the banks let me do this? It’s so unfair…
I have had an account with The Westminster Bank Limited since 1963 – it was pretty good then – free tea with the manager while I waited – and have sadly witnessed the whole banking process go into steady customer service decline. To day I found out about the card reader by accident, and having read all your comments, I am not very enchanted with prospect of having to use this thing, especially since I now live 8000 miles from my branch. Thinks! Why not make the card the size of a MultiMeaderCard, then my PC can read it? Hmm Perhaps not, since I regulary have to fend off hackers – yes,its not the Bank’s security that’s the problem – its the Customer’s.
I HATE THIS F*****G PIECE OF S**T!!!!
To anyone that THINKS this is a good idea, they have obviously not had it inflicted on them. Let me talk you through the piece of s**t.
1: I need to pay some money to someone (ta dah online banking, simple bank transfer……)
2: I try to transfer money on the online banking but it wont let me, says i need to set up a new payee. So after messing about I phone up the help line “you need a card reader”.. What the f**l for, im not a shop, i dont need to swipe cards etc what are they on about. Well, for a s**t idea they tell me they have to send me a card reader in order to be able o add a new payee into my account to be able to transfer money to that payee. Great, so i need to wait for the thing to arrive, why don’t they give you this and tell you about it when you join up.
3: piece of s**t arrives, packed like a cheap budget calculator from a bubblegum machine.
4: I follow instructions and cannot believe what a f******g piece of sh*t it is. Let me talk you through the process, this is not exaggerated and is actualy clearer then the on screen instructions. How they have made it so long winded is a total joke. So here is the
details of what you need to do:
* Stick card in card reader.
* press respond
* Enter card pin number
* press ok
* enter the 10 digit or so code numbers displayed on the online banking page into the card reader
* a new 8 digit code is displayed on the reader.
* enter 8 digit code into the web page
You now have a payee added.
Now select to pay payee
* Stick card in reader, press ok/respond whatever
* enter pin number
* Enter code displayed on the screen into card reader
* 8 digit code is then displayed on reader, type this code into the web page.
YOU CAN NOW MAKE A PAYMENT!
I HAVE NEVER SEEN ANYTHING AS F*****G STUPIDLY DESIGNED AS THIS.
I HATE IT!!!!!!
Are you meant to carry this piece of cheap cr*p around with you.
ARRRRRRRRRRRGGGGGGGG!!!!!! thank god i find this page and allow me to vent the truth.
If you think this card reader is a good idea you are a f*****g idiot.
Im with LEO – does any bank NOT HAVE these card readers cos Im moving from smile, I have the fecking things.
It is there for our protection. To those who still live in the dark ages and find it too much trouble to protect your wealth by punching in a few numbers, then maybe you ought to go back to the old method of posting your cash in a plain brown envelope?
I don’t understand why people are so upset. This is for your protection. Now, even if you and your grandmother screw up the security of your computer (and have all sorts of keyloggers and software exploits installed), your bank data is safe. The password changes every single time, so just hacking a computer does not work for logging into your account.
Every bank in Switzerland uses this system. I have never seen any reports of money being stolen or transferred without the account owners information.
Also, if the bank determines that your login and password was correctly used for stealing your money, they can deny all wrongdoing, because they did not compromise account security; you did.
If you don’t believe me, look for reports of money being stolen from small business accounts using exactly these techniques. And also, how banks can say that it is not their fault as the online credentials used for the transaction were correct.
my issue is i got a natwest student bank account, and going to uni i have moved house, as you do. now i ordered the card reader, to my new address, in halls, along with my free railcard. waited… waited a bit more. a couple of months went by so i requested new ones, making sure they were being sent to my term time address.
i waited.. and waited. and even though i specifically stated the new adress and online you actually have to type in the postal adress i have still not recieved them, after 5 months. so i rang up again and they said the card reader wouldve been sent to my old address, so i have to go to the bank to change it.
so today i went into the bank and they said i couldnt change my address without a passport or drivers licence with the new address on it. who changes their passport or drivers licence address to live in halls for one year then have to change it again?! so now without spending £80 on a passport or sending my whole driving licence off to get changed i cant do any online banking.
i officially hate natwest and think they should die. im switching banks asap and i shall never have any dealings with them ever again.
You’re talkin’ rubbish. The card reader is for your convenience, for you to use at home; you wouldn’t require more than one or to take it anywhere with you.
