RBS card reader

[seaviewuk]

I got sent a card reader the other day by RBS to use during online transactions on my current account.

When prompted I have to insert my card in the reader (not attached to pc..btw) , enter my pin and it generates a random code which I have to enter online to authorise the transaction.

Any one else use these?

 

[TheMagicPirate]

NatWest are implementing them. Had mine for a few weeks now and only used it once to set up a new 'payee'

 

[Doonhamer]

Received mine from RBS weeks ago but never actually had to use it yet.

 

[tntcoder]

Yer got mine from natwest, havent used it yet though.

 

[Werewolf]

Barclaycard were trying them out about 18 months ago, but no online stores really used them :/
I think they went with the fixed password securecode instead of the cardreader + card + pin = random securecode.

Barclays bank are meant to be bringing in a similar card reader in the next year for online banking.

 

[chiggz]

i want one

i'm with natwast.. how can i go about getting one? is it in some kinda "beta/test" phase? i use natwest online quite a bit but never come across nothing like this..

 

[BurningHorizons]

i want one

i'm with natwast.. how can i go about getting one? is it in some kinda "beta/test" phase? i use natwest online quite a bit but never come across nothing like this..

It's a limited/beta-ish rollout.
In about 6 months every RBS/NWB OnLine Banking customer will have one.

 

[Guru]

Always wanted to get hold of a card reader so I could use it to read people's magnetic strips and copy them onto mobile phone top up cards.

Nice one RBS

 

[knip]

Ive got a natwest one, its made it out of the box for me to look at but god knows what im meant to use it for. Was somewhat reassured when my mate who works for them said she didnt know what the bejeezers I was on about either.

 

[whitecrook]

this sounds like a really bad idea.



this goes against the one onf the major plus points of the carsd themselves. They are cheap, can easily be replaced, or updated, and carried about.

These readers will be more expensive and if you need it to use your card could be inconvienent.

Say you happen to be away from home and want to order something online, you forget to bring your reader what do you do.

So this generates a code of some sort, whay can't the computer system generate this code for you? Presumably it's one of these time based code systems, perhaps you could log into your online account and retreive a number from there,

All seems a bit pointless really.

 

[Coran]

It's commonplace in Germany and Belgium. I'm not sure which Belgian bank it is but the site gives my friend a code which he inputs into his card reader.. puts his pin in and then has to put the code back into the computer.... all this to check his online banking stuff. Safe but a royal pain in the ass if you're on holiday or something.

Personally I don't even need my card to buy something online since I know the numbers. The card readers are kinda cool but it would be incredibly annoying if I had to use one.

 

[Redrum]

I got one through from Barclays a few days ago. They are calling it Pin Sentry. Some people in this thread seem to have the wrong idea about them though assuming the other banks ones are the same as the Barclays one. You don’t use it to go shopping, online or otherwise. It is just for online banking. Its an added layer of security that is actually needed because the trouble with conventional online banking is it is susceptible to key loggers, which can infect your computer through viruses and other malware. These devices put a stop to that.

The banks have brought in Verified by Visa and Mastercard Secure Code to increase the security for online shopping and obviously we have chip and pin now for real world shopping, so I think they have been doing a good job to combat fraud over the last few years.

 

[gumbald]

Got a new card through from Natwest, and then a letter a few days later telling me I'd be getting a reader. Not turned up yet though.

 

[whitecrook]

Safe but a royal pain in the ass if you're on holiday or something.

The ONLY WAY to be 100% safe is to not use a card online. Anything can be cracked. To be 110% safe - don't even have a card!

Personally I don't even need my card to buy something online since I know the numbers. The card readers are kinda cool but it would be incredibly annoying if I had to use one.

empasis mine - indeed - I thought kinda the point of cards is to make paying for things convienient. (and to make loadsa money for the banks, they love it when people spend their money)

 

[Alasdair]

I'm all for these systems. Two-factor authentication is long overdue in retail online banking, it is the norm for corporate banking systems and works very well. By having a second authentication method, you not only eliminate any security risks through disclosure of personal login information or phishing, but also you ensure that any transactions are completely non-repudiated and therefore the risk to the bank is nullified.

I believe they are indeed time-based, the clock in the reader being in sync with that on the bank servers. When an access request is made, the pseudo-random code generated will match that produced by the authentication server at the same time. There's a lot more to it than that, but it's really just a simple way of ensuring that the card and PIN are in the possession of the user only. If the PIN is disclosed, tough luck on the cardholder.

As for the software generating the code for you, there's no point in this - you want to have your secondary device completely external to the PC - if the internet banking system was to generate the code itself this would defeat the point of having the second level of security.

The development in banking security technology in which I'm most interested is the bank card that has an integrated Secure-ID token, i.e. an RSA device that generates a code every sixty seconds. The card also has an LCD display so the code can be read - very cool stuff.

al

 

[Redrum]

The ONLY WAY to be 100% safe is to not use a card online. Anything can be cracked. To be 110% safe - don't even have a card!

A lot of people still unfortunately have that attitude. The question is, safe from what? The truth is, there is no risk to the consumer, only to the retailer and the bank, so that really isn't a reason not to shop online. If your card is used illegally online, you call up the bank and they give you your money back. It is usually taken from the company that the transaction was made with, or if not, the bank will take the hit, but the consumer is not at risk.

 

[whitecrook]

A lot of people still unfortunately have that attitude. The question is, safe from what? The truth is, there is no risk to the consumer, only to the retailer and the bank, so that really isn't a reason not to shop online. If your card is used illegally online, you call up the bank and they give you your money back. It is usually taken from the company that the transaction was made with, or if not, the bank will take the hit, but the consumer is not at risk.

Providing you notice that there has been a fraudulent transaction. If you have no card there will be nothing for you to notice.

 

[Vixen]

My boyfriend got a new card a couple of months ago, followed by one of these readers. I really wish I was still working for RBS so I could find out when I'm getting one myself .

 

[Dave M]

The banks have brought in Verified by Visa and Mastercard Secure Code to increase the security for online shopping and obviously we have chip and pin now for real world shopping, so I think they have been doing a good job to combat fraud over the last few years.

If they sent you a 'secure code passcode' through the post it might be, but they invite you to register while checking out, and only require the name on the card and your dob to do so.

You can't even register yourself to stop anyone else doing so - becasue you just click forgotten password and it asks you for your name and dob - then lets you change the password!

Ultra secure, not.

 

[Redrum]

If they sent you a 'secure code passcode' through the post it might be, but they invite you to register while checking out, and only require the name on the card and your dob to do so.

You can't even register yourself to stop anyone else doing so - becasue you just click forgotten password and it asks you for your name and dob - then lets you change the password!

Ultra secure, not.

I agree that its not perfect, but it does help, and the banks must have faith in it as in most cases, they are agreeing to cover the cost of charge backs so they are putting their money where their mouth is.

I would be interested to see if there is any statistics on how much it has reduced fraud for the sites that have implemented it.