I think it may be time to leave NatWest.
They are introducing “Chip & PIN” style card readers for customers to use with their online banking service.The reader (which is apparently only used for some transactions) takes your card, your PIN and an authorisation number on screen and generates an authorisation code which must match one on the screen.
Now, NatWest claim this adds an extra level of security to online banking. I disagree. I think it adds an extra headache and a whole lot more hassle to a system which is an actual fact, pretty secure.It also means I have to carry my card reader around if (for instance) I want to do banking from work or a friend/family’s computer. And I can tell you now, I do NOT want to be carrying this thing around with me all the time.
Aside from the hassle of just carrying the thing around with you (and risking losing it), the instructions on the NatWest site are likely to confuse the hell out of most people.
So instead of spending our money on clever looking gadgets that make online banking even more complicated, why don’t they just invest it in a high profile anti-phishing campaign. Because that’s that’s the real problem here - and I’d bet good money that most NatWest customers don’t even know what phishing is.
Still - I can’t help wondering if this thing is hackable…
13 Responses
Andy
October 11th, 2007 at 7:46 am
1It’s what’s euphemistically called ‘the future’… All the banks here in the Netherlands have them. With some the ‘calculator’ is generic and you have to insert your card; with others, it’s pre-programmed for your account and you don’t need a card. It’s a bit patchy though - as an ABN Amro account holder, i need a calculator and a card to access my current account, but just an email address and password to access my credit card account.
Dom
October 11th, 2007 at 6:55 pm
2Bah.
I thought technology was meant to make my life *easier*.
FriendJ
October 25th, 2007 at 1:41 pm
3I’ve got one too, and thought much as you did, but from what I picked up in glancing at the bumph it is only used to add new payees, which is what someone trying to steal your cash would be doing if they got in. Otherwise you can do all your usual online banking bobbins without ever switching it on. I haven’t used or needed mine since it arrived a few months back.
G Smythe
November 5th, 2007 at 3:57 am
4Not sure if this will work, but heres a video of this being opened and taken apart..
G Smythe
November 5th, 2007 at 3:58 am
5okay the embed didnt work heres the link instead…
http://revver.com/watch/467867/
Dom
November 5th, 2007 at 7:17 pm
6Ha! I’m not sure I’d want to do that with mine. Not that I’ve needed to use it yet…
james douglas
January 11th, 2008 at 10:51 am
7i agree, total waste of time.
tried changing a standing order at work which i cant and im not returning home until next week now, which by then it will be too late!!!
in the words of natwest - “there’s another way”
Andy
March 2nd, 2008 at 9:49 am
8Dom said “I want to do banking from work or a friend/family’s computer. ”
Well is this thing even more useful for you then ? I am sure that if your using shared computers and money started to go from your bank account you would be one of the first people to moan ? not to mention put you in a difficult situuatuion with either your friends or your company. So why no try and work with the bank when they are trying to protect you and your money ?
Any if you read the instructions, its only used when setting up certain things. I have been asked for it once.
Regards.
Andrew
March 11th, 2008 at 10:19 pm
9I agree Dom. Waste of time and another cable for your PC desk that we do not need. My password is secure and not recorded anywhere. Natwest should look elsewhere for security instead of forcing us to use this crap. Andy, if you use a shared PC then it is up to you to log out. I doubt this is of much use to Dom as you suggest, as he states he is not going to carry it about. Can you imagine asking your boss to buy one for work? Yeh right. Roll on big brother…..
ESSIQUE
March 22nd, 2008 at 2:36 pm
10Here in France we have the E-card system which is very easy to use and very secure. Why does Natwest launch this outdated uneasy to use system ?
With the E-card system, when you pay online you ask for an E-card to be generated. An E-card is the image of a credit card but it can only be used for ONE payment then it is destroyed. It gives you a card number, expiration date and security code. You just click and drag these codes into the sellers system and that’s it. It is linked to your credit card account and totally transparent for you. I never give my card number through the net and always use e-cards. If the seller does not accept the e-card system, I do not buy from him.
Julian
April 30th, 2008 at 2:12 pm
11Andy - No one wants to make systems less secure but they should be user friendly and it is a brave step to implement a barrier to customer friendlyness whislt other banks are not.
There are smarter ways to increase security rather than issuing this cheap calculator system. More importantly the risks to security that the calculator is meant to prevent are open to abuse on the telephone banking facilty at NatWest ie if some is smart enough to gain access to someones passwords they don’t need the calculator system - they can use telephone banking to transfer the money as security is less than on the internet.
Also if money is transferred electronically surely it is not beyond the technicalities of the bank to trace it and find the person easily. Surely more easily to find a person than someone who steals a wallet in the street!
Yours frustrated with NatWest
Julian
Elliot
June 17th, 2008 at 4:31 pm
12The device is for online transactions ONLY. ie setting up DD, standing orders…. anything to do with money coming out the account. You do not need the calculator to login.
edocronian
June 25th, 2008 at 1:36 am
13I’ve worked for NatWest, and I now work as an IT engineer. I also have more than a passing interest in crypto, security and the such, and yet I find the Natwest site is about as clear as mud.
Having taken it apart, and rather than just shredding it like the revver video, I had a poke around. There are all of 5 or 6 parts on the board (caps, a diode, some other bits), and the main IC is under the card reader itself, and pretty well covered in resin. They (understandbly) dont want anyone looking at the IC. (Security through Obscurity? )
There are some extra pads for other buttons that arent used on my Natwest one. There are also some odd contacts on the PCB: GND TEST DATA etc. This is most likely for flashing whatever IC it is during manufacture. (I’d like to point out that the presence of ROM programming contacts on the PCB was how Xbox modchips worked)
Yes, its probably hackable. What for I dont know. All it does is do some cryptotrickery that turns a number into another number via the secret in your cards chip.
Perhaps some clever Germans with an academic lab and a PhD to do would like to have a go, ja?
Leave a reply