Do shops share one machine between all shops? So, nothing will change. What a waste of blog space LOL
I really see no problem with it. All it’s doing is making sure the person trying to make the payment online is the card holder and knows the PIN for the debit card. Therefore a hacker or fraudlent user who has obtained login details through phishing of malicous coding can not pay funds from the hijacked because they don’t have the card and even if they did they wouldn’t know the card PIN unless this had been disclosed by the account holder.
I think the card reader provides a perfect solution that can be implemented by the majority without limiting accessability.
There is no limit to the amount of card readers you can order with most banks, so you can have one at the office too. Also is carrying this device around an inconvience? I don’t think so, would you rather carry around a mobile phone and ring your bank, waste your credit and more than likely not be able to make a faster payment.
The card reader is in no way linked to your account or card, hopefully as this technology becomes the norm and cheques are finally gone it will be common to see card readers present around public computers.
The simple fact is the system reduces fraud at little inconvience to the account holder, I don’t know about you but I like my money.
The card reader is defeating the purpose of internet banking! This is an unnecessary and pedantic security measure which was probably sold into the banks by the OEM of the devices. It is most certainly NOT an Industry standard
I have been using Internet Banking for 10 years now, never have I come across a more silly security measure that takes no consideration of what users want. Designing websites is all about usability, currently, if I leave don’t have the card reader the site is not usable…. simple as that!
The banks should take into consideration the posts on this topic (dating back to 15 June 2007 – almost 3 years now!!!!) and make the necessary arrangements.
My bank account has MY Money in it… If I choose to waiver using the card reader, I should be able to… if not,… simple… I move banks…..
Internet banking is NOT a privilege as some posts claim (probably written by someone at the bank – Steve 2007-10-3, 09:26) it is a standard.
To me, the banks offering the best level of service (and I don’t expect much as all my interaction is online) will get my business… I think this attitude of Banks thinking that they are doing us a favour is absolute poppycock…. especially in light of the recent event….
Bankers… get off your high horse…. stop trying to justify your ludicrous bonuses and start listening to your customers, otherwise they will not be your customers anymore and then when all the customers are gone…. no more bonuses….
And just so that I am clear here, this is not a whinge at Bankers Bonuses, a simple statement that without customers, there is no bank therefore Banks should listen to what their customers are saying… If I choose to waiver my use (and possible insurance coverage) of my card reader.. then this is my problem if my account gets hacked…
At the moment, however, If I have to continue using this stupid device, then I will decide to take my money elsewhere… simple…
so lets talk solutions….
1. I log into my bank account.
2. This action triggers a OTP (One Time Pin) to be sent to my mobile via text and/or pre-defined e-mail address.
3. If I need to enter the higher security areas of my online bank account (change details, transfer funds) then I need to use this PIN which is only valid for my current session….
Yay! Online banking is now usable (and mobile) again!
If anyone from the banks would like to hire me as a consultant, please feel free to contact the blog owner for my details….
This Card reader makes it so difficult to carry out any management of MY BANK ACCOUNT by eMail that I must seriously consider removing my account to another Bank.
This Bank already has some accounts with me so it would be a simple matter to transfer MY MONEY across.
Having been in Nat west online since it started I was somwhat peeved when I could not move my money to another bank without this reader. Then to be told I would have to wait probably 15 days to get one and that it would not be delivered using even recorded mail but only the very unreliable Royal Mail.
Maybe Nat west should look at what Lloyds TSB use.
Just to clarify misconceptions abounding, the chip DOES have a processor, it’s not just “RAM”, so your card’s chip actually verifies the PIN sent to it by the card reader (and locks itself if you get it wrong too many times).
(The downside case made by security professionals is that violent criminals could use the card reader to ‘interrogate’ someone in a closed room to get and verify their PIN rather than in the past having to march them to a cashpoint where they could in principle get away.
There was a case not long ago where two people were found dead in a room having been tortured to get their card details.)
Yes they are an added inconvenience, especially if setting up and paying a new payee. Actually if it’s a family member, I always make a 1p payment straight after setting it up so I don’t need the card reader to make any subsequent payments.
The other pain is due to a long-standing problem with Natwest online banking, namely that you can’t have two payees with the same account number and sortcode – obviously different payee references.
