17 July 2018
Paul Penrose

Finblog

Paul Penrose - Finextra

307Posts 1,376,500Views 248Comments
A post relating to this item from Finextra:

Barclays to roll out smart card readers to online banking customers

18 April 2007  |  17105 views  |  0
3218.jpg
In the second half of this year, Barclays customers who use their online bank account to set up payments to new third party accounts will be issued with handheld chip and PIN readers provided by Dutch...

Barclays faces protest over clunky PINSentry authentication

19 December 2007  |  9969 views  |  1

Rumblings of discontent among Barclay’s customers over the bank’s new PINSentry chip and PIN authentication device for online banking. The device, provided by Dutch vendor Gemalto is used together with the customer's normal debit card and  PIN, to authenticate the cardholder’s identity at log in and for making certain payments.

PINSentry may have a 21st Century name, but it’s the most clunky piece of kit I’ve seen in a long time. As with a merchant Eftpos terminal, users must insert their card into the top of the machine and tap their PINs using the large rubber numbers on the interface. It’s vaguely reminiscent of the early brick-lite hand-held calculators and light-years behind the more elegant keyring-styled random number generators produced by firms like Vasco and issued by HSBC.

And while the device is being issued as part of an effort to protect customers making third party payments under the proposed new Faster Payments regime, Barclays is also insisting that users connect via PINSentry at each log-in to their online account. This has caused a storm of protest among customers, who object to having to lug around PINSentry when they’re on the road and need to access their accounts remotely. One disgruntled user has even started an online petition against the release (you can also see a pic of the kit here).

Worse still, the message is spreading that PINSentry, as with other number-based two-factor authentication systems, is not really that watertight and can be circumvented by man-in-the-middle attacks and other sophisticated Web assaults.

I think it’s back to the drawing board for Barclays – and other banks backing this ill-advised Apacs-approved push to supply online account holders with Chip and PIN-style home banking technology.

TagsSecurity

Comments: (2)

Paul Penrose
Paul Penrose - Finextra - London 19 December, 2007, 17:03 Yes, the NatWest device is supplied by Xiring. Both Barclays and NatWest are complying with the broad guidelines agreed by umbrella payments body Apacs for using Chip and PIN online - essentially they've designed an Eftpos terminal for consumer use at home. Fine in theory, but it doesn't play very well with the average online banking consumer, who would typically expect to be able to perform routine transactions while at work or travelling away from home without the hassle of lugging around a card reader everytime they leave the house. I'm beginning to think HSBC and Abbey National had the right idea when they decided to go their own way and opted out of the national push for Chip and PIN online.
Be the first to give this comment the thumbs up 0 thumb ups!
John Holden
John Holden - Future I S Consulting Limited - Hindhead 19 December, 2007, 17:26

Barclays has some account products only accessible through Internet banking, and the branch and telephone banking people claim not even to be able to see them.  Where PINSentry has to be used for log-in, if anything then goes wrong with the device, the Internet-only accounts become inaccessible until a replacement can be supplied.   Not good.

Be the first to give this comment the thumbs up 0 thumb ups!
Comment on this story (membership required)

Latest posts from Paul

ANZ and Visa lose the plot

30 June 2011  |  6856 views  |  0 comments | recomends Recommends 0 TagsMobile & onlineRetail banking

Don't give up the day job...ever

20 May 2010  |  6102 views  |  0 comments | recomends Recommends 0 TagsTrade executionWholesale bankingGroupWhatever...

Now we are ten

19 April 2010  |  6473 views  |  3 comments | recomends Recommends 0 TagsRetail bankingWholesale banking

Finextra's Best of the Web

05 March 2010  |  5982 views  |  1 comments | recomends Recommends 0 TagsRetail bankingWholesale banking

The ATM was the last great financial innovation

25 February 2010  |  10136 views  |  8 comments | recomends Recommends 0 TagsRetail bankingWholesale bankingGroupFinance 2.0

Paul's profile

job title Head of Research
location London
member since 2007
Summary profile See full profile »
I'm responsible for editorial content and quality control across the full range of Finextra media.

Paul's expertise

Member since 2006
307 posts248 comments

Who's commenting on Paul's posts