Cookie policy
Follow this topicFollow this topic Knowledge » Current accounts

Online banking security is going too far!

John Fitzsimons
by Lovemoney Staff John Fitzsimons on 31 October 2011  |  Comments 37 comments

Banks are introducing new features to improve the security of their online banking services, but are they over the top?

Online banking security is going too far!

Like many people, I do almost all of my banking online. I like to check my balances every couple of days, perhaps move some money between accounts, pay off my credit card bill, all that sort of fun stuff.

And that involves memorising lots of different user numbers and passwords. To their credit, banks have made it far harder to get into their online banking systems, in order to protect their customers. Gone are the days when all you needed was a date of birth, a mother’s maiden name, and perhaps an account number.

Obviously it’s a good thing that banks take banking security seriously – it’s no fun discovering that some fraudster has found their way into your account, and made off with your hard-earned cash.

However, there is a danger that some banks are going a little too far with their measures, and making online banking much more difficult for their customers.

HSBC

I’ve had an account with HSBC since I was at secondary school, and kept it when I switched to Santander last year as a back-up (given Santander’s terrible reputation). So earlier this year I was sent my new ‘security key’, a credit-card-sized device, that resembles a mini-calculator from the 1980s.

It generates a unique PIN each time you want to log on to your account.

The trouble is, it’s yet another thing to carry with you at all times, just in case you need to log on. And the key has taken a kicking from a number of customers, to the point that even Facebook groups have been set up calling for its removal.

Smile

A little while ago, I decided that even though I had no real complaints with Santander, it was time to try another bank. And given its excellent performance whenever we poll readers on the best current account providers, I decided to give Smile a go.

And lo and behold, last week what should fall through my letter box but another device that looks suspiciously like a mini-calculator. Again, a pin will be generated which I need to input online when I want to make a transaction.

These are just two banks which have adopted these devices – Royal Bank of Scotland, Barclays and Nationwide, among others, also use them.

And while I’m pleased that the banks I use take the security of my money seriously, I can’t help feeling these things are a bit over the top. For starters, they are a pain to carry around all the time, particularly if, like me, you have more than one account in use at any one time. And while they are shaped like a credit card, they are far thicker than a card, to the point that you can’t exactly keep it in your wallet.

So what do you think? Are those irritated by these gadgets just overreacting, finding something to moan about which is actually designed to protect them? Or are they right that the whole point of online banking is convenience, and gadgets like this can seriously impair that convenience?

Let me know what you think below.

You can monitor all of your accounts in a single place by making use of lovemoney.com’s innovative Tracker tool.

Enjoyed this? Show it some love

Twitter
General

Comments (37)

  • Steviebaby1959
    Love rating 28
    Steviebaby1959 said

    It's only YOU that can make that decision, do you want to be faffed around by all of these gadgets, but, know that a hacker won't be able to gain access to your account quite as easily as before, OR, make it dead simple for hackers because you can't be bothered to carry a few extras around with you because it's inconvenient.

    It's your bank account, how important is it to you??

    Report on 31 October 2011  |  Love thisLove  0 loves
  • hassettp
    Love rating 0
    hassettp said

    I don't find carrying something the size of a small calculator a problem.

    You may be able to use the same reader with different banks. The Tesco and Barclays readers work interchangeably, some of the keys have different names.

    I find ICICI bank the most unfriendly to sign into as they disable the paste facility (I keep my security details in a password protected spreadsheet and copy the relevant details into the logon screen.

    Report on 01 November 2011  |  Love thisLove  0 loves
  • electricblue
    Love rating 643
    electricblue said

    Barclays sent me one of the stupid calculator thingies and I no longer use them for online banking. Too much hassle. USA banks have different types of online security where they generate an image so you know you are on the genuine site, plus a few other log-in methods which seem to work pretty well. The only bank I now use for online stuff is Bank of America.