So *every time* I want to pay WAGES or EXPENSES from the business account, I have to use the card reader to change payee details, rather than just having two payees with differing references.
Sorry, but I have to say this. Get real and as they say “smell the roses”.
Internet fraud is huge, and your bank account is a prime target. The old text-only based system was a prime target – for example a keylogger trojan on your pc could easily trap your details over the course of a few transactions. Yes, switching the entry sequence of those credentials helps, but really…. who will be crying first when you are cleaned out?
I’ve lived in Amsterdam for 9 years (but also had my Nat West account for 20) and since the start I’ve had a card reader from ABN AMRO. Most European banks would not dream of offering a service without such a device.
Having the reader is simply no problem. I’ll bank from work or home, I generally know I’ll be making payments and have it with me. I don’t bank from cafes! If really needed you can get a second reader from Natwest.
This is the real world and the UK is finally catching up. It’s taken way too long in coming.
A OTP via SMS is an excellent idea (I work in that area) but it has the downside that there’s a transaction cost every time (the cost of the SMS) and I’m sure the complaints would be even louder if you had to pay per transaction.
What would make sense would be an optional “send me a PIN” if you don’t have the card reader to-hand and really (really) need to make an unusual transaction.
Well done Nat West.
wait until you lose your card abroad—no card -you cannot transfer money etc–you have to wait for a new card. Cannot even get funds until card arrives etc
Some really thick folks out there.
This is not to be carried around, its for home use with your online banking account.
I had mine shoved in drawer for a couple of years, was setting up an auto payment and cancelling a Standing order online and required the use of card reader, dug it out ripped the battery tag out shoved card in and followed online instructions. Easy and more secure. Popped back in box and in drawer again.
Its not a big issue like some people make out.
We are with LloydsTSB and were only told about the change over to using Card Readers to access our Business Account about 3 months ago and have had the reader for 2 months.
We now have 2 readers as we need to access the account at home, work and 2 other locations (not counting if we’re out somewhere and need to check the account).
It’s locked our account at least 6 times so we couldn’t access it until contacting Customer Services.
Every time I contact them I make a complaint about the stupid card reader.
We can’t access the account without it, we can’t make payments without it, we can’t pay staff without it and we have to input all the data in to the reader each time for every payment we make. It’s a complete pain in the backside and makes using Internet Banking a lot longer than it used to.
AND as it’s a partnership there are two of us that need to access the account but they’ve only registered my card, so if I’m out with the card my partner can’t access the account (yes we’ve sent the forms to register his card but we haven’t heard anything back yet).
So for us yes it is a big issue.
I agree with everyone who is complaining about these readers for 2 major reasons.
1) It’s MY account, MY money, I am the customer, they are the supplier, they have no right to force anything on me that I did not sign up to.
2) As part of my role, I work with fraud and authentication and the existing measures are more than adequate if you have a reasonable password, so this is total rubbish and unnecessary and I WILL be closing my account with Lloyds TSB as they have locked me out of my business account as of today!!!!!!!!!!!!!!!!!!!!!!!!!!
I lost my card as soon as I moved to a foreign country… I can’t transfer funds to another of my accounts or to a friend’s as I need a card reader… Which I have!!! …but no card to put in it 🙁 stupid thing. Oh and posting things to Russia is both very dubious and very timely!
i always think that fraud like charity starts at home.
so what happens if the girl that you love so much wants more money.
after the card reader has been used a bit u can probably see what the 4 pin numbers are but i am sure an imaginative female could put something on the keys that would rub off quickly to speed up the process. now she only need to know what order the keys fall in there are 4 x 3 x 2 x 1 = 24 possibilities. all she has to do is list the possibilities putting the most likely ones first then try the first one then wait until u successfully log in then try another and so on. obviously it takes time. then she can use his card to draw money out and run off with her lover.
obviously it would be difficult to transfer money to another account because that would traceable which is the biggest reason internet banking is safe.
so i think card readers create yet another way of getting a card pin (could be why they were introduced) but do nothing to improve internet security.
i am sure all fraudsters would see this instantly.
For heavens sake read the site’s information. I have been using Natwest’s online banking for years. I have a card reader – I do not take it out of the house and I can access my bank accounts (all five of them ) without it. You only need it for certain actions for – instance to set up a new payee. I can transfer money between accounts, pay bills and make payments to other people’s accounts without the use of the card reader. When I need to add a new payee I use the card reader. I can only talk about Natwest of course – but surely it’s not the end of the world to carry the reader in your briefcase/handbag/car!!! Alternatively why don’t you all transfer to Natwest!!!!
