I got a letter through from Natwest today about some new improved security measures rolling out to their online banking service. Within the next few weeks it looks as though I’m going to get a Natwest branded card reader, similar to the image on the left.
This will work in unison with the other passwords I have setup with their online banking and will prevent anyone gaining access to parts of my online banking should they manage to get my passwords.
I quite like the look of this system. It reminds me of the RSA Securid I had to use when working for a large ISP some time ago. This version looks a little more user friendly however, and will only work when you place your card inside the reader and enter its PIN number.
The card reader seems to give another three layers of security as any fraudsters will need a copy of your card, PIN number and your unique card reader to be able to get access to money transfer options. I’ll be sure to write another post when I get my card reader as I’m intrigued as to how it works and whether the process of using online banking is hindered by the new system.
[...] blogged the other week about the Natwest Card Reader. Since that time, I’ve received my own card [...]
have you received teh reader yet? what letter did it come with - just curious how they positioend these things to the market
John, I received my card reader about a week ago. I wrote a post about it.
It didn’t come with a letter, just an instruction booklet on how to use the thing to set it up with your accounts online. All very easy to do really.
If the card reader needs your PIN to work, then this implies that the PIN is stored on your card, and that the reader verifies that the numbers keyed in are the name.
Surely this means that a whizz kid with a stolen card could modify the reader to come up with your PIN by a computerised scroll through, if injected at the keyboard out stage?
I remain unconvinced about the security aspects.
Yes, the PIN is stored on the card. (Link to info)
That’s how chip and PIN works, the card reader in stores checks the PIN you type against the one in the card. The card locks the PIN after three incorrect attempts.
Why are you unconvinced? Someone who had access to your online banking account could easily add a new payee and transfer your hard earned cash to that account. With this new card reader, they need to prove that they have the card with them. The card reader you get sent is the only one that will work with your cards.
I got mine Yesterday i think it is a Pain to be honest I have never had problems with online backing or shoping just think his is a wast of time and money.
does this mean when i bank and shop online ill be asked to enter my pin? and Chris Broome when did Natwest Write to you to let you know what date was it?
Chris Broome, You generally only need to use this once or twice for online banking. You only need to use it currently to setup a payee via online banking.
K Thompson, No. This is purely for use in the Natwest online banking website. No legitimate e-commerce website should be asking you for a PIN code.
from what i understand, you can use some one else’s card reader with your card, so the reader is therefore not unique to you. what stops someone from stealing my card, finding out the PIN and using it in a card reader of their own?
You’re right, the card reader is not unique to a certain individual(unlike the PayPal security key U.S. only). The aim of the reader is not to be unique but to demonstrate in a secure way that the person using the online banking has the card. This is a 3rd level of security. You say to the bank, ‘this is my user number’ and ‘my password is this’, the reader adds and extra level by saying ‘I also have a card associated with this account and know the pin number’! Hint: you should always have a different pin for the card to that you use to login to your bank otherwise the extra level becomes redundant.
thanks for this reply, but then, what stops me from just typing in any old random number? how does the bank know that the number i type in from the reader has actually come from there? is there some sort of algorithm linked to my card number? i sincerely hope not….
When you are required to enter a number, the Natwest page gives you a number to type into the reader, when you are validated by the reader, it in turns issues you wish a further code which is the result of an algorithm involving 256-bit encryption, therefore pretty much 100% secure!