    Report on 01 November 2011  |  Love thisLove  0 loves
  • d0nnyoz
    Love rating 5
    d0nnyoz said

    Personally, I think they are a very good idea and ensure the highest level of security for your online bank account. I'm sure you would be moaning the other way if you simply had a logon like username and password and your account got hacked!

    And almost all of these devices have the same technology in them so they are all interchangeable. Some of them even recognise a different card in them, like putting a Barclays card in a NatWest reader, it pops up and states "Barclays"!

    What this means is that you can have one at home and one at work say.

    I bank with Santander (and actually get a great service with them!) and they don't use these devices which I'm a little pleased with but that's because I'm pleased with the info I need to logon.

    Report on 01 November 2011  |  Love thisLove  0 loves
  • diz1rob
    Love rating 0
    diz1rob said

    For those who don't like the heavy device , why not try ING Direct. They have a system whereby instead of punching numbers on your keyboard for your password you click on the individual numbers in a matrix of numbers on the screen . The matrix changes each time you log on. With their other identification requirements that sems a very good system.

    Report on 01 November 2011  |  Love thisLove  0 loves
  • isobelsgrandma
    Love rating 35
    isobelsgrandma said

    I, too, have a Santander account with which I have had no problems. Their log-in process is relatively simple but they have recently changed so that you must have a mobile phone to receive a code to be employed if you want to make a larger than usual payment which seems a brilliant idea to me (as long as you have a mobile - I do know people who haven't but they probably don't use internet banking either!). It's a sad fact of life that criminals are getting ever more resourceful in their efforts to obtain our personal details necessitating, apparently, the sort of irritating measures that John is complaining about although, if these devices are interchangeable, I can't help but wonder how secure they are!

    Report on 01 November 2011  |  Love thisLove  0 loves
  • riblo123
    Love rating 18
    riblo123 said

    More security the better IMO. The banks would be accused of indifference if they did not try to keep one step ahead of the fraudsters.

    More worrying is your choice of bank John. Been through all the majors. Without exception every one tried ripping me off with extortionate charges.

    Have been with the Nationwide for 20+ years

    Report on 01 November 2011  |  Love thisLove  0 loves
  • Mike10613
    Love rating 599
    Mike10613 said

    I use pin sentry with no problems. They will let you use the one in the bank and you don't need it at the ATM. It's just for online banking which most people do at home. There is no reason to carry them around with you. If you do you banking in your employers time or on your smart phone to check whether you have enough money for the weekly shop; you could have a problem. I like the security but dislike the "membership number" which I have to enter as well as the last 4 digits of my debit card and the pin sentry number. We want secure but not complex. I find the log in to Zopa secure but simple.

    Report on 01 November 2011  |  Love thisLove  0 loves
  • jenc
    Love rating 1
    jenc said

    Santander have just changed me to a system where EVERY transaction requires a code to my mobile phone - so if I lose ir?????

    Report on 01 November 2011  |  Love thisLove  0 loves
  • teafoo
    Love rating 47
    teafoo said

    Security is good.

    What concerns me (with HSBC for example) is if I go away and forget to take my Security 'Card' - how do I access my account then?

    My Natwest account requires a security pad for new payments, but also they notify me by text to my mobile of new payments etc.

    Overall, I think it must be good.

    Report on 01 November 2011  |  Love thisLove  0 loves
  • isobelsgrandma
    Love rating 35
    isobelsgrandma said

    @riblo123 So you haven't actually tried any of the major banks in over 20 years. Nationwide is actually a building society and I'm still waiting for them to even acknowledge my complaint, concerning their ineptitude over my late parents' estates and the consequent loss of interest, which I sent in July.

    Report on 01 November 2011  |  Love thisLove  0 loves
  • croconoll
    Love rating 1
    croconoll said

    I have been with Barclay's for 50 years, and i have been doing online banking for at least 5 years, since the introduction of card devices I feel a lot better protected.

    The size is quite compact and when away i put it in to my laptop case, I can not say it has ever been a problem.

    I was told that one could use another banks device is you did not have yours at hand,

    as these little gadgets can generate different numbers every time i think that how clever that is, I still have not fathomed how it works yet, as the mind boggles.

    Report on 01 November 2011  |  Love thisLove  0 loves
  • PeterM42
    Love rating 3
    PeterM42 said

    If these card devices are anything like the ones with "buttons" that you had to enter a PIN on that Logica used to dish out to employees for accessing systems remotely, they will soon break down and need replacing. They had to convert to a slightly different technology using keyfobs with no buttons on them.

    Try going back to Santander, their security seems pretty good and the website is excellent.

    Report on 01 November 2011  |  Love thisLove  0 loves
  • rabb5it
    Love rating 13
    rabb5it said

    I've used cahoot for the last 13+ years since it started. Excellent, highly recommended. Don't need a card reader, never a problem. They helped me quickly when an ATM didn't deliver & when I made a large transfer they phoned me to verify it.

    Report on 01 November 2011  |  Love thisLove  0 loves
  • Quarket
    Love rating 25
    Quarket said

    I have to disagree with most commentators on here. It used to take me about 15 seconds to log on to my bank account before PIN sentry came out, but that time increased to about a minute and much longer if I wanted to check something in work because my debit card is normally locked away in a locker some distance down a corridor. This is one reason why I switched from Barclays to Santander, but Santander are now asking me to receive a pin via text message if I want to pay someone new. I don't mind this too much because I only pay someone new about once a year whereas I log on to my account about 100 times a year. If Santander ask me to use PIN sentry or a text message for every transaction as someone suggested, I will be looking around for another bank account.

    Report on 01 November 2011  |  Love thisLove  0 loves
  • farehamshortie
    Love rating 3
    farehamshortie said

    So the HSBC device is required just to log onto your account and you can use other banks devices to generate the required PIN. Can someone explain how the technology works that makes that secure ? Baffles me.

    Like jenc I bank at Santander and they send a pin to your registered mobile anytime you make a transaction on your account. That seems plenty secure enough to me and enables me to bank wherever I am as long as I have my mobile with me.

    If I did not have my mobile I definately would not have the pin creator that HSBC requires me to have just to access my account.

    Report on 01 November 2011  |  Love thisLove  0 loves
  • mikepreece
    Love rating 2
    mikepreece said

    I dont have a problem with these card reader, but I do have a problem that each bank uses it own reader, and you cannot interchange these between banks.

    Why cant they get together to create an industry standard, and have just one card reader for all banks? It would be cheaper than them all having to send a card reader to every client, better for clients as they only have to carry one reader, and kinder to the environment.

    Or how about a mobile app that generates a unique code (like Google have done for their 2-step verification which works really well), which would stop the need for having to carry any card readers.

    Report on 01 November 2011  |  Love thisLove  0 loves
  • Talent
    Love rating 77
    Talent said

    My Spanish Unicaja bank, after inputting a 10 digit unique number to start, uses a alpha/numeric on screen matrix for online login. The matrix layout changes every time you go to login. Also, during your online banking session, some processes require you to refer to a security card that is unique to you. It is issued with your bank card and the same size. It is a 8 x 8 alpha/numeric matrix with 64 random 3 figure numbers. You are asked, for example, to input the number that is in position F6. It works well. You can photocopy it to keep in your wallet or keep as an attachment in your email. Simples.

    I recently had problems with my First Direct account. My internet went down around midnight so I decided to try phone banking. However, I hadn't used phone banking for two years or more. It was a poor connection from my mobile, I don't have a landline, the guy was talking too fast and we were asking each other to repeat. I should have given up then. I made a mistake with the password and got locked out. I was told to write in! Before you ask, I hadn't imbibed that evening.... Next day in my Unicaja branch I managed to persuade First Direct who I was, after getting them to phone Unicaja. Full marks to First Direct although the episode took over an hour and the Spanish bank lady was having trouble deciphering the Scots accent of the First Direct lady!

    Report on 01 November 2011  |  Love thisLove  0 loves
  • ameslyne
    Love rating 2
    ameslyne said

    Like Mikepreece, I, too, have no problem with card readers. Why does anyone want to carry them around with them? Why not be organised enough to do all your banking at home, and leave the wretched thing there? What is it with "Apps"? My phone is an elderly one that doesn't have all the bells and whistles, so can't access these modern wonders even if I carried it with me all the time. I think we are becoming too attached to all these gadgets, useful though they may be. Common sense seems to have flown out of the "export box" in our brains.

    Report on 01 November 2011  |  Love thisLove  0 loves
  • richardbattell
    Love rating 2
    richardbattell said

    Even worse to my mind. My wife and I have a joint HSBC current account and we are only allowed to have one password generator. This in effect stops one of us from using our account. Who should carry it - husband or wife. Currently if I want to use bank account, I telephone my wife and she generates the password. We are currently deciding which bank to move our fortune to. Goodbye HSBC

    Report on 01 November 2011  |  Love thisLove  0 loves
  • excrofter
    Love rating 10
    excrofter said

    As a single user of my HSBC account, I am delighted with the new password generator, I do understand the criticism if 2 people want to use it at the same time, but HSBC are really taking security seriously. Well done, I have been a private & business customer for about 40 years now. Why change to another, probably less reliable, bank?

    Report on 01 November 2011  |  Love thisLove  0 loves
  • Ian L Jamieson
    Love rating 5
    Ian L Jamieson said

    I think that anything that gives more protection is welcome. OK, so these devices might be a nuisance, and take time, but they are surely better than the inconvenience and worry associated with having one's account accessed by a hacker.

    Report on 01 November 2011  |  Love thisLove  0 loves
  • yashdra
    Love rating 2
    yashdra said

    First it is an extra unit to look after it,need to keep it safely at home or pocket. On top of that,need to be pretty fast in entering the figures from the card reader to the screen or else it logs off.

    Report on 01 November 2011  |  Love thisLove  0 loves
  • Jean2468
    Love rating 0
    Jean2468 said

    I find these security devices very reassuring and likewise have no problem with just using it at home - I'm always wary about banking online elsewhere - and you can always check your balance on an ATM. Unlike richardbattell my partner and I have individual devices with our HSBC joint account. One suggestion I would make is that you could choose them in different colours - we have 4 in our house and it can get confusing. My HSBC business account has a small oval device with a single button which is very easy to use.

    Report on 01 November 2011  |  Love thisLove  0 loves
  • rbgos
    Love rating 81
    rbgos said

    With RBS you only need to use this device when adding a new payee to your account. You don't need it to log on, pay money to anyone you've paid in the past, transfer money etc. etc. For the couple of times a year I add a new payee to my account, this isn't too much of an imposition. And it does mean that, if anyone did ever successfully phish me, they still couldn't pay money to themselves out of my account (at least not without also stealing my card AND knowing the PIN).

    Report on 01 November 2011  |  Love thisLove  0 loves
  • rbgos
    Love rating 81
    rbgos said

    Oh, and another thing - you only need one of these things. My Barclays card-reader works fine with my RBS account, and vice versa. So if you have multiple accounts, you only need to keep one card-reader around.

    Report on 01 November 2011  |  Love thisLove  0 loves
  • UpHillAllTheWay
    Love rating 38
    UpHillAllTheWay said

    Folks!

    A lot of people are referring to a card reader, but it isn't a card reader that we're talking about. And it certainly isn't heavy! It's a little gadget, like a small calculator, with keys on it like a calculator. You don't put anything into it physically - you just type a number on it.

    The way it works, it has a timer in it (like a watch), and when you want to log into your bank, you type your PIN into the device. Let's say your PIN is 123456 and the time is 12:42:40. It then adds the time of day onto the end of your PIN, like 123456124240, and encrypts the whole lot, using an algorithm that produces an unpredictable six-figure number, which it displays. If you were to type your number in again after 10 seconds, it would add a different time onto the end, because the time changes every 10 seconds, and the encrypted number that it produces would be TOTALLY different from the previous one. You then read this number and type it into the security box on the bank's login web page.

    Back at HQ, the bank computer is running the same algorithm, and knows your PIN, so it comes up with exactly the same encrypted number as your little calculator card did, so it knows this is really you. If anybody was to intercept that number, they would have to use it within 10 seconds, or it would be useless to them.

    When HSBC sent me a card, I told them I was going to close my account. If I need to log into my account when I'm out of the country (which is a time your balance is most at risk from overspend and/or abuse by somebody taking your debit card etc), then I have to remember to carry the little device with me. It's a bigger hassle than carrying something in my head, and of course, it is as prone to being lifted as my card is - especially as it is likely to be in the same wallet. Even at home, I can lose the damn thing, and find it two days later in the bread bin or between the cushions on the sofa.

    Report on 01 November 2011  |  Love thisLove  0 loves
  • diwali
    Love rating 0
    diwali said

    The HSBC card is a pain. All my banking is done on line and I travel a fair amount.

    I dread finding myself in a foreign country having forgotten my card. The least they could have done was make it wallet size; for now it is attached to a large key fob since it is small enough to 'disappear' down the side of an armchair or sofa. Maybe one day we can have fingerprint scans on an iPad (which travels everywhere with me) or such like.

    Great post by UpHill by the way.

    Report on 01 November 2011  |  Love thisLove  0 loves
  • leah AKA global leah
    Love rating 21
    leah AKA global leah said

    I do a lot of online banking myself, same as a few people commenting on here, but I don't use the card reader each time, (I'm with Barclays) They do have a section that you can go on without having to use the reader.

    My thinking is if you're out and about, you should have checked your balance in the first place, so you know how much "floating" money you have. That way, you won't/don't have to carry the reader with you.

    As for the size of a calculator, I would/do feel a lot safer knowing my bank is doing everything they can to ensure my security IS secure.

    Report on 01 November 2011  |  Love thisLove  0 loves
  • jedi44
    Love rating 31
    jedi44 said

    I have had one of these devices from Nationwide for some time and occasionally get annoyed when my reader is on my desk upstairs and the card is in my purse downstairs. However, I do think they are an excellent security measure. I don't need it to log onto my account to check details or to transfer between Nationwide accounts. I only need it when I want to send money out of my accounts, which is what hackers are obviously trying to do. This is not the sort of thing I suddenly decide to do when I'm out and about so have no need to carry the device around.. I pay my bills or organise savings transfers safely tucked up at my desk.

    Report on 01 November 2011  |  Love thisLove  0 loves
  • thanet04
    Love rating 13
    thanet04 said

    Uphillallthe way is soooo wrong.

    I bank with lloyds & have one that you slide your card in and it generates an eight digit number after you input your PIN.

    I wondered what would happen if I made a note of the number generated and then repeated the procedure again what would happen. The second, and subsequent numbers are higher than the previous. If you input them when you log on in the correct order, they last forever. if you go out of sequence you cannot go back to an earlier one. I do this when I go away on holiday so I can check my balance.

    Be warned that this will not work if you want to make a transfer, unless you know the details of the amount in advance & as I can book online upto 30 days in advance, it's not a problem. And if anyone finds the numbers they are of no use at all to them.

    Report on 01 November 2011  |  Love thisLove  0 loves
  • Charley316
    Love rating 2
    Charley316 said

    I have my business account with Santander, and I think they've really got the security side right. You have a number, which is different to your account number, which can be kept in your computer's memory. You then have a password and a 5 digit security number, both of which you can choose yourself.

    That's all you need to log in, check your accounts, pay bills to people you have registered on your account. However, when you come to make a payment to an account you haven't paid into before, the system texts you a one-time pin code on your mobile to input. Instead of an extra device to carry around, it uses your existing mobile phone. It's secure, but also user-friendly.

    Report on 02 November 2011  |  Love thisLove  0 loves
  • unsworthsteve
    Love rating 22
    unsworthsteve said

    You are lucky if you have only one HSBC security fob. I have my own HSBC account in the UK and another country and I look after my Aunt's financial affairs on an HSBC UK business account. Result 3 different random number generating gizmos - they may be a global bank but they are still really operating mostly locally!

    Noone mentioned that HSBC also hassle you into installing the security software programme Rapport - which feeds on your CPU at start-up.

    All very annoying but I tolerate it in the interests of not risking my money. If you are a laptop user putting the gizmos in a pocket of your laptop bag makes it no sweat in having your details to hand whenever you want to use the laptop (but probably reduces your security marginally). If I had inconsequential amounts in the bank I would be looking for lighter touch operators. Some are mentioned here - I will add Egg, which is the only site of many I know where, having fixed their username in the memory of your laptop you simply need your mothers maiden name and your own memorable word. Most of the others now require at least two memorable codes/passwords.

    Report on 02 November 2011  |  Love thisLove  0 loves
  • As Good as it Gets
    Love rating 0
    As Good as it Gets said

    My Mother is 83 and a true 'Silver Surfer', she does almost everything online including her banking with HSBC. She had no problems at all until the new pin machine arrived. I came over to set it up for her and immediately we had a problem with it timing-out before she could enter her 6 digit number. OK she has slightly arthritic hands but that has never stopped her being able to use a keyboard or push keys up until now. A call to HSBC revealed that all of their older customers have been having the same problem and the bank has in fact come up with a solution - an oversize keypad. I asked if it would have the same time-out lock on it and she said - probably!

    As for Rapport I have also found it to hog memory and cause slow start ups on my Mothers laptop so I set it not to start on start up. It also seems to keep quite large log files on any security activities it deems necessary and these should be viewed and deleted when prompted to do so by the program especially if you are running low on hard disk space.

    Report on 02 November 2011  |  Love thisLove  0 loves
  • Jeremey23
    Love rating 2
    Jeremey23 said

    I can't say I like these device but by a happy accident I discovered that my Barclays and Nationwide devices can be used for either bank. Thus I only need to carry one of them to use on all my accounts. Worth a try for people who use multiple banks - the worst that could happen when you try it would be that the device cannot read your card.

    Report on 02 November 2011  |  Love thisLove  0 loves
  • Aquin
    Love rating 0
    Aquin said

    I agree carrying this gadget with me is not a viable option if mobility is an issue for you. I've seen a bank in Europe sending out a transaction code to your dedicated mobile number just before remitting the funds. The code has a limited validity. Even your 83 year old mother doing online banking might use a mobile. So you don't need an additional gadget. And it's not a compromise to your online security.

    So I eventually I would question your headline. It's not security that goes too far, it's user-friendliness that misses out.

    Report on 15 November 2011  |  Love thisLove  0 loves
  • philipwalduck
    Love rating 3
    philipwalduck said

    I use online banking with barclays using the pinsentry systme and I dont really have a problem as i can also use a natwest device to generate the 8 digit pseuodo-randon code which is based on your PIN and the time of generation. the Barclays system uses the last 5 digits of your card as well. I keep my card reader on the armchair next to my computer but if i know I'm going to log in to online banking somewhere else I usually take the reader with me in my jacket, yesits not the smallest of item but its no heavier than a mobile phone chargerwhich most smartphone users carry with them if they are going away for a time. The major problem I have with barclays and logging in to the online service is remembering the membership number!

    Report on 15 November 2011  |  Love thisLove  0 loves

Post a comment

Sign in or register to post a reply.

Related content

Our top deals

Provider & account name Credit rate (AER)
Based on £1		 Overdraft
rate
Based on £1		 Apply
now

Santander 123 Current Account

0.0% 0% plus £1.00 per day usage fee Apply

first direct 1st Account

N/A 0% Apply

Nationwide BS FlexPlus

3.0% 0% plus £0.50 per day usage fee Apply
W3C  Thank you for using CGWEBLIV3