I think it may be time to leave NatWest.
They are introducing “Chip & PIN” style card readers for customers to use with their online banking service.The reader (which is apparently only used for some transactions) takes your card, your PIN and an authorisation number on screen and generates an authorisation code which must match one on the screen.
Now, NatWest claim this adds an extra level of security to online banking. I disagree. I think it adds an extra headache and a whole lot more hassle to a system which is an actual fact, pretty secure.It also means I have to carry my card reader around if (for instance) I want to do banking from work or a friend/family’s computer. And I can tell you now, I do NOT want to be carrying this thing around with me all the time.
Aside from the hassle of just carrying the thing around with you (and risking losing it), the instructions on the NatWest site are likely to confuse the hell out of most people.
So instead of spending our money on clever looking gadgets that make online banking even more complicated, why don’t they just invest it in a high profile anti-phishing campaign. Because that’s that’s the real problem here – and I’d bet good money that most NatWest customers don’t even know what phishing is.
Still – I can’t help wondering if this thing is hackable…
It’s what’s euphemistically called ‘the future’… All the banks here in the Netherlands have them. With some the ‘calculator’ is generic and you have to insert your card; with others, it’s pre-programmed for your account and you don’t need a card. It’s a bit patchy though – as an ABN Amro account holder, i need a calculator and a card to access my current account, but just an email address and password to access my credit card account.
Bah.
I thought technology was meant to make my life *easier*.
I’ve got one too, and thought much as you did, but from what I picked up in glancing at the bumph it is only used to add new payees, which is what someone trying to steal your cash would be doing if they got in. Otherwise you can do all your usual online banking bobbins without ever switching it on. I haven’t used or needed mine since it arrived a few months back.
Not sure if this will work, but heres a video of this being opened and taken apart..
okay the embed didnt work heres the link instead…
http://revver.com/watch/467867/
Ha! I’m not sure I’d want to do that with mine. Not that I’ve needed to use it yet…
i agree, total waste of time.
tried changing a standing order at work which i cant and im not returning home until next week now, which by then it will be too late!!!
in the words of natwest – “there’s another way”
Dom said “I want to do banking from work or a friend/family’s computer. ”
Well is this thing even more useful for you then ? I am sure that if your using shared computers and money started to go from your bank account you would be one of the first people to moan ? not to mention put you in a difficult situuatuion with either your friends or your company. So why no try and work with the bank when they are trying to protect you and your money ?
Any if you read the instructions, its only used when setting up certain things. I have been asked for it once.
Regards.
I agree Dom. Waste of time and another cable for your PC desk that we do not need. My password is secure and not recorded anywhere. Natwest should look elsewhere for security instead of forcing us to use this crap. Andy, if you use a shared PC then it is up to you to log out. I doubt this is of much use to Dom as you suggest, as he states he is not going to carry it about. Can you imagine asking your boss to buy one for work? Yeh right. Roll on big brother…..
Here in France we have the E-card system which is very easy to use and very secure. Why does Natwest launch this outdated uneasy to use system ?
With the E-card system, when you pay online you ask for an E-card to be generated. An E-card is the image of a credit card but it can only be used for ONE payment then it is destroyed. It gives you a card number, expiration date and security code. You just click and drag these codes into the sellers system and that’s it. It is linked to your credit card account and totally transparent for you. I never give my card number through the net and always use e-cards. If the seller does not accept the e-card system, I do not buy from him.
Andy – No one wants to make systems less secure but they should be user friendly and it is a brave step to implement a barrier to customer friendlyness whislt other banks are not.
There are smarter ways to increase security rather than issuing this cheap calculator system. More importantly the risks to security that the calculator is meant to prevent are open to abuse on the telephone banking facilty at NatWest ie if some is smart enough to gain access to someones passwords they don’t need the calculator system – they can use telephone banking to transfer the money as security is less than on the internet.
Also if money is transferred electronically surely it is not beyond the technicalities of the bank to trace it and find the person easily. Surely more easily to find a person than someone who steals a wallet in the street!
Yours frustrated with NatWest
Julian
The device is for online transactions ONLY. ie setting up DD, standing orders…. anything to do with money coming out the account. You do not need the calculator to login.
I’ve worked for NatWest, and I now work as an IT engineer. I also have more than a passing interest in crypto, security and the such, and yet I find the Natwest site is about as clear as mud.
Having taken it apart, and rather than just shredding it like the revver video, I had a poke around. There are all of 5 or 6 parts on the board (caps, a diode, some other bits), and the main IC is under the card reader itself, and pretty well covered in resin. They (understandbly) dont want anyone looking at the IC. (Security through Obscurity? )
There are some extra pads for other buttons that arent used on my Natwest one. There are also some odd contacts on the PCB: GND TEST DATA etc. This is most likely for flashing whatever IC it is during manufacture. (I’d like to point out that the presence of ROM programming contacts on the PCB was how Xbox modchips worked)
Yes, its probably hackable. What for I dont know. All it does is do some cryptotrickery that turns a number into another number via the secret in your cards chip.
Perhaps some clever Germans with an academic lab and a PhD to do would like to have a go, ja?
Natwest sent me one of these – set up for a card I didn’t have. I wrote and explained the situation but have receved no reply from “Enhanced Security Support”.
However as has been stated above this doesn’t stop me (so far!) doing anything I wish to do online.
The REAL reason to leave Natweest is not this but their rubbish deposit interest rates…..
Having just been funnelled into ordering one of these new devices, so I can transfer my savings out of Natwest (talk about ironic!) I’m glad I’m moving away from their service. I can however see more banks adopting these devices, guess it’s just a case of getting used to them.
