Nationwide BS - card readers for internet banking

I think we're going to be seeing more of this kind of additional security from all banks, not less. I have a dongle from HSBC which I have to use every time I log into my account, and again when making certain types of online transactions.

Chris

Is this a hardware dongle, that you fit into to your serial port?

Cheers Dave F.

No, its a small standalone device that generates a six-digit number which you key into the web page to login. By the way, I should perhaps have mentioned that this is not a UK-based account. I'm not sure if HSBC issue these devices in the UK yet.

I had to use cheques or ATMs to make bill payments for a while as the card it requested I stick into the gadget was not the one I had. After a few weeks of correspondence via secure messaging I was told I needed to use a card that was sent in March and apparently lost in the post. A new one was sent. I was surprised that the system was expecting me to use the new card before it had been activated. When the new card arrived I discovered why. There was no activation process, no number to ring etc. It was sent in the post live and ready to be used.

I am now deciding how to approach this month's bills, and if I should keep the new card just for online banking and use the old one for normal purchases.

I've seen three - BOS : always on number generator Nationwide: strange card reader thing (like a wierd calculator)- not used this yet though HBSC: generates number on demand so is switched off mostly.

None of them fit on the PC - But to keep them safe you need to lock them up.

It looks like a RSA SecurId. These have been widely used by IT departments for years to add security to remote logins to their system.

I'm told Bank Of Scotland also use them for accounts. It seems like a sensible solutuion to me as it does offer good protect against viruses as well as traditionally revealed passwords.

I don't think you should call it a dongle as it does not connect to the computer.

Perhaps you know this, it's been mentioned here before, but for anybody who missed it a problem with the new card reader compliant cards is that if you are mugged for your PIN on a dark street your claimed PIN can be checked there and then on (any) bank's card reader.

Jim A

In message , Chris Blunt wrote

I received a letter from the Royal Bank of Scotland on Friday - they will be sending me a card reader for my digital banking.

I got mine about a week ago. You don't need to use it if all you're doing is checking balances or moving money between your accounts.

I think you don't even need to use it when making bill payments where a payee has already been set up. You only need to use it when adding a new payee.

That goes for most things!

But, AIUI, the consequence of using the Nationwide card reader would just be inconvenience. I don't think it stores anything about your account - it simply uses a built-in algorithm to calculate a security code based on the information which it reads from your card. So your next door neighbour's reader would do just as well - but *don't* lose your card!

AIUI, the devices (I won't refer to them as a dongles any more) used by HSBC contain a unique "seed" which is associated with your internet banking account at the time they issue the device to you. Only the device they issue you with will work with your account, On the other hand, the Nationwide devices are all identical, but require you to swipe your ATM card, which effectively acts as the "seed".

The disadvantage of the HSBC system is that if you have accounts at several branches you will end up with a separate device for each one (I have three). You then need to remember which device to use with which branch and carry all of them around with you when you travel if you want to access all your accounts. HSBC don't seem to be coordinated enough to allow you to use the same device with all the branches at which you hold accounts with them.

Chris

Barclays did the same thing with their PINSentry a few months ago ... I moved banks, shame as that asside I was actually very happy with Barclays.

I've got no objection to banks imposing some extra security on us when we try and make a RISKY/NEW transactions, but requiring us to use it for mundane transfers between my own accounts or to well known 3rd parties with whom I already have an established relationship is silly.

Just spotted the deliberate mistake! I was trying to say "the consequence of

You suffer because Nationwide ddon't know that you're too sensible to be phished; they can't tell the difference between you and Mr Numptie down the road who's distinctly lacking in the necessary clue. The banks are merely responding to public and media pressure to take more responsibility for preventing their customers from being defrauded; the fact that they can only do this by making their systems less user-friendly is considered to be acceptable collateral damage.

Maybe there's a market for a bank which will only open an online account for someone who can pass a test of basic Internet competance and is prepared to sign a contract taking full responsibility if they are ever caught out by a phisher.

Mark

I am very happy to have this extra level of security. They seem to apply it only if you are transferring money out of your account, not for transactions between your accounts.

For people who don't know. This is a gadget like a calculator that has a slot for the card. It does not connect to the computer . It has no security information in it.

Robert

With the Barclays 'gadget' (used with their Connect debit card), you need to use it even to see your online accounts. You can then transfer money between your Barclays accounts. However, you need to use it for a second time if you want to transfer money out of (and probably also into) Barclays.

To the OP, suppose the nationwide said to its clients: "you can opt out of using this gadget but by doing so you agree to be liable for any fraud that would have been have been detected by it." Would you opt out?

Robert

I'd be happy if NW would send me a new debit card that works with the machine. They have sent my wife two new debit cards and the machine, but they refuse to send me one. (& yes, it is a joint account).

Is your wife the first named account holder? If so, that's probably why they sent cards and the reader to her.

Are you both individually registered for internet banking? You will only need a new card if you are. In our case, it's a joint account with me as the first named. I'm registered for internet banking but my wife isn't. They sent me a new card - and the reader - but nothing to her. That's fine because her existing card works for everything she needs to do.