Blog article
See all stories »

An article relating to this blog post on Finextra:

Banque Populaire to issue Xiring card readers to Internet banking customers

Banque Populaire in France is to equip 400,000 customers with Xiring's Xi-Sign card authentication reader for securing online banking and e-commerce.


See article

Are Card Readers Secure?

I'm sure it's okay really, and that it's just my lack of knowledge about the detail, but a conversation the other day meant I couldn't help wondering about the level of security we get with card readers, and there seems to be such a proliferation of them now.

A friend of mine is now the 'proud' owner of four of the devices, sent to him by a number of different financial institutions with which he has dealings (and of course manage in part over the Internet).

He hasn't tried it with all of them yet, but he has found that two of them are interchangeable, i.e. to access either of the accounts, he can use the card from either institution with either of the devices, and they still provide the right code for each (if you follow my drift).  This is the bit that worried me, as I'd have thought that there would have been different routines in each device and bank and therefore you couldn't successfully mix the device from one bank with the card from another.  I've even heard rumours that you can buy these devices - unbranded - in certain outlets and they also work perfectly well with bank cards.

Well, I discovered that this isn't a problem because of the standards they use.  Whilst some of the explanation is beyond me personally, not being technical, I believe I now know enough to allay my fears - at least as much as they can be when it comes to matters cards and internet.

It does strike me though that, if they are meant to be interchangeable, why don't the banks club together and send out one reader to each household, or tell us where to buy one, rather than each one double (or in my friend's case, quadruple) up the cost...?

At least my friend shouldn't have a problem accessing his accounts when one device fails and he is waiting for a replacement.

Comments: (5)

James Tomaney
James Tomaney - Renovite Technologies Inc - Edinburgh 27 January, 2009, 10:47Be the first to give this comment the thumbs up 0 likes

These devices are interchangeable in that they all implement Chip&PIN based on EMV standards - it's just the same as using the card reader/PIN Pad at the POS in any store or at any ATM. 

A Finextra member
A Finextra member 27 January, 2009, 14:11Be the first to give this comment the thumbs up 0 likes

I distinctly remember some years ago where it was suggested it would be cheaper to just send a free "white label" card reader to everybody on the electoral register on behalf of the banks.

I also distinctly remember at that same meeting when somebody predicted the reader would be an iconic symbol similar to the iPod!

With these differences in views and opinions at the birth of the reader, I guess it's no wonder your friend now has four of them!

Hindsight is a wonderful thing! oh and so is the iPod ;-)

 

 

 

 

Keith Appleyard
Keith Appleyard - available for hire - Bromley 28 January, 2009, 16:20Be the first to give this comment the thumbs up 0 likes

I'm happy with my Xiring Card Reader from Royal Bank of Scotland.

The only problem was when it 'broke' after 6 months. I ordered a replacement on-line which was promised in 3 days but I had to re-order it in person when it hadn't arrived after 10 days and I was getting desperate running out of cheques.

Thereafter in the space of 5 days 3 Xiring readers arrived - which is great for when I misplace any one of them. I certainly wouldn't rely on only having one from now on, but would always have a 'spare' in the house no matter who I banked with.

Nick Green
Nick Green - ISD Consultants - Northampton 29 January, 2009, 11:07Be the first to give this comment the thumbs up 0 likes

One word - MARKETING. Yes you could have one reader and that would work for a number of cards (the banks agreed a standard method so they would). But each bank wants to publicise it's doing something about security and wants their brand to be 'front of wallet' when it comes to using on-line security.

Nick Collin
Nick Collin - Collin Consulting Ltd - London 01 February, 2009, 14:03Be the first to give this comment the thumbs up 0 likes

Roger

The key point is that the secret is in the card, not the reader.  This adds to security rather than detracts from it.  The approach leverages the highly secure global EMV standard built into each chip card.  The reader is just a dumb device for accessing this infrastructure.  The fact that you can use anyone's reader is an added convenience.  As a matter of fact the UK banks did consider clubbing together at one stage, but given the politics, opportunities for differentiation and marketing, and the fact that thge readers are so cheap, I don't think the initiative ever got anywhere.

 

Roger Elwell

Consultant

Yes Please

Member since

23 May

Location

Colchester

Blog posts

83

Comments

39

This post is from a series of posts in the group:

Online Banking

This community is for discussion of developments in the e-banking world, including mobile banking. This can include all the functional, business, technical, marketing, web site design, security and other related topics of Internet Banking segment, including public websites of the banks and financial institutions across the globe.


See all