And dave – I think you need a new girlfriend!
Right, so today i lost 8k out of my account… the funny thing is, I was asked to use my card reader when logging onto natwest (checked website and security down bottom) However this apparently was a hack in natwests website, and in using my card reader to log in gave them full access to my account. Had I not ordered a card reader they would NEVER had been able to steal from me.
The sooner these go the better!
Phone banking is the way forward untill they sort their website secuirty out.
Card readers are a big time PITA. I thought Computer Banking was supposed to make life more convenient, not add to the hassle. I wonder what the differential £ benefit has been in terms of fraud prevented per bank account, especially with all these card readers littering desks all around the Country. Not that we will ever know about the cost I guess ?
oh my goodness I’m glad that someone else finds this system ridiculous!!
I am only 18 and I’ve just started up my online account because I needed to transfer some money to a friend who I owe for a holiday I’m going on next week and I just don’t know what to do! It says I need to order one but how long is that going to take, I leave on tuesday!
Surely there are better ways to make online banking more secure?
does anyone know which uk banks or building societies do not force card readers upon their customers?
i’ve just got locked out of my hsbc again! and they want me to wait until tomorrow morning to call them. (yes, at my expense and time).
There are no security advantages to chip and pin.. just do a bit of research (start with university of cambridge bank security in google).
The Card reader system is ridiculous. Having done all our banking online we now have to make a lot of phone calls.
The Lloyds TSB system is definitely more convenient. It uses double passwords and landline and mobile phone OTP authorisation for new payees.
Does NatWest have less fraud than Lloyds TSB because of the card reader? Well perhaps it does as if other companies are like ours they are phoning in to make a lot of their payments and there are less online payments.
Lloyds doesn’t use SMS for security as far as I know (though there are SMS services including notification whenever your debit card is used abroad), but I don’t think the cost of SMS should be a deterrent. It’s very cheap if bought in the sort of bulk these companies would.
One of our foreign accounts not only does OTP via SMS and other security measures (which aren’t as inconvenient as the NatWest card reader), you can even set it to send an email or SMS in either English or local language to the recipient to notify them a payment has been made to them. And that’s in a developing country.
Most (if not all) that you’ve stated above is utter rubbish, You do not have to use the card reader to sign into Your Natwest Online Banking. At this time all you really need the card reader for is to add a new person to your payee list (money transfer.)
I can’t believe that anyone would complain about being given FREE extra security that could save a lot of hassle for many people.
As for your other issue, It seems your just trying to pick at any old fault, chuck it in the recycling and get over it.
If your honestly thinking about moving banks over this pathetic issue then you obviously have way to much time on your hands, perhaps select a bank based on interest rates ect?
Dave your issue with this is just crazy, please consult your GP.
I also am annoyed by Smile insisting on me using a card reader which they sent me; but it’s not for a new standing order or new payee, it’s to correct an error they have with their Council Tax listings against one of mine!
I tried to explain I have already logged on using 4 levels of security and each time there is a random sequence and different answers.
I am amazed at some of the comments in here about the card reader only being for home use. This means you are no longer able to be mobile when doing on-line banking, you can only do it from home. I do most of my online stuff during the day at work, and I have used libraries or cafes, and then I spend the evening with my family, not doing banking.
A card reader is another device to go wrong or to lose. I have a poor record with external devices anyway. I suggested the idea of sending a passcode to my registered mobile phone but the bank’s computer said ‘No’. I use this successfully on other services (although I have drowned several phones too!)
I’m not convinced they offer anything better.
Interestingly First Direct told me they are not using card readers, yet are part of NatWest. If this is true I will be transferring.
Just give me the chance to opt out!
I use my iPhone to do alot of banking business while on the move – nowadays a lot of people don’t just access their bank “sitting at home”. This is the 21st century, apparently. So I would now have to carry this stupid piece of plastic around with me wherever I go? I have had an account for over 10 years and there’s never been a problem with security.
If you’re dumb enough to let your details slip then that’s your problem and if you lose some money because of it then maybe next time you’ll be more careful! I don’t see why the rest of us have to carry this junk just to make up for the ones who can’t keep a PIN secret. It would be fine if this was an opt-in service then all the grannies could have one to help them feel safer while the rest of us could carry on like we always have.
