ONLINE BANKING STAYS IN THE DARK AGE



 A large ( big 4 )  UK bank recently sent its corporate customers a letter advising them of their  ‘new’ security solution.  

Here is an extract from the letter :

" Online banking fraud and identity theft is increasing across the UK - in 2009 fraud across all UK banks exceeded £59m.  Fraudsters are becoming ever more sophisticated in their efforts to obtain personal information and gain access to accounts. 
We're committed to keeping your Internet Banking service safe, so we're introducing a more secure way to bank online using a card reader.  A card reader is a small handheld device which you will need every time you bank online.  We'll send one to every registered user within your business.  "

Talk about being underwhelmed.  If I was a customer I would be seriously unhappy.   But most  customers probably will not.  That is because they (probably)  don’t realize that : 


1)  THEY are going to be paying  (in their bank charges)  for the  £10 + charge that the bank will be   paying the provider for each device plus an additional admin charge per user over and above that plus the costs of packaging, postage,  the carbon footprint,  the landfill disposal ( once finished) ;   OR
  
  2)   that the device itself is not secure.   The ‘ million dollar device’ generates a PIN that is then entered  into the browser, which is actually what you are trying to secure, before having done so.   The hackers love the browser and have dreamt up many ways of intercepting credentials through Man in the Middle attacks and Man in the Browser attacks;  OR
      
3)   that when they lose ( or misplace ) their device, or it gets lost in the post or when the battery runs out – then they wont be able to do online banking until they have jumped through numerous hoops that will drive them crazy -  wishing they had never gone for online banking in the first place !!
   
    This is an extract from a website dedicated to unhappy customers moaning about these devices (this from another bank – but same device.)
    
     I   HATE THE STUPID THING!!!! I have just spent another 15 minutes trying not to scream at the chap in Mumbai because the device did not accept that I had entered the correct details 4 times. I also have had to resort to phoning the helpdesk on the last 3 occasions that I used online banking. I have now made 3 official complaints (don't suppose they will do any good) and will now be looking to move my bank accounts to another bank so that I can continue to do my banking speedily online without the need for lengthy phonecalls each time.
     
    There are other solutions out there. If only the banks woke up and smelled the roses and realized that they weren’t beholden to the large incumbents.   There is a lot of innovation going on out there and the solutions are cool,  affordable and most importantly effective !!

      Can you guess which bank this is ?  




Comments

  1. It seems to me a completely unworkable solution. Do customers not have cellphones which can be used for receiving one-time passwords?

    ReplyDelete

Post a Comment

Popular posts from this blog

The End of Passwords

WIKILEAKS - the fuss?

SPOOKS - CYBER ATTACK