Community

Join the Community

22,959
Expert opinions
43,833
Total members
427
New members (last 30 days)
188
New opinions (last 30 days)
28,974
Total comments
Join Sign in

Online Banking Card Readers: no more room in the suitcase

  0 1 comment
Retired member
Unfollow

Preparing for my latest overseas business trip, my online banking readers and tokens have been proudly promoted to the final mandatory check for travel along with... passport? ticket? cash? credit card? I'm gathering quite a collection of them now, and given the amount of airmiles they're undertaking I'm considering giving them their own loyalty card with their favourite airlines.

In all seriousness - what a pain!

Then I read with great interest Mr Ross Anderson and his colleagues at Cambridge University found weaknesses when they reverse engineered card readers from Barclays and NatWest. I guess it's no surprise to the majority of us. The true impact of the findings are of course the burning questions we want to know about.

Access the paper here>>> 

http://www.cl.cam.ac.uk/~sjm217/papers/fc09optimised.pdf

Whilst the success of significantly preventing online fraud spiraling out of control over the past couple of years will no doubt be attributed to the gadget, and I'm fully supportive of the initiative (having been involved in it), I've yet to be asked to verify myself over the phone when I spend, or service any of my various financial relationships with these organizations, and was amazed at the various security questions, reminders, passwords, pins, and code combinations I was expected to provide in response to my request to change an address whilst all the time the card reader sits relatively unused in the bag!

As a great boss once told me....never criticise; criticise and provide a solution.

So maybe I'll go and pop into my local branch instead so they can check my signature against the sample they took from me 15 years ago.

 

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

4864
 

Share

 
 
 
 
 

Comments: (2)

Stephen Wilson

Stephen Wilson Managing Director at Lockstep Consulting

One time password tokens are understandably native/proprietary amd divergent.  But I don't get why the unconnected card readers don't interoperate with all EMV cards.  Are there variations in the CAP implementation that means Visa cards don't work in MasterCard issuers' readers? 

[The Cambridge boys have grabbed headlines once again, but the moral of their findings is really that security devices need careful engineering, not that "Chip and PIN is broken".]

Isn't it time we took the next step, and advanced from unconnected readers (where there is clearly no imperative for interoperability) to connected readers where, like ATM and EFTPOS, the one reader would be expected to accomodate all cards?

I note that integrated smartcard readers are getting more widespread once again, probably in response to the fact that there are 1000 million EMV cards around the world, and at least 200 million government and health smartcards.  Dell even has a laptop now with both contact and contactless readers!

And here's a funny story about someone who didn't even notice that his laptop had a reader built in.

Connected readers remain a bugbear, but for no good reason.  It's a simple matter of supply and demand.  In 2003, most major laptop vendors (including Dell, Acer and Compaq) released product with built-in smartcard readers, in response to announcements from Bill Gates that Microsoft was committed to chips.  That wave of interest turned out to be premature, applications didn't materialise, and the vendors took the readers out in favour of other features.  Yet the clear lesson is it doesn't take much of a trigger for laptop makers to provide smartcard readers. 

If just one large financial institution was to commit to connected readers -- for all the inherent and unique benefits you get from proper signing of transactions -- then it's likely that built-in readers will quickly become standard, and we'd be on the way to getting rid of all the special gadgets. 

A Finextra member 

Your right about these being a pain.  However, I have one from the RBS, one from the Nationwide, and my wife has one from another bank.  I can use any reader with any card and it works.  So. if I'm away from home I need only pack one, and lighten the load.

More expert opinions

Elaine Mullan

Elaine Mullan Head of Marketing and Business Development at Corlytics

RegTech’s carrot and stick dilemma and what really makes financial firms jump?

1

Eugenia Mykuliak

Eugenia Mykuliak Founder & Executive Director at B2PRIME Group

Change vs. Run: How to Structure Operations for Growth and Stability

2

Dmytro Spilka

Dmytro Spilka Director and Founder at Solvid, Coinprompter

Which Type of ISA Is More Resilient During a Recession?

2

Hugo Chamberlain

Hugo Chamberlain Chief Commercial Officer at smartKYC

The Challenges of Name Redaction in Adverse Media Screening: Balancing Privacy and Public Interest

12

See all opinions

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Join the Community

22,959
Expert opinions
43,833
Total members
427
New members (last 30 days)
188
New opinions (last 30 days)
28,974
Total comments
Join Sign in

Trending

Mouloukou Sanoh

Mouloukou Sanoh CEO and Co-Founder at MANSA

How Stablecoins Are Transforming Remittances for Migrant Workers

Ruchi Rathor

Ruchi Rathor Founder at Payomatix Technologies

How to Build a Customer-First Culture in Fintech

Paul Quickenden

Paul Quickenden Chief Commercial Officer at Easy Crypto

Is the crypto bull run over?

Jamel Derdour

Jamel Derdour CMO at Transact365 - www.transact365.io

From Cash to Clicks: The Digital Transformation of Payments in South Africa

Now Hiring

All companies

Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.

Please read our Privacy Policy.

Accept