I had an interesting experience in my local bank branch the other day. I went in to withdraw cash (the ATM doesn't dispense £1 coins and £5 notes), only to find that the process had changed - significantly for the worse.
Previously, I'd put my debit card in a POS-type card reader on my side of the counter, type in the PIN, and then I'd get the cash from the cashier. Not any more...
This particular bank uses the calculator-style PIN pads for online banking, and they now seem to have introduced them into branches. Now, I had to hand over my debit card to the cashier, who put the card into one of the 'calculators', then handed the entire
edifice to me. I had to put in my PIN, then hand the whole lot back for her to input the code to her computer. Only after that was she able to give me my cash, along with the debit card and a little piece of cardboard telling me about this wonderful new,
'more secure' service. Apparently, we have to go through the same process in future, even if we want to talk to someone about our accounts.
I have three issues with this.
1) it's very cumbersome, my debit card passing back and forth like a pinball. Whoever dreamt this up didn't practice the process beforehand, otherwise they surely wouldn't have done it.
2) my security friends tell me that this process isn't nearly as secure as using the old process of putting the PIN into a POS device, and who am I to agrue?
3) it doesn't really generate a secure feeling with customers. Indeed, one guy next to me was put through the same process. He queried as to how this could possibly be secure (he thought the code was passed by wireless and that could be intercepted, which
it isn't) and was 'assured' by the staff that it was, but they 'didn't know the technology'. In wider terms, these devices have been sent to people as a means to make online banking more secure. The idea is that you put your PIN in and get a code that only
you have seen to put into your computer, etc. Introducing the same process in a public banking hall, when you also pass the device, with the code visible to another person, rather undermines the sense of security that they are surely trying to engender.
No, it seems to me that, having invested so much money in these devices, the bank has decided to apply their use to other areas, in order to justify the investment. In the process, they are potentially undermining the values of security that they are trying
to associate with these machines.
Oh, and having to use a device like this to 'prove' who I am before the bank will talk to me, rather leaves me with the impression that I am viewed as a potential fraudster, rather than the real customer that I am; but maybe I am being too sensitive...