Community

Join the Community

22,234
Expert opinions
44,202
Total members
434
New members (last 30 days)
217
New opinions (last 30 days)
28,750
Total comments
Join Sign in

Online Banking Card Readers: no more room in the suitcase

  0 1 comment
Retired member
Unfollow

Preparing for my latest overseas business trip, my online banking readers and tokens have been proudly promoted to the final mandatory check for travel along with... passport? ticket? cash? credit card? I'm gathering quite a collection of them now, and given the amount of airmiles they're undertaking I'm considering giving them their own loyalty card with their favourite airlines.

In all seriousness - what a pain!

Then I read with great interest Mr Ross Anderson and his colleagues at Cambridge University found weaknesses when they reverse engineered card readers from Barclays and NatWest. I guess it's no surprise to the majority of us. The true impact of the findings are of course the burning questions we want to know about.

Access the paper here>>> 

http://www.cl.cam.ac.uk/~sjm217/papers/fc09optimised.pdf

Whilst the success of significantly preventing online fraud spiraling out of control over the past couple of years will no doubt be attributed to the gadget, and I'm fully supportive of the initiative (having been involved in it), I've yet to be asked to verify myself over the phone when I spend, or service any of my various financial relationships with these organizations, and was amazed at the various security questions, reminders, passwords, pins, and code combinations I was expected to provide in response to my request to change an address whilst all the time the card reader sits relatively unused in the bag!

As a great boss once told me....never criticise; criticise and provide a solution.

So maybe I'll go and pop into my local branch instead so they can check my signature against the sample they took from me 15 years ago.

 

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

4797
 

Share

 
 
 
 
 

Comments: (2)

Stephen Wilson

Stephen Wilson Managing Director at Lockstep Consulting

One time password tokens are understandably native/proprietary amd divergent.  But I don't get why the unconnected card readers don't interoperate with all EMV cards.  Are there variations in the CAP implementation that means Visa cards don't work in MasterCard issuers' readers? 

[The Cambridge boys have grabbed headlines once again, but the moral of their findings is really that security devices need careful engineering, not that "Chip and PIN is broken".]

Isn't it time we took the next step, and advanced from unconnected readers (where there is clearly no imperative for interoperability) to connected readers where, like ATM and EFTPOS, the one reader would be expected to accomodate all cards?

I note that integrated smartcard readers are getting more widespread once again, probably in response to the fact that there are 1000 million EMV cards around the world, and at least 200 million government and health smartcards.  Dell even has a laptop now with both contact and contactless readers!

And here's a funny story about someone who didn't even notice that his laptop had a reader built in.

Connected readers remain a bugbear, but for no good reason.  It's a simple matter of supply and demand.  In 2003, most major laptop vendors (including Dell, Acer and Compaq) released product with built-in smartcard readers, in response to announcements from Bill Gates that Microsoft was committed to chips.  That wave of interest turned out to be premature, applications didn't materialise, and the vendors took the readers out in favour of other features.  Yet the clear lesson is it doesn't take much of a trigger for laptop makers to provide smartcard readers. 

If just one large financial institution was to commit to connected readers -- for all the inherent and unique benefits you get from proper signing of transactions -- then it's likely that built-in readers will quickly become standard, and we'd be on the way to getting rid of all the special gadgets. 

A Finextra member 

Your right about these being a pain.  However, I have one from the RBS, one from the Nationwide, and my wife has one from another bank.  I can use any reader with any card and it works.  So. if I'm away from home I need only pack one, and lighten the load.

More expert opinions

Ravishankar Poonjolai

Ravishankar Poonjolai Consulting Partner at TCS

Democratization of alternative investments – Are we there yet?

Kajal Kashyap

Kajal Kashyap Business Development Executive at Itio Innovex Pvt. Ltd.

White-label Payment Gateway Software

Arthur Azizov

Arthur Azizov CEO at B2BINPAY

Blockchain vs. SWIFT: Why Traditional Systems Can't Keep Up in the Global Economy

Sonali Patil

Sonali Patil Cloud Solution Architect at TCS

Deriving Solution Choices for Mainframe Modernization on AWS Cloud

See all opinions

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Join the Community

22,234
Expert opinions
44,202
Total members
434
New members (last 30 days)
217
New opinions (last 30 days)
28,750
Total comments
Join Sign in

Trending

Andrew Ducker

Andrew Ducker Payments Consulting at Icon Solutions

How the National Payments Vision intends to shape the future of financial services

Jamel Derdour

Jamel Derdour CMO at Transact365 / Nucleus365

Accessing New Opportunities for Digital Payment Growth in India

Alex Kreger

Alex Kreger Founder & CEO at UXDA

Banks Beyond 2025: Seven Digital Banking Trends to Elevate Financial Brands

Dan Reid

Dan Reid Founder & CTO at Xceptor

From AI hype to practical adoption: Transformations in capital markets during 2024

Now Hiring

All companies

Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.

Please read our Privacy Policy.

Accept