ONLINE BANKING STAYS IN THE DARK AGE



 A large ( big 4 )  UK bank recently sent its corporate customers a letter advising them of their  ‘new’ security solution.  

Here is an extract from the letter :

" Online banking fraud and identity theft is increasing across the UK - in 2009 fraud across all UK banks exceeded £59m.  Fraudsters are becoming ever more sophisticated in their efforts to obtain personal information and gain access to accounts. 
We're committed to keeping your Internet Banking service safe, so we're introducing a more secure way to bank online using a card reader.  A card reader is a small handheld device which you will need every time you bank online.  We'll send one to every registered user within your business.  "

Talk about being underwhelmed.  If I was a customer I would be seriously unhappy.   But most  customers probably will not.  That is because they (probably)  don’t realize that : 


1)  THEY are going to be paying  (in their bank charges)  for the  £10 + charge that the bank will be   paying the provider for each device plus an additional admin charge per user over and above that plus the costs of packaging, postage,  the carbon footprint,  the landfill disposal ( once finished) ;   OR
  
  2)   that the device itself is not secure.   The ‘ million dollar device’ generates a PIN that is then entered  into the browser, which is actually what you are trying to secure, before having done so.   The hackers love the browser and have dreamt up many ways of intercepting credentials through Man in the Middle attacks and Man in the Browser attacks;  OR
      
3)   that when they lose ( or misplace ) their device, or it gets lost in the post or when the battery runs out – then they wont be able to do online banking until they have jumped through numerous hoops that will drive them crazy -  wishing they had never gone for online banking in the first place !!
   
    This is an extract from a website dedicated to unhappy customers moaning about these devices (this from another bank – but same device.)
    
     I   HATE THE STUPID THING!!!! I have just spent another 15 minutes trying not to scream at the chap in Mumbai because the device did not accept that I had entered the correct details 4 times. I also have had to resort to phoning the helpdesk on the last 3 occasions that I used online banking. I have now made 3 official complaints (don't suppose they will do any good) and will now be looking to move my bank accounts to another bank so that I can continue to do my banking speedily online without the need for lengthy phonecalls each time.
     
    There are other solutions out there. If only the banks woke up and smelled the roses and realized that they weren’t beholden to the large incumbents.   There is a lot of innovation going on out there and the solutions are cool,  affordable and most importantly effective !!

      Can you guess which bank this is ?  




Comments

  1. Anonymous7 October 2010 at 01:52

    It seems to me a completely unworkable solution. Do customers not have cellphones which can be used for receiving one-time passwords?

    ReplyDelete

Post a Comment

Popular posts from this blog

The End of Passwords

Finally it seems … the penny has dropped.   Passwords are a poor substitute for real online security.   There is more and more ‘chatter’ about it.    Robin Henry writing in the Sunday Times on New Years Day talks of the end of ‘password hell’ invoking solutions in the pipeline from the Web Gods – Apple and Google.  The talk is of new biometric solutions such as facial and hand movement recognition.  Even IBM is talking this way.  ( http://www.forbes.com/sites/thestreet/2011/12/20/ibms-tech-predictions-for-the-next-5-years/ )  I agree with the notion that passwords are a dying breed but not that biometrics will become vogue.   They are fraught with problems of their own such as reliability, accuracy and the need for referencing of data-bases ( fail !) .    Why are passwords defunct?   Basically they are difficult to remember and they are easy to steal.    The solutions needed are those that require no cognitive load for the user ( the most unreliable participant in this enterprise
Read more

WIKILEAKS - the fuss?

Why all the fuss ? Why the ‘outrage’ at this ‘threat to national security’ ?   Are we really worried that nuclear war is going to break out because of these ‘dirty’ secrets getting out.  As if the North Koreans are going to up the ante any more than their mock charge of last week because of the abuse and scorn heaped upon them by US Diplomats.  ? !    Come on. To me the irony of this bluster is that it is (largely) from the right wing establishment in the US - calling it treason!     Any party that parades a half wit like Palin as a presidential hopeful hardly holds any moral high ground when it comes to protecting the USA.   Her appointment as the ‘leader of the free World’ will be enough to send any level headed American ( let alone any one of their Allies ) into a panicky tailspin at the thought of what she may stumble into ( by accident or design) . So how did these documents get out there?   Poor security.  Plain and simple.   If the US is so worried about this incident su
Read more

HSBC EMBRACES OLD TECHNOLOGY IN ITS BATTLE AGAINST HACKERS

 If you live in the UK and are somehow involved in the business world and exposed to media you could not help but have noticed the extensive advertising campaign that HSBC has been running on its new (sic) ‘security device’ for online banking - Secure Key.    ( I was tempted to refer to them as  ‘ large UK bank’  - but it is so obvious who it is – no point in pretending. ) A lot of money has been thrown at this campaign – I would guess millions.  ( http://www.youtube.com/watch?v=Jx0Z5CiQMIw )   Full page spreads in large circulation newspapers cost big bucks not to mention prime time TV slots.   So here you have the worlds largest retail bank splashing millions on advertising and even more on a ‘cool’ little device that looks like a mini-calculator  - but basically a technology that has been around for about a decade.   This will be rolled out to 4m retail customers worldwide at a reported cost of up to £50 per pop! ( http://www.bankingtech.com/bankingtech/article.do?articleid=200002
Read more