Is it just me or has online banking got worse?

Peter,

Having seen your photo, I think I can understand why the bank wants to be extra cautious.

:-)

Happy New Year and not just you!

A number of Banks are adopting this approach, as an example I have the same with Barclays Online Banking.   This is a trend.  Whilst you cannot argue against the security this offers (the Barclays site has won awards) for those less computer skilled it must be such a difficult set of steps that the functionality is avoided with other methods being used to make payments and transfers i.e. telephone banking. 

What does seem to be improving is mobile phone banking, although at the moment in the case of my Bank this is query only rather than updates. 

-Rob.

Nationwide use exactly the same readers. I could not agree more that for the first payment to a new payee it should be compulsory, but regular variable payments to the same person or organisation should not require the reader.

Whoever designed the system did not do a thorough analysis of the users needs. But tell me a bank that listens to it's customers - certainly not any that I have had dealings with over the last 30 years.

Grumpy of Barnet (Mel Haskins)

I've been a Barclays on-line bank user for many years and think their 2-factor system is excellent.  I have far too many passwords to remember and on-line banking is the one you really do not want to be the same as all the others.  Barclays clearly did listen to their customers as I only have to authenticate again for a new payment and not one that has been set-up previously.

Just look at The Netherlands - it's worked fine for them for much longer and they do not have the same level of phishing issues we have.  The sooner the banks roll this out to everyone the better (and the phishers can stop spamming the UK and focus on the next weakest country).

Also, if/when the UK banks launch a new payment system like iDEAL, giropay, SVP, etc they will need this level of authentication to secure the transaction.

Peter - Par for the course I'm afraid, by which I mean that it is a patch to address a problem that causes inconvenience whilst not addressing the problem, merely moving the attack. Prevent phishing? Er, no, just means it has to be done in real time, which may alter the current criminal supply chain a tad, but I'm sure they'll cope.

Rob/Alan, yes Barclays was first off the blocks with implementing this, which is an APACS (as was) standard, and it has indeed won awards - such as the 2008 Nominet Best Security Initiative - judged by none other than Richard Martin of, er, well that will be APACS. Reminds me of Monty Python's 'Award Winning' book*.

Yes it will force fraudsters to migrate in the short term, just like Chip and PIN did, but the migration is equally obvious here.

Happy New Year!

Andrew

* Winner, Monty Python Awards for their own material