Home / Opinions / Secure In Our Hypocrisy

Secure In Our Hypocrisy

Andy Vandervell

by

As someone who plies their trade online it'll come as no surprise that I love the Internet, and I couldn't imagine living without online shopping or, for that matter, online banking. Obviously there are dangers and we're warned about them on a semi-regular basis, but very little could ever dissuade me from regularly shopping and transferring money online.

Recently a curious package landed on my doorstep. It was from NatWest, my bank, and inside was a Card Reader. An attached letter informed me that this was to be used in conjunction with my online banking account, and that it would be required to securely verify certain actions on my account.

So, what's all this about? Well, in short it's simply meant to improve security for online banking. You don't need it for everyday use, only when you want to perform second tier tasks such as changing passwords, PIN numbers, adding Payee's and arranging Standing Orders. For the rest of the time you can log in just as you normally would, with no need to verify anything beyond knowledge of the password and PIN you created.

At first I presumed this meant that the reader was meant to connect to the PC, but having not found any kind of cable connection to allow this I was perplexed. Bluetooth? Surely not, hardly very secure is it? Indeed, I was a fair way off the scent since this device does not connect at all, it's totally standalone. Instead it generates a secure code to enter when prompted. First you insert your card, and then enter the PIN code for the card to access it. Once completed you enter a code provided by the online banking system and from this, a code is generated by the reader to verify the transaction.

It's hardly complicated, but it hasn't stopped some people complaining about it, stating some reasonable reservations and some less so. A fairly obvious, and reasonable, complaint is that you'll need to carry the reader everywhere you go. Since by design Internet banking is accessible anywhere in the world, this added step is certainly an inconvenience, especially for the business person who spends a lot of time travelling and needs to be able to transfer money wherever they may be.

But really, is it so inconvenient that one might resort to leaving your bank? For me the real problem is peoples' attitudes to security. Everyone claims to be concerned about their security, but when asked what they do to actually protect it they often draw a blank. It's this kind of attitude that recently led a House of Lords Select Committee to state that banks, businesses and other Internet organisations needed to take more responsibility for their security. So here we have a bank doing just that and getting it in the neck, how is this fair?

comments powered by Disqus