Incidentally, it seems the majority of bank security issues stem from them sending things to the wrong address not from people mis-using their accounts!
Adam your talking rubbish.
Why complain about using something that prevents fraud. If you refuse to use one they should refuse to pay you out.
SMS Pin, how stupid is that, mobile phones are the most common thing lost or stolen in the uk. So now instead of losing your phone, you lose your cash too. mental.
long live card readers.
I see no problem EXCEPT that of some criminal in your house threatening you and being able to tell instantly if you have disclosed the correct pin or not. Otherwise the card reader should be very useful in hightening security.
I have twice had a card cloned and had no problems sorting this out with the Banks.
In the scenario outlined above, I suppose the answer is to disclose the pin to avoid injury, phone the police and bank immediately they have gone and then claim on your domestic insurance for the theft. Problem solved.
@Adam: FAIL. It’s says quite clearly on nwolb.com that you must not use the card reader to login. And don’t use unsecure programs like internet explorer.
Card readers are the worst idea ever! I’m in Vietnam and nationwide have decided to send me a card reader to my house even though I informed them I was away now I am stuck with limited money and spending. Ost of my day hunting for a card reader, and it seems Vietnam are not using them nationally yet. If I could change from nationwide whilst being away I would.
I could not agree more! Nationwide have recently introduced them. What can we do about it? Bank users unite against this absurdity. (their webteam is not capable of dealing with the added pressure, constant, ‘we’re having technical difficulties’ messages, finding online banking impossible at the moment) where can we move? ?
My problem is that they assume we’re all retarded enough to let our details get compromised. This should be opt-in. For all the apparently happy ‘I keep mine in a drawer’ commenters here, this is my problem…
I’m in Australia at the moment, and my card was swallowed by a cash machine. I have a second account with a card, but no money in it. I can’t transfer money into the account with the card because, whilst I have the reasonably portable card reader, I don’t have the card to put in it.
My issue is therefore that you shouldn’t need a physical piece of hardware to access your online account. It defeats the object and convenience of the ‘service’. And to all those who don’t have a problem with it – chances are that you will do at some point in the future.
Just moved my bank to Natwest after having a nightmare with the Clydesdale bank getting a replacement card when mine was retained by a bank machine… At least I could still use online banking. So when my NatWest card gets retained I won’t even be able to use online banking. Wonderful. I travel a lot for work and this could leave me in real difficulty or making expensive phone calls if my debit card is lost or stolen or even damaged. Well done NatWest for having even worse service than the awful Clydesdale.
Glad to see I am not alone in thinking this an “anti-service”.
Fraud prevention rules are a pain in general. In the last 12 years with Natwest I have had a “fraud prevention call” from them about 6 times per year. Never a fraud issue though. Far too many “false positives”. Apart from raising my blood pressure, it has often been personally embarrassing as people expecting to receive “my money” have experienced delays until the “fraud prevention” process has finished. The cost of providing this “anti-service” is increasing my banking costs twice: a) my time wasted b) my banking fees higher because they employ call centre people to waste my time.
The Card Reader is pinacle of it all. Have to remember, in advance, to cart it around, it runs out of battery…and the worst part: even when you use it, they still call you afterwards and ask time wasting questions..so what was the security benefit of wasting time with the Card Reader? Apparently nothing, since they still want to talk to me before letting me transact with my money.
Perhaps Lloyds has found a better way. According to earlier posts, Lloyds had card readers too, but more recent posts seem to refer to they telephone authentication mechanism. The video on their site shows it and looks MUCH better than car reader madness:
Lets all move to Lloyds (or other banks with decent alternatives) to show Natwest et al that they need to listen.
What are you lot going on about, getting all wound up over something that doesn’t pose a problem? If you look at the bottom of your log-in page on internet banking (you know, the one that doesn’t require the card reader?) it states quite clearly that Natwest does not ask you for card reader details and that you DO NOT NEED YOUR CARD READER TO LOG IN. Either I’m using the wrong Natwest Bank or you lot are worrying over nothing! I’ll hit the caps lock again here- IT SAYS ON THE BOTTOM OF YOUR LOG-IN SCREEN YOU DO NOT NEED YOUR CARD READER TO LOG IN TO ONLINE BANKING. If you’ve read it you’ve just logged in without your card reader. Mind you it’s given me a few giggles reading all the posts!
Did it occur to you to check the date of this post?
Yes I did see the post date but there are lots of comments right up till recently, all about the same thing so i thought i’d get my twopenneth in!
i close my savings bank accounts after one year when the bonus interest rate runs out, how on earth do I destroy old card readers
Why would you need to?
They work for anybody, and various bank accounts, so there’s no privacy/security concern.
You could always give it back to the bank.
Hi all, I see the comments are still active so hopefully someone can help me out. Does anyone know of a bank that hasn’t rolled out one of these ridiculous devices yet? I moved to HSBC when that Natwest card reader came out, but they have an equally annoying one now too. I’ve checked Barclays and Nationwide but they have similar devices. Why on earth have they all given us these things when theyre such a pain in the arse?
Thanks in advance
There are two reasons, it reduces fraud (saving them money), and it might even be a selling point (more customers = more money).
I have an RBS account and have one of these infuriating contraptions. It’s lived in a drawer of my desk because I refuse to use it for stupid things like updating my contact number. REALLY!?
Most of the transactions I need to do I now do on my Mobile Banking app on my phone as it doesn’t require me to use the reader for something that would take me seconds instead of the many minutes it does using the card reader.
Ironically when it is me using MY card to pay for things without the need for the card reader I end up having to go through the fraud team to unblock my account. They won’t tell me what triggers it either.
Time to say Goodbye to RBS I think. (Part of the Natwest group).
the card reader would be a good thing if it worked had two and as yet nothing has worked go back to cash ?
I found one of these at a rubbish dump. Haven’t a clue what is is used for even after reading this?
What they also don’t tell you (and I have just found out to my absolute disgust) is that to transfer MY money from my E-ISA to a non-Natwest account I need a “dummy” card for the reader which was NOT referred to on application, nor was one sent to me.
You have to request one and this and can take up to 5 days to arrive!
Absolutely useless when I need the money tomorrow
This thread is going since 2007, and sadly NW have not changed their approach in the 8 years that have passed since. Same plastic-s**t, which always fails to function after some time regardless if one puts in new batteries. Consumed multiple of these. Surely there are better ways to deal with authentication than this? MFA, smartphone apps etc…..
Well I’ve had the same one since 2007 and it’s still working. Also I bothered to read the letter I received in 2007 which clearly stated I only needed it to setup new payees. I love that as it stops fraudsters from paying themselves from my account.
[…] My last post on the subject (a fraction over 10 years ago!) garnered a lot of comments for what was essentially just a rant, and it turned out to be somewhat unfounded and sensationalistic. […]
Apart from all the other voiced complaints, changing batteries on the cardreader is near impossible as the metal clips holding the batteries break off when just touching them, and are impossible to put back. So a new cardreader is the only option!
Very bad piece piece of equipment!
Sorry but the physical card reader is a dumb half baked idea. If the purpose is to physically prove that you are geniune, then there are far better ways to do this. You could have two factor authentication to your phone (via Natwest App). For example, You initiate a transfer, then you will get a pop up on your phone to permit the transfer. It’s not rocket science and it proves identity. Carrying around a piece crap plastic is not the way to go. We already carry a piece of plastic everywhere we go anyway, its called a mobile phone. Or Alternatively, turn the e-reader into a natwest app, not a piece of plastic. Don’t any of you muppets tell me that it cannot be done or it is not as secure.
The muppets on here that say it is fine and its not a problem are muppets living in the past like RBS group.
My dad has been sent two of these. One arrived yesterday, then later we had a phone call ostensibly from Sky, saying we’d overplayed on our TalkTalk account and they wanted him to use the reader to identify himself to them to receive a refund. I flatly refused, as we didn’t know if it was a scam or not. I contacted Sky who said they would never deal like this, they had nothing to do with TalkTalk and moreover that no-one had contacted our telephone number at all that day. An obvious scam!
Now we’ve received a second one, from NatWest. In the letter with it they say that you need to order one (he didn’t) and it’s useful for banking on-line (he doesn’t) so what are we supposed do about it now? Was the first reader a scam? Is the second one genuine, and if so why did they send it without warning or request? No wonder people get scammed when things are so confusing.
Examples of banks that don’t required physical card readers: Starling and Monzo.
And presumably any other challenger bank.