THIS IS A VERY GOOD DEVICE. IT ADDS MORE SECURITY, I FEEL SAFER WHEN MY BANK IS CONCERNED ABOUT THE SECURITY OF MY MONEY.
BESIDES, YOU ONLY NEED IT TO ADD NEW PAYEES, WHIC YOU DO IT ONCE PER LIFE TIME FOR EACH NEW PAYEE. SO NO PROBLEM AT ALL.
The so-and-so thing won’t let you add the same payee twice or add two standing orders for one payee – most frustrating. What happens when its battery runs out at an inconvenient moment? They also sent me one for nationwide.
Where do i get one?
Well, I just opened a new NatWest e-savings account, transferred all the balance of my previous e-savings account with another bank (offering an apallingly low rate of interest) into it and, having verified arrival, want to make a payment to my current account (with yet another bank) to enable my monthly credit card bill (from yet another bank) to be paid by diect debit. What do I find? I can’t even set up my current account as a payee without having a card reader, and it could take 15 days for one to arrive. So I call NatWest and they immediately set up my current account as a payee over the ‘phone. Seems OK then? No! I then go on-line to NatWest to make a payment, select my current account as the payee and, bingo, I still can’t do it without a card reader. Credit card bill needs paying in 10 days and I doubt whether I’ll be able to withdraw the required funds from my Natwest e-savings account to fund it, so the incurring of credit card interest charges is likely. My bet is that a card reader will eventually arrive, but I’ll have no card to put in it, and the whole saga will begin again. I’ve only been a NatWest customer for 2 weeks and I’m already frustrated with them and regretting it!
As a secondary subject, it’s about time all the banks realised that we are NOT going to have all our accounts and all our savings with one bank! Maximum of £50,000 per FSCS registered bank is the order of the day, and that means current accounts, ISAs, savings accounts, fixed-rate bonds etc all thinly spread around, to make sure all your eggs aren’t in one basket. I’m already having to claim my Icesave savings back. If thsee banks really want our money, as they claim, they’ve got to start paying a decent interest rate, making it easier and quicker to set up new accounts and making them easy to operate. Easier to close, too, because they keep leaving their existing customers in a poorly-paying accounts whilst quietly opening a similarly-named account paying a better rate.
i can see from all the coments not one agree i have just received one
i donot have much money so i can manage, but for the ones who do a lot of transactions this would be a right pain if nat west paid a bit more
interest it would be more senceable than waste money on these stupid things, it make me think why i have changed banks
don’t you just love this farce of a gadjet.
I have recently come to spain for a holiday with my wife at my parents. After speaking to a Natwest advisor (before I left),I was informed that my wife and I only needed to take one card reader with us as it would work for both cards.
2 weeks into our break we needed to transfer some money from her account into my own. After being locked out I rang technical,who unlocked the card and told me to try again,I got locked out as before.
I was then advised to order a replacement card reader as this would reset the system,and use the reader the next morning.
Suprise suprise …same thing,so i rang again.
Then I was told to call telephone banking as this could be done there.After a lengthy conversation explaining the situation the advisor (telephone banking)said we cannot transfer monies because the card reader was not enabled for my wifes card,a point I had just spent a day and an evening explaining.
I was then advised it must be a card fault(although it reads her pin perfectly) and to order a new one ,which would be posted to her account address… in England!!
As we are here for a further 6 weeks I intend to take a daytrip to Gibraltar,set this all up, send Sadwest the costs..and then change banks when back home.
Left hand seems not to know what right had is doing with this stupid system.
First Direct aren't using card readers. I recommend we move our accounts.
I cannot see what all the fuss is about?
I think the card readers are brilliant, you have just got to use it properly.
I am all for it
my natwestv debit card 3d secure service has been blocked how csan i activate this service
when i want to be payment with tfl for applying student oyster card taht time me card why does not accept. provide message recover your password
could you please give me that suggestion as soon as possible how can i activated my 3d secure service with natwest debit card.
ikbal, please learn proper english.
I am taking my card reader to my local branch in disgust. It doesn’t have bluetooth or USB so how can it communicate at a till to make a payment? Or help you online? It is meant for online purposes only, the purpose of the card reader being that it just tells you a few numbers. Natwest wants everyone to mess-up their cards so nobody can get money out of the ATM machines, thus making them richer.
It is just a pointless little gadget to have that serves no real purpose. It’s a bit like those old handheld “barcode battler” gaming thingies. What’s the point?!
I used to be a natwest account holder, until having a lack of one of these card readers cost me an overdraw fine of nearly £30, after 2 years, and still charging me £30 a month, I owe them quite a lot that they are NEVER getting from me.
My dad, recently disabled, is with Natwest, and I have sorted him out a pc and internet to do his banking, guess what, he cant physically use the card reader, let alone a phone for phone banking, he has now ended up in the same boat, charges after charges.
Besides, it's a complete false sense of security, it's now easier to mug/steal from someone, take their card, buy a card reader for £150, play with it a little, and clone cards/withdraw cash etc etc…
I'm not saying it's pointless, because maybe it stops 2% of fraud or whatever facts they decide to make up on their behalf, which is better than nothing. But as people have said, surely it is better to spend that money on something a little more usefull! At the moment, just to log in you have to know date of birth + a 4 didgit pin, then, a second 4 digit pin, and then a password of your choice, and then you choose random numbers from thos pins and input them!! I mean, wow! who the hell is going to have a PC capable of crunching those numbers in the next 10 years.. Not unless youre stupidly rich and have whole processor farms and a huge cellar/basement!
Yup, get rid of it Natwest